Page 2 of 2
Posted: Mon Apr 15, 2002 3:06 pm
by Mr Sleep
Originally posted by Mr Flibble
Actually the easiest way to do check what's happening on startup is with a program called msconfig. You can get to it from the run option on the start menu. This will show you everything that is being run from autoexec.bat, config.sys, win.ini, system.ini and the registry 'run' and 'runservice' sections. Deactivating commands is as simple as removing a tick from a selection box, so you can go through all the startup files and take out what you don't want. If you find anything to do with that nomouse program, just un-tick it and restart.
Yes, indeed, but it doesn't show Runonce and things like that, if it is indeed a virus it might be hiding itself, i was just running on a hunch
Posted: Mon Apr 15, 2002 3:12 pm
by Mr Flibble
Originally posted by Mr Sleep
Yes, indeed, but it doesn't show Runonce and things like that, if it is indeed a virus it might be hiding itself, i was just running on a hunch
Good point.
Posted: Thu Apr 18, 2002 1:42 pm
by Jon de Souza
Ok, latest update. I went into msconfig and stopped a few programs loading on Start Up but that doesn't seem to have helped. Of course, I may have just disabled the wrong programs but I didn't want to fiddle with anything that I wasn't sure about. There was nothing there though that referred to NOMOUSE.
How do I go about using registry editing - I'm up for following that hunch?
Jon
Posted: Thu Apr 18, 2002 1:52 pm
by Jon de Souza
Just to let you know, I've opened regedit to have a look and did a search for NOMOUSE. I got a selection of results with two columns, name on the left and data on the right. The left column has a selection of numbers and the right seems to contain various files. Included in the search for NOMOUSE were the following:
001 nomouse
002 msconfig
003 run32
004 NIL32.dll
005 MSVCRT40.dll
The list goes up to 013 in all.
Jon
Posted: Thu Apr 18, 2002 1:55 pm
by Mr Flibble
Be careful with this one.
Run a program called regedit from the run command on the start menu. On the left-hand pane you should ba able to see six different groups that will look like folders from windows explorer. The registry keys you're looking for are:
HKEY_LOCALMAHINE -> SOFTWARE -> MICROSOFT -> WINDOWS -> CURRENTVERSION
Under this section you'll find three entries called RUN, RUNONCE and RUNSERVICES. Selecting any of these will show you the contents on the right-hand pane. Each entry has a brief description and a path to the fil eit activates, so you should be able to figure out what each one does. You can then highlight any of the entries on the right side and delete them.
I'd recommend backing up the keys before you delete them. By highlighting the key on the left side, go to the file menu and select export. This will create a copy of the key if you want (or need) to add it back.
Posted: Thu Apr 18, 2002 1:57 pm
by Mr Flibble
Originally posted by Jon de Souza
Just to let you know, I've opened regedit to have a look and did a search for NOMOUSE. I got a selection of results with two columns, name on the left and data on the right. The left column has a selection of numbers and the right seems to contain various files. Included in the search for NOMOUSE were the following:
001 nomouse
002 msconfig
003 run32
004 NIL32.dll
005 MSVCRT40.dll
The list goes up to 013 in all.
Jon
What was the full path to these entries? Windows records basically everything in the registry, including searches for file names you've done lately.
Posted: Thu Apr 18, 2002 3:25 pm
by Mr Sleep
My reccommendation. Format and start again
The easiest way to tell whether it is a virus from my experience is if there is a reaccuring file of some kind that can not be explained.
Personally i would be tempted to remove one of those keys that you know you don't need for a program and see if it comes back, it would definately suggest something.
BTW have you any real problems with other programs?
Posted: Thu Apr 18, 2002 3:35 pm
by Jon de Souza
Originally posted by Mr Flibble
What was the full path to these entries? Windows records basically everything in the registry, including searches for file names you've done lately.
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Explorer Bars/[Long character string]/FilesNamesMRU
and also
HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer/ComDlg32/OpenSaveMRU/DLL
Jon
Posted: Thu Apr 18, 2002 3:59 pm
by Mr Flibble
Originally posted by Jon de Souza
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Explorer Bars/[Long character string]/FilesNamesMRU
and also
HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer/ComDlg32/OpenSaveMRU/DLL
Jon
This is something that has buried itself in your system quite deep. Mr Sleep may be right about the reformat option. Delete those entries and see if that fixes the problem, otherwise I'd also recommend reinstalling windows.
Posted: Thu Apr 18, 2002 4:15 pm
by Mr Sleep
Originally posted by Jon de Souza
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Explorer Bars/[Long character string]/FilesNamesMRU
and also
HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer/ComDlg32/OpenSaveMRU/DLL
Jon
Do you accept email on this computer, there might be an easy way to check if it is a virus, go to your outlook and look for any unexplainable emails with attachments. I don't mean to sound patronizing, but it is worth checking. Also make sure you have preview pane turned off and you use the message source route otherwise you risk re-infection.
Pretty much what Mr Flibble said is sound advice
How much data do you have on this PC? There are security issues involved with re-formats of a possible virus infected machine such as write protection on back up disks etc.
Posted: Fri Apr 19, 2002 1:32 pm
by Jon de Souza
I do accept e-mail so I suppose there is a chance I could have read a message with a virus by accident. I do take precautions though. It seems odd though that I'm not suffering problems with any other programs. Do viruses ever just work on one program like this?
I take it if I re-format I lose everything on my hard drive don't I? I have about 3.5 gigs of stuff on there that I don't want to lose and no cd-burner unfortunately. Not quite sure what to do now. I thought I'd been really careful about viruses etc.
Jon
Posted: Fri Apr 19, 2002 2:15 pm
by Mr Sleep
Originally posted by Jon de Souza
I do accept e-mail so I suppose there is a chance I could have read a message with a virus by accident. I do take precautions though. It seems odd though that I'm not suffering problems with any other programs. Do viruses ever just work on one program like this?
I take it if I re-format I lose everything on my hard drive don't I? I have about 3.5 gigs of stuff on there that I don't want to lose and no cd-burner unfortunately. Not quite sure what to do now. I thought I'd been really careful about viruses etc.
Jon
It is actually possible it isn't a virus, sometimes things corrupt over time. It could be that TOB has installed to a bad sector on your hard disk... actually thinking of that if you go into scandisk and put it on standard. Then go to options (advanced or whatever it is) and make it check everything, there are a few options that are not on as standard. You might have some cross-linked filed that could be causing a problem.
Don't format yet, i thought this was a games machine only, if you can continue on otherwise then don't format.
Have you checked the known issues on Bioware or any of the technical FAQ's on their site. It might be TOB specific.