Jump to content


Photo

CWS vs. registry?


  • Please log in to reply
3 replies to this topic

#1 slatherson

slatherson

    Member

  • New Member
  • Pip
  • 3 posts

Posted 10 June 2004 - 12:17 AM

So I checked my HJT log against the startup list on this site and I'm left with a couple of questions.

#1 If the startup list shows one of my codes to be a virus, how do I fix it? CWS or registry?

#2 If the list shows a legitamate item, but not required for basic operation, and shows a way of disabeling it, which should I use CWS, registry, or the path suggested? and what is the difference between the methods?

Example:

Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK


#3 What is the difference between using CWS and the registry?

Thats all I can think of for now. I AM learning. Slowly but surely...I am learning.

Thanks for a great website, and your help.

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,252 posts

Posted 10 June 2004 - 09:29 AM

First, CWS is an infection and one of the nastiest... Do you mean HijackThis?? or maybe CWShredder?? You can use HJT to fix item listed in the scan. This will fix the Registry setting, so it is usually the easiest way to do this. Keep in mind that if you are not sure what you are doing, you can disable your entire system. You can also use HJT to disable startups of programs that do not need to load automatically at start up. The example that you cited is one that cannot be permanently disabled by HJT, you also have to change settings in the program to keep it from simply reloading later...

If you find a virus, your best bet is to use an online virus scan to remove it and then make sure you have an effective antivirus program installed to prevent further infection.
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 Dem

Dem

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 10 June 2004 - 07:23 PM

Hiya.

I remove these nasties from client's computers every day. One tool that I find very useful is called RegCleaner (see my sig for the link). It has an option that will show you the startup list of programs. Once you've determined what you do and do not want in that list (I use another computer to look up file names via Google), you can tick them off and choose to 'remove from startup'.

This IS a registry editing program and must be used careful. This is why I recommend looking up all filenames in Google first before axing them. It's also useful for showing you if you have an infection, as filenames can appear BACK in the list once removed. This is usually a trojan infection.

Another great feature of this program is it will remove invalid entries from the registry with the click of a button. Nothing like a tune up at the same time as you're cleaning!

Good luck in your efforts,
Dem

#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,252 posts

Posted 10 June 2004 - 07:44 PM

And like any Registry cleaning program, it can work great and it can cripple your system if you don't know what you are doing... or sometimes even if you do...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button