PDA

View Full Version : Bootup Popup



Tribander
14-06-2004, 05:51 PM
I am running Windows XP along with Internet explorer 6.

Problem that I am having is each time I bootup a 25mm popup square loads in at the same time as messenger & Nortons etc, no writing in it anymore , I don't know what it is called even - it doesn't have a name or title. Two clicks on its X inside a circle and it is gone until next bootup.

It first appeared 3 weeks ago after I got 4 virus's whilst on the internet , Nortons quarantined the virus's OK and since then I have used Ada_ware to cleanup my system.
Nortons antivirus definitions are up to scratch.

I have poked around folders and files looking for it but to no avail.
I have also had a look in PC World's archives also to no avail.

Could someone shed some light on how to get rid of this dominating little square.

Thanks from GrandPa

tweak\'e
14-06-2004, 06:22 PM
start/run/msconfig

check to see if there is any werid programs set to run at startup. if unsure just post a list of them all here.

Tribander
15-06-2004, 11:49 AM
Hi Tweake,
Thanks for your reply.

I would not be sure which programs are weird in this startup folder, they all look a bit strange to me.
No 2 could be an odd ball ?


Here are the startup programs in the System Configuration Utility Folder

Startup Command Location

1. navapw32 C:/program~1/Nort… HKLM/software/Microsoft/Windows/CurrentVer…

2. SK2690DM SK2690DM.EXE HKLM/software/Microsoft/Windows/CurrentVer

3. NeroCheck C:/Windows/System…. HKLM/software/Microsoft/Windows/CurrentVer

4. mobsync %SystemRoot%/syst… HKLM/software/Microsoft/Windows/CurrentVer

5. dirote C:/Windows/System… HKLM/software/Microsoft/Windows/CurrentVer

6. ctfmon C:/Windows/System HKCU/software/Microsoft/Windows/CurrentVer

7.msmgs “C/Program Files/ Mes… HKCU/software/Microsoft/Windows/CurrentVer

8.SNDMon C:/PPROGRAM~1/Syman…HKCU/software/Microsoft/Windows/CurrentVer

9.Microsoft Office C:/PPROGRAM~1/MICR… Common Startup

10.WinZip Quick Pick D:/ Tempor~1/WinZip… Common Startup

Thanks Tweake
Regards GrandPa

whiskeytangofoxtrot
15-06-2004, 12:09 PM
Number 2 is apparently the Hot Key Kbd 2690 Daemon

Apparently for running multimedia keys on some keyboards.

Try unticking the dirote thing. The rest looks fine.

metla
15-06-2004, 12:45 PM
90 percent of them could (imo should) be disabeld,how often would you need nero to have a chat over the internet?,or need winzip and office already running in the background?

Tribander
16-06-2004, 01:13 PM
Did what you suggested WTF, disabled the dirote thing, I see in the General File now that the Startup Button is not ticked and has a square in it.
Computer rebooted in Selective Mode instead of normal, Popup Square has gone.
If I now tick normal start up mode it also re selects the dirote file in startup
To get back to normal start up mode would I need to delete the dirote file which is sitting in Windows/System32/fOrOr folder, I see that some of the other past virus's files are in this folder as well.

Fine too on Metla's advice about disabling Winzip/Microsoft Office and Nero from startup file.
I have been reluctant to delete anything just incase it is a wanted file.
Thanks for your help Guys I think we are getting somewhere.

Regards GrandPa ZL1LY

godfather
16-06-2004, 01:30 PM
dirote is a trojan by the look of it.

TROJ_BOTIRC.A

whiskeytangofoxtrot
16-06-2004, 02:13 PM
Options are:

To untick the dirote thing, when you next get the selective startup box, just select the option to not show it again.

The better option is to do a full virus scan with an up to date virus scanner, or visit here: http://housecall.trendmicro.com

Tribander
16-06-2004, 11:15 PM
Hi WTF & Godfather,

I tried to stay connected to the Microtrend website to down load their house call service but my server kept disconnecting me, I'll try again tomorrow.
I would of thought that an up to date Nortons would of clobbered this thing if it is a trojan virus.

Thanks for your help Guys, bootup popup is gone, well done, what would we all do without your help.

Bye for now
Regards GrandPa

Greg S
17-06-2004, 12:52 PM
> I would of thought that an up to date Nortons would
> of clobbered this thing if it is a trojan virus.

Valid point, except that some virii have been known to disable Nortons from doing an accurate scan. By doing the online test you can be sure of it being maliciously altered

Greg S
17-06-2004, 12:53 PM
>
> > I would of thought that an up to date Nortons
> would
> > of clobbered this thing if it is a trojan virus.
>
> Valid point, except that some virii have been known
> to disable Nortons from doing an accurate scan. By
> doing the online test you can be sure of it being
> maliciously altered
>
>

[Edit] By
> doing the online test you can be sure of it NOTbeing
> maliciously altered

Tribander
17-06-2004, 09:17 PM
Thanks for that Greg.

It sounds like the online test might be the way to go, I still haven' done it yet.
I hear on the news tonight that our modern type cell phone is or could be prone to virus's.

My Goodness what next.

Regards GrandPa