Re: Unknown command in System Config Utili/startup

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "Wesley Vogel" <123WVogel955@xxxxxxxxxxx>
Date: Sun, 30 Apr 2006 11:21:53 -0600

ATCSMike,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
(Default) should be listed as (value not set) and should be REG_SZ.

Open a command prompt...
Start | Run | Type: cmd | Click OK |
When the command prompt opens, type this command...

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Hit your Enter key.

Compare what's listed from that command to what you see in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
using regedit.

There is a flaw in the Registry Editor that hides entries longer than 254
characters.

[[Extra-long key entries (those greater than 254 characters) are mishandled
by the Windows registry editor, and essentially "disappear" from view, as do
others added to the key after that because the editor stops at that too-long
key, thinking it is the last in the section.

Worse, many malicious code scanners have a similar blind spot, and also stop
processing the registry for anomalous entries when they come to a too-long
key.

The technique would let attackers add their malicious software to the "Run"
registry key (at
"HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run") which
lists the programs or components that automatically launch at Windows' boot.
Typically, worms post changes to the registry there so that they run at
Windows startup; anti-virus and anti-spyware scanners often look for these
unanticipated changes to the registry to detect fishy activity. ]]
from...
Windows Flaw May Let Hackers Hide Code From AV Scanners
http://www.techweb.com/wire/security/170100835

reg query can find entries longer than 255 characters.

HiJackThis v1.99.0.1 will search the registry for values greater than 255
characters.

Update your antivirus software and run a full system scan.

Update whatever anti-spyware applications that you have and run a full
system scan with each one.

You might need to start in Safe Mode to run your antivirus and anti-spyware
software.

Running a full system antivirus scan or anti-spyware scan in Safe Mode can
be a good idea. Some viruses and other malware like to conceal themselves
in areas Windows protects while using them. Safe mode will prevent those
applications access and therefore unprotect the viruses or other malware
allowing for easier removal.

How to start Windows in Safe Mode Windows XP
http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:1258beojj01f4bc@xxxxxxxxxxxxxxxxxx,
ATCSMike <final@xxxxxxxxxxxx> hunted and pecked:

Wesley Vogel wrote:

Could be a startup orphan.

A startup orphan is a startup item that has a non-existent target file.

If there is no path in Value Data, the item shows up blank in
msconfig | Startup. Also if Default under Data is blank (nothing
there at all) instead of (value not set).

Start | Run | Type: regedit | Click OK |
Navigate to >>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

What do you see in the right hand pane?
Do you see an entry with blank (nothing there at all) in the Data
column?

Yes I do. It's the Default entry.

As for the rest of it, I don't recall uninstalling anything that I had
disabled in Startup. I have no idea what it could be.

--
AOL AIM: ATCSMike
Yahoo Messenger: frostbitemike
United States Navy 1979-1982
Aviation Machinists Mate 2nd Class
VT-23, HS-1, USS Carl Vinson CVN70 (Plank Owner)

email treesqueak (at) gci (dot) net

---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0617-3, 04/28/2006
Tested on: 4/29/2006 7:24:18 PM
avast! - copyright (c) 1988-2006 ALWIL Software.
http://www.avast.com

References:
- Unknown command in System Config Utili/startup
  - From: ATCSMike
- Re: Unknown command in System Config Utili/startup
  - From: Wesley Vogel
- Re: Unknown command in System Config Utili/startup
  - From: ATCSMike

Prev by Date: Need HELP in reinstalling Internet Explorer
Next by Date: Re: Address Not Found Error
Previous by thread: Re: Unknown command in System Config Utili/startup
Next by thread: Re: Unknown command in System Config Utili/startup
Index(es):
- Date
- Thread

Relevant Pages

NewestShareware.com Issue #89
... FileBoss for Windows ... Program Homepage/Download url ... In general users make a program execute at window startup by ... Adding programs to the Registry and WIN.INI file protects the program. ...
(comp.software.shareware.announce)
Re: How do I...
... I run my startup batch files from the registry entry above. ... > file that contained the command worked. ... Windows XP is really Windows NT 5.1. ... >> AUTOEXEC.BAT is not used to initialize the MS-DOS environment. ...
(microsoft.public.windowsxp.setup_deployment)
Re: Starp up sequence
... > 6) WIN.INI [Windows] Load ... > All Users Startup Folder ... > the programs specified in the Computer Configuration setting just before it ... > AppInit_DLLs Registry value. ...
(microsoft.public.windowsxp.customize)
Re: Updates are downloaded but fail to install
... At the command prompt, type the following command, and then press ENTER: ... Note For a computer that is running Windows XP Professional x64 Edition, ... Start the Automatic Updates service. ... This issue most likely occurs when the following registry key or its sub key ...
(microsoft.public.windowsupdate)
reply
... >tried deleting it from the msconfig Startup tool system, ... neither the listed name or command line name ... First, ME comes with a registry backup application, try ... folder temporarily by using attrib.exe: ...
(microsoft.public.security.virus)