[Resolved] vtagentreboot.exe

[markoz12]

Can anyone help me to remove vtagentreboot from my system.
I am running Windows 98SE.
Thankyou.

 

[steamwiz]

Hi markoz12

What folder is it in ?

If you post your startup list we may be able to spot something

Please post your startup list by doing the following :-

Please go here and download startuplist 1.5 :-

http://www.lurkhere.com/~nicefiles/startuplist15.zip

Download to any folder or your desktop
Unzip the zipfile
Double click the exe file
go to Edit - select all - copy - and paste the results in a new post here


steam

 

[markoz12]

Thankyou. Here goes:

StartUp Log Index

1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations

__________________________________________________________________________
__________________________________________________________________________

The following is a list of your current Start-Ups
__________________________________________________________________________
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="c:\\windows\\scanregw.exe /autorun"
"TaskMonitor"="c:\\windows\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"TridTray"="c:\\windows\\SYSTEM\\tridtray.exe "
"Scan Detector"="C:\\PROGRA~1\\PRIMAX\\POWERT~1\\Pmxdetect.exe"
"LoadQM"="loadqm.exe"
"DownloadAccelerator"="C:\\PROGRA~1\\DAP\\DAP.EXE /STARTUP"
"AdaptecDirectCD"="\"c:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"CreateCD50"="C:\\PROGRA~1\\COMMON~1\\ADAPTE~1\\CREATECD\\CREATE~1.EXE -r"
"CloneCDTray"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe -osboot"
"NAV Agent"="c:\\PROGRA~1\\NORTON~1\\NORTON~1\\NAVAPW32.EXE"
"NPROTECT"="c:\\Program Files\\Norton SystemWorks\\Norton Utilities\\nprotect.exe"
"QD FastAndSafe"=""
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"


==========================================================================
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"eZulaMain"="C:\\PROGRA~1\\ezula\\eZulaMain.exe"


==========================================================================
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"SchedulingAgent"="mstask.exe"
"ScriptBlocking"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Script Blocking\\SBServ.exe\" -reg"
"CSINJECT.EXE"="c:\\Program Files\\Norton SystemWorks\\Norton CleanSweep\\CSINJECT.EXE"
"NPROTECT"="c:\\Program Files\\Norton SystemWorks\\Norton Utilities\\nprotect.exe"
"SymTray - Norton SystemWorks"="c:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe \"Norton SystemWorks\""


==========================================================================
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


==========================================================================
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.


These are the run and load lines in your WIN.INI file

run=c:\windows\temp\vtagentreboot.exe
OldRun=c:\windows\temp\vtagentreboot.exe

load=

==========================================================================
__________________________________________________________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.


This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

==========================================================================
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)


These are your program startups and set paths in your autoexec.bat file

REM ****** TRIDENT MICROSYSTEMS, INC. PCI AUDIO DOS UTILS *******
rem - By Windows Setup - C:\WINDOWS\COMMAND\MSCDEX.EXE /D:CDROM001

LH keyb UK,,C:\WINDOWS\COMMAND\keyboard.sys
LH c:\windows\command\imouse.com
C:\UNIVBE\UNIVBE.EXE -l
SET PATH=C:\IMSI\EASYLANG\ASRBIN

SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\AUTODE~1
c:\windows\SYSTEM\WAVEINIT.EXE /v
c:\windows\SYSTEM\WAVETSR.COM

==========================================================================
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your StartUp folder

C:\Windows\Start Menu\Programs\StartUp\Office Startup.lnk
C:\Windows\Start Menu\Programs\StartUp\CleanSweep Smart Sweep-Internet Sweep.lnk

==========================================================================
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your All Users StartUp folder


*(No start-ups found)*

==========================================================================
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================-
Registry StartUp Directories
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


.....................................................................

