a couple glitches. any help

[TheRedFox]

I'm receiving a few glitches. for one thing, my root folder always opens when I boot up, and for two, none of my windows appear on the taskbar. i also have a task running called "Relevant Knowledge" that I can't delete with Process Explorer. it just regenerates. help? i've virus and spyware scanned recently (with AVG Free and Spybot respectively)

[CharlotteTheHarlot]

I'm receiving a few glitches. for one thing, my root folder always opens when I boot up, and for two, none of my windows appear on the taskbar. i also have a task running called "Relevant Knowledge" that I can't delete with Process Explorer. it just regenerates. help? i've virus and spyware scanned recently (with AVG Free and Spybot respectively)

You are most likely beyond a few glitches and well into infection territory.

There are a few ways to handle an infection. The usual way is in realtime (while working on the infected computer). This may or may not be successful depending on how many viruses are alive and spawning. I'll let someone else explain the steps of disabling startup apps, safe-mode, floppies, etc. You should definitely have a copy of Startup Control Panel standalone EXE handy.

Another way is via UBCD and other special boot cdroms which is better since the virus is not actively running. You must first alter the BIOS so that the HDD is given later priority than the CDROM drive. One problem here is that the antivirus definitions are likely to be outdated relative to a very current infection.

Finally, IMHO this way is the fastest: Yank that system drive and install it as a slave in a working computer which has the necessary tools: updated Antivirus (McAfee/AVG/etc) *and* anti-Spyware (SpybotSD/Adaware/etc). Manually scan the slave drive from this safe platform (change settings to ALL files not just program files and enable heuristics), delete the problem files, verify by scanning again until clean, and yank the drive and put it back the way it originally was (umm, be sure you do not execute any files on the slave disk while it is connected in the clean computer!). You're not done yet: on the original computer, you still have to scan one more time with both sets of tools in order to clean the registry and to remove all bad apps hooked into the Win9x startup points. Theoretically no virus should be able to survive this procedure provided the antivirus definitions are up to date. In practice it could be an undefined variant. In this case, put that particular HDD on ice for a couple of weeks and get later definitions for the antivirus and SpybotSD programs and repeat.

my root folder always opens when I boot up

BTW, this is not necessarily a problem in itself. It could just mean that either or both of these registry settings exist:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"DesktopProcess"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer]
"DesktopProcess"=dword:00000001

It simply forces each Explorer instance into a separate thread (which IMHO is a good thing). The root folder instance right after bootup is a only a strange by-product. But, it is possible a virus might intentionally do this so that if one infected Explorer crashes or is killed by Process Explorer, it does not bring down any other infected instances which will then respawn a new thread. So, the way I see it, on an uninfected Win9x computer these settings can add stability, but on an infected one they can help to preserve certain nasty viruses. Just change those DWORDs to all zeroes to prevent this behaviour.

EDIT: fixed that "alter the BIOS so that the HDD is given later priority". It said "disable HDD". Doh! Too many beers.

Edited September 8, 2008 by CharlotteTheHarlot

[Drugwash]

Startup CPL doesn't always show all processes and services. Also, some regular system files may be hooked by malware.

I'd recommend CodeStuff Starter for checking/disabling startup items and watching/killing processes.

Also, Dr.Watson can provide on demand a report including all currently loaded modules. Similarly, HiJackThis (now under TrendMicro's umbrella) is able to provide a report (and clean the registry) of ActiveX controls, BrowserHelperObjects and other nasties that may plague your system. A little bit of intuition plus searching the web for suspect filenames could save the day.

Of course, a nasty infection may require a reboot in DOS mode and manual deletion of infected files. Careful what you delete though, as you may render the system unusable. Always back up the allegedly infected files before deleting them, for safety.

[Multibooter]

i also have a task running called "Relevant Knowledge" that I can't delete with Process Explorer.

Try http://www.ax-soft.com/Security/27232.htm or just google for "Relevant Knowledge" & "virus".

i've virus and spyware scanned recently (with AVG Free and Spybot respectively)

You get what you pay for. I am using Kaspersky anti-virus, although they seem to have deteriorated lately.

If you are not interested in what kind of infection there is, restore a backup of the \Windows\ directory from a time when the suspicious behaviour did not occur, & you'll most likely have gotten rid of the bugger. There are exceptions like boot sector viruses, but deleting \Windows\ & restoring a good backup of it has worked well for me in malware situations.

Edited September 7, 2008 by Multibooter

[TheRedFox]

wow, i feel dumb. i didn't think of googling "rlvknlg.exe" did just now, and I found a webpage that tells about it. apparently it's a spyware/virus and i'm about to try to get rid of it.

[TheRedFox]

alright. I think that I'm done with that. leaving the C: running at startup though, because it's a sign of a good thing.