Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91910 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Need Help Deleting Wincfg.scr


  • Please log in to reply
7 replies to this topic

#1 ippyman

ippyman

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 04 August 2003 - 09:09 PM

[FONT=Times][SIZE=7]

Hi all.

This will be a long post so please bear with me.

I need help getting rid of wincfg.scr.

It was in a message I downloaded from a newsgroup.

It tries to access the internet every few minutes the computer is running, and I get security alerts from my Norton IS about every 2 minutes that an inbound attack was attempted using this software.
The remote address for the inbound attack is: nevermind.hackarmy.tk. I can post the rest of the info from this message if it will be of any use.

The (outbound) attempt to access the internet alert reads "Generic host process for Win32 Services is attempting to access the internet".

I tried deleting it from the Windows/System folder (where it installed itself), but I get the "cannot delete. access denied source file may be in use" message.

I tried to disable it using msconfig, from the start/run menu, but the window doesn't stay open long enough to click on the "Startup" tab.

I tried running msconfig from dos, but got the same result.

I even tried to run regedit, but it closes immediately on opening as well.

I ran spybot, it seemed to eliminate the program (that was the message that appeared when I ran it), but wincfg.scr was running again the next time I booted up.

Virus scan didn't detect anything.

I tried to quarantine it with Norton AV, but that failed because the file is running.

It is not listed in the Start/Programs/Startup folder.

The first time I looked at the Properties tab, the only thing that wasn't blank was the version, and the language. Now it reads as a Microsoft program. I can post the properties info if that will help.

How do I get rid of this parasite? My system is really slow now, and the constant threat has me highly stressed.

I will really appreciate any and all help I can get. Thank you.

zippyman.

    Advertisements

Register to Remove


#2 Galadriel

Galadriel

    CEO - Chief Elvish Officer

  • Visiting Fellow
  • PipPipPipPip
  • 528 posts

Posted 04 August 2003 - 09:29 PM

Hmm, this is odd.

Have you tried deleting it in safe mode ?

It seems this is a pest to get rid of....

Have a look at this thread which deals with the same issue.

http://www.spywarein...=ST&f=11&t=8912
I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel

'The world is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

#3 Guest_c3em_*

Guest_c3em_*
  • Guests

Posted 05 August 2003 - 11:37 AM

ippyman,

wincfg.scr is becoming an increasing problem...

check this thread for a possible resolve.

http://forums.techgu...ight=wincfg.scr

http://forums.techgu...ight=wincfg.scr

both threads are different, good luck!

Edited by c3em, 05 August 2003 - 11:48 AM.


#4 Galadriel

Galadriel

    CEO - Chief Elvish Officer

  • Visiting Fellow
  • PipPipPipPip
  • 528 posts

Posted 05 August 2003 - 12:03 PM

Thanks for the info c3em! Cheers,
I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel

'The world is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

#5 Guest_c3em_*

Guest_c3em_*
  • Guests

Posted 05 August 2003 - 03:11 PM

why thank you Ms. Galadriel, I gotta keep at least one shoe lace tied in here........oh wait, I'm wearing sandals! nm :P

#6 ippyman

ippyman

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 05 August 2003 - 08:03 PM

:D :D The evil nevermind.hackerarmy has been defeated!!! :D :D
Happy, Happy, Joy, Joy, Happy, Happy, Joy, Joy!

Thank you Galadriel, oh Elven (Elvish?) goddess of fixing computers.

Thank you c3em. FWIW The second thread from the two you posted was the one that worked for me. It was simple, really (once someone told me how to do it).

I downloaded Process Explorer from www.sysinternals.com, which I used to kill the wincfg.scr process, and then just deleted it from the C:Windows\system folder (Windows ME). Apparently it can install itself in different folders. For Windows NT it seems to install in the C:Windows\system 32 folder.

Hope this helps anyone else who gets this virus.

ippyman

#7 Galadriel

Galadriel

    CEO - Chief Elvish Officer

  • Visiting Fellow
  • PipPipPipPip
  • 528 posts

Posted 05 August 2003 - 08:20 PM

WOW! That's great! :D Glad to hear you got it squared away and rooted out the evil! Surf safe!
I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel

'The world is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

#8 Guest_c3em_*

Guest_c3em_*
  • Guests

Posted 06 August 2003 - 10:45 AM

Good ippyman, glad you defeated the critter!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users