Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

a couple glitches. any help

- - - - -

  • Please log in to reply
5 replies to this topic

#1
TheRedFox

TheRedFox

    Junior

  • Member
  • Pip
  • 75 posts
  • Joined 04-April 08
I'm receiving a few glitches. for one thing, my root folder always opens when I boot up, and for two, none of my windows appear on the taskbar. i also have a task running called "Relevant Knowledge" that I can't delete with Process Explorer. it just regenerates. help? i've virus and spyware scanned recently (with AVG Free and Spybot respectively)
Posted Image
Compaq Armada 110 laptop
Pentium III 1.0ghz (finally!)
312mb ram
10gb hdd


How to remove advertisement from MSFN

#2
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • Joined 24-September 07
  • OS:none specified
  • Country: Country Flag

I'm receiving a few glitches. for one thing, my root folder always opens when I boot up, and for two, none of my windows appear on the taskbar. i also have a task running called "Relevant Knowledge" that I can't delete with Process Explorer. it just regenerates. help? i've virus and spyware scanned recently (with AVG Free and Spybot respectively)

You are most likely beyond a few glitches and well into infection territory.

There are a few ways to handle an infection. The usual way is in realtime (while working on the infected computer). This may or may not be successful depending on how many viruses are alive and spawning. I'll let someone else explain the steps of disabling startup apps, safe-mode, floppies, etc. You should definitely have a copy of Startup Control Panel standalone EXE handy.

Another way is via UBCD and other special boot cdroms which is better since the virus is not actively running. You must first alter the BIOS so that the HDD is given later priority than the CDROM drive. One problem here is that the antivirus definitions are likely to be outdated relative to a very current infection.

Finally, IMHO this way is the fastest: Yank that system drive and install it as a slave in a working computer which has the necessary tools: updated Antivirus (McAfee/AVG/etc) *and* anti-Spyware (SpybotSD/Adaware/etc). Manually scan the slave drive from this safe platform (change settings to ALL files not just program files and enable heuristics), delete the problem files, verify by scanning again until clean, and yank the drive and put it back the way it originally was (umm, be sure you do not execute any files on the slave disk while it is connected in the clean computer!). You're not done yet: on the original computer, you still have to scan one more time with both sets of tools in order to clean the registry and to remove all bad apps hooked into the Win9x startup points. Theoretically no virus should be able to survive this procedure provided the antivirus definitions are up to date. In practice it could be an undefined variant. In this case, put that particular HDD on ice for a couple of weeks and get later definitions for the antivirus and SpybotSD programs and repeat.

my root folder always opens when I boot up

BTW, this is not necessarily a problem in itself. It could just mean that either or both of these registry settings exist:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]"DesktopProcess"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer]"DesktopProcess"=dword:00000001
It simply forces each Explorer instance into a separate thread (which IMHO is a good thing). The root folder instance right after bootup is a only a strange by-product. But, it is possible a virus might intentionally do this so that if one infected Explorer crashes or is killed by Process Explorer, it does not bring down any other infected instances which will then respawn a new thread. So, the way I see it, on an uninfected Win9x computer these settings can add stability, but on an infected one they can help to preserve certain nasty viruses. Just change those DWORDs to all zeroes to prevent this behaviour.

EDIT: fixed that "alter the BIOS so that the HDD is given later priority". It said "disable HDD". Doh! :wacko: Too many beers.

Edited by CharlotteTheHarlot, 08 September 2008 - 04:24 AM.

... Let him who hath understanding reckon the Number Of The Beast ...


#3
Drugwash

Drugwash

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,288 posts
  • Joined 21-June 06
  • OS:98SE
  • Country: Country Flag
Startup CPL doesn't always show all processes and services. Also, some regular system files may be hooked by malware.

I'd recommend CodeStuff Starter for checking/disabling startup items and watching/killing processes.
Also, Dr.Watson can provide on demand a report including all currently loaded modules. Similarly, HiJackThis (now under TrendMicro's umbrella) is able to provide a report (and clean the registry) of ActiveX controls, BrowserHelperObjects and other nasties that may plague your system. A little bit of intuition plus searching the web for suspect filenames could save the day.

Of course, a nasty infection may require a reboot in DOS mode and manual deletion of infected files. Careful what you delete though, as you may render the system unusable. Always back up the allegedly infected files before deleting them, for safety.

#4
Multibooter

Multibooter

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 896 posts
  • Joined 21-March 08
  • OS:98SE
  • Country: Country Flag

i also have a task running called "Relevant Knowledge" that I can't delete with Process Explorer.

Try http://www.ax-soft.c...urity/27232.htm or just google for "Relevant Knowledge" & "virus".

i've virus and spyware scanned recently (with AVG Free and Spybot respectively)

You get what you pay for. I am using Kaspersky anti-virus, although they seem to have deteriorated lately.

If you are not interested in what kind of infection there is, restore a backup of the \Windows\ directory from a time when the suspicious behaviour did not occur, & you'll most likely have gotten rid of the bugger. There are exceptions like boot sector viruses, but deleting \Windows\ & restoring a good backup of it has worked well for me in malware situations.

Edited by Multibooter, 07 September 2008 - 02:25 PM.


#5
TheRedFox

TheRedFox

    Junior

  • Member
  • Pip
  • 75 posts
  • Joined 04-April 08
wow, i feel dumb. i didn't think of googling "rlvknlg.exe" did just now, and I found a webpage that tells about it. apparently it's a spyware/virus and i'm about to try to get rid of it.
Posted Image
Compaq Armada 110 laptop
Pentium III 1.0ghz (finally!)
312mb ram
10gb hdd

#6
TheRedFox

TheRedFox

    Junior

  • Member
  • Pip
  • 75 posts
  • Joined 04-April 08
alright. I think that I'm done with that. leaving the C: running at startup though, because it's a sign of a good thing.
Posted Image
Compaq Armada 110 laptop
Pentium III 1.0ghz (finally!)
312mb ram
10gb hdd




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users