-=======================-
Registry Shell Spawning
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================-
HKLM RunOnceEx - Registry
-=========================-


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


-=========================-
HKU (.Default) Run - Registry
-=========================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
"eZulaMain"="C:\\PROGRA~1\\ezula\\eZulaMain.exe"


-==============================-
HKU (.Default) RunOnce - Registry
-==============================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


-================================-
StubPaths - Registry (Partial Listing)
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"StubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="c:\\windows\\msnmgsr1.exe"
"StubPath"=""
"StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L"
"StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-

@echo off

REM Notes:
REM DOSSTART.BAT is run whenenver you choose "Restart the computer
REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
REM you to load programs that you might not want loaded in Windows,
REM (because they have functional equivalents) but that you do
REM want loaded under MS-DOS. The two primary candidates for
REM this are MSCDEX and a real mode driver for the mouse you ship
REM with your system. Commands that you want present in both Windows
REM and MS-DOS should be placed in the Autoexec.bat in the
REM \Image directory of your reference server. Please note that for
REM MSCDEX you will need to load the corresponding real-mode CD
REM driver in Config.sys. This driver won't be used by Windows 98
REM but will be available prior to and after Windows 98 exits.
REM
REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
REM before Windows loads and access the CD-ROM. All you have to do
REM is press F8 and then run DOSSTART to load MSCDEX and your real
REM mode mouse driver (no need to remember the command line parameters
REM for these two files.
REM
REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
REM - The string following the /D: statement must explicitly match
REM the string in CONFIG.SYS following your CD-ROM device driver.

REM ****** TRIDENT MICROSYSTEMS, INC. PCI AUDIO DOS UTILS *******

C:\WINDOWS\COMMAND\MSCDEX.EXE /D:CDROM001
C:\WINDOWS\SYSTEM\WAVEINIT.EXE /M


-=================-
WININIT.BAK File - (c:\windows\wininit.bak)
(name) (type) (size)(modified)(time)
wininit bak 43 17/12/02 20:48
-=================-

[Rename]
NUL=C:\WINDOWS\TEMP\irsetup.exe

-=================-
WININIT.INI File - (c:\windows\wininit.ini)
(name) (type) (size)(modified)(time)
wininit ini 44 08/01/03 20:27
-=================-

[rename]
NUL=c:\windows\TEMP\_iu14D2N.tmp
-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-

SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\FALLIN~1.SCR

==========================================================================
__________________________________________________________________________

- Supplemental Environment Information -

TMP=c:\windows\TEMP
TEMP=C:\windows\TEMP
winbootdir=C:\WINDOWS
COMSPEC=C:\WINDOWS\COMMAND.COM
PATH=C:\WINDOWS;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\IMSI\EASYLANG\ASRBIN;C:\PROGRA~1\COMMON~1\AUTODE~1
windir=C:\WINDOWS

File - c:\windows\Wininit.ini
File - c:\windows\Wininit.bak
File - c:\windows\deletefi.ini

 

[TonyKlein]

Go to Start/run and type Win.ini. , followed by 'OK'.
Your Win.ini will now open in Notepad:

You'll see a line run=c:\windows\temp\vtagentreboot.exe .

Edit that line, so it reads run= exclusively.

Delete the OldRun=c:\windows\temp\vtagentreboot.exe line completely.

Go to 'File' and click 'save'.
Close your Win.ini, reboot, and empty the ENTIRE contents of your C:\Windows\Temp folder.

Cheers,

 

[steamwiz]

You also have a number of programs that I would not have running at startup

Go to
start
run
type msconfig
click startup tab - check the programs you have running against this list

http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

decide if they are neccessary and untick the ones you don't need

steam

 

[markoz12]

Thankyou so much for all of your help.
It is deeply appreciated.
What exactly is this vtagentreboot? How did it get there and what does it do?
Thankyou.

 

[TonyKlein]

No idea.

What I could find points to http://www.chetnet.co.uk though:


http://www.chetnet.co.uk/faq_centre.htm