Alert question

Hello Everyone

Upon doing a scan with TDS3 the report was basically everything was OK except
- Alert - File has changed : C:\WINDOWS\win.ini
- Alert - File has changed : C:\WINDOWS\system.ini

Now when we look at win.ini and system.ini via msconfig what are we supposed to look for? Nothing is obvious as being wrong but it would take quite some time to check both those ini files completely. What did we miss?

Thank you for your assistance.

 

Hey Q,

The most important things to check are the

Load=

and

Run=

statements in the win.ini. Anything on the same line as those (assuming there is no "rem" or ";" at the start of that line) is set to start automatically when Windows launches.

 

Hello David

In the win.ini we have no Run & Load in the left column. See screenshot.

 

List continued

 

Now seems like a good time to add another weapon to your arsenal ...
Autostart Viewer is available for free at http://www.diamondcs.com.au/index.php?page=asguard
It shows you all programs that have the capability of autostarting before and after Windows loads

Best regards,
Wayne

 

Hello Wayne

Sounds good but tried to get it in April and it would not work. Just now deleted it and re-downloaded it. Still no go. Do you have any ideas? We get a popup that says, "Cannot find the file 'asviewer (or one of its components). Make sure the path and filename are correct and that all required libraries are available."

We do believe we possibly have an ActiveX problem as SpywareGuard has a runtime error 429 (something about ActiveX unable to create object). All else seems to be running correctly.

 

Not sure about the the ASViewer problem you are having but the stuff you showed was not the win.ini but merely msconfig's parsing of win.ini. If you do a file search for win.ini and open it it up in notepad.exe you will see what I mean. I am not too familiar with msconfig so I am not sure where it would "put" the statements I mentioned but my guess would be in the "programs" section.

Hope this helps,

Dan

 

On further thought...

the issue with AutoStart Viewer is puzzling since it is only a single executeable. I doubt ActivX has anything to do with it but perhaps some other security software is interfering (maybe SpyWare guard?). ASViewer is a very handy tool so I would recommend you try to temporarily exit from other software to see what is the point of "obstruction".

Regards,

Dan

 

These were right at the beginning of the file (as found in C:\Windows)

[windows]
load=
run=
NullPort=None

So that does not seem to be a problem but something had changed. We doubt there is a trojan or virus or malware in the computer just now. We have been doing a considerable amount of downloading (updates etc.).

 

Hi QSection,

sometimes this appears if you have done a Windows Update for example. Just check it throughly when it appears, but when you are sure that you have installed something which needed to restart it's probably that one.

Regards,

Patrice

 

It really seems like it would be a great idea to learn which libraries are required for Autostartviewer.

Thank you.

 

Hi QSection,
I unzipped the ASViewer in a folder created for that and ran it from the same place, or from there a shortcut to the desktop, no libraries missing here....... There is nothing to install, just run the file.

 

It may be different for Win98 but for Win2K the dependencies seem to be

advapi32.dll
comctl32.dll
comdlg32.dll
gdi32.dll
kernel32.dll
ole32.dll
oleaut32.dll
shell32.dll
shfolder.dll
user32.dll

 

4dmain.exe (mouse program, can differ)
asviewer.exe
windows\system:
4dhook32.dll
comdlg32.dll *
shfolder.dll *
comctl32.dll *
shlwapi.dll
msvcrt.dll
oleaut32.dll *
ole32.dll *
user32.dll *
gdi32.dll *
advapi32.dll *
kernel32.dll *

This is what i get via TDS looking in Process list and the modules behind the asviewer
The * are the same in Dan's list, running win98SE too.

 

Hey Jooske,

If I am not mistaken that list equates to what modules the process has open, but as the presence of your mouse modules indicates, this doesn't necessarily indicate any dependency (as I am sure you are aware). I got my list by using the Faber Toys "examine file" function on the asviewer.exe and listed the ones shown in the bottom left "Imported Modules" window.

 

Thanks Dan
Hello Jooske

Well we did a check to make sure we had all the files mentioned and we do. So that leaves two possibilities, right? Either one or more of the Windows files are corrupted or there is a conflict with some other program. Any further suggestions? BTW - Start>Run>asviewer does not do anything.

 

Hi QSection,

Could you once start Windows 98SE in Safe Mode (press F8 during startup) and try to load Autostart Viewer then? When you start up Windows in that mode, all other processes and libraries are not started -just the Windows components are started. Then you know if it's a Windows problem or an incompatibility with another software on your computer.

Best regards,

Patrice

 

Hello Patrice

We tried Safe mode and its a no-go with Start>Run>asviewer as we got the same popup as listed above. Tried Explorer>Program Files>Autostartviewer>asviewer.exe and it worked. Next we will try stopping programs one by one from the Task Manager. We will get to the bottom of this yet!

 

No matter where you extracted the download, i did in a special folder, there is a file asviewer.exe
You might like to create a shortcut to that on your desktop.
Doubleclick the thing and it should just run.
Or dig via windows explorer for the file and click to run it as you did and it is the same effect.

 

Dear Jooske

We already had a shortcut and that was the first place we tried. It did not work. Did? Ha we found the problem. We tried the Taskmanager delete one at a time routine and when we closed the second program we found the answer. We had a program that was not yet in Beta stage and closing that did the trick. (We restarted the first program) Now Autostart Viewer works perfectly. What was that second program you say? It was Spybot S&D Resident (Beta). This is NOT the same application found in Spybot S&D>Tools>Resident. That last one is alright and should be used if one has Spybot S&D.

Thank you and Everyone for the assistance.

 

Ah, it was a pathing issue.

If you prefer to run it from the Start-Run command you will need to place the single exe somewhere in your PATH such as in the root of your windows folder