1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Why does msconfig shut off in normal mode but not in safe mode?

Discussion in 'Windows XP' started by the2starrs, Feb 10, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. the2starrs

    the2starrs Thread Starter

    Joined:
    Feb 9, 2004
    Messages:
    5
    anybody know what i can do?
     
  2. Sequal7

    Sequal7

    Joined:
    Apr 14, 2001
    Messages:
    2,382
  3. Compumedic

    Compumedic

    Joined:
    Oct 1, 2002
    Messages:
    176
    MsConfig is a good utility to use to troubleshoot and sometimes fix certain problems within a PC. When in safemode, it is a good thing to have access to MsConfig in case you need to disable a start-up item, or other process causing you problems.

    What exactly do u mean that it shut's off in normal mode? As in you can't access it?
     
  4. the2starrs

    the2starrs Thread Starter

    Joined:
    Feb 9, 2004
    Messages:
    5
    I did a virus scan and it turns out i have 3 infected files one being cssrs.exe (in the startup folder)
     
  5. Sequal7

    Sequal7

    Joined:
    Apr 14, 2001
    Messages:
    2,382
    Can you please post the following information if available...

    Did Symantec delete them for you?

    What virus was it specifically?

    Was there a fix page it sent you to?

    thanks-
     
  6. the2starrs

    the2starrs Thread Starter

    Joined:
    Feb 9, 2004
    Messages:
    5
    i did some searching on this type of worm i received and this is what i came up with..........







    WORM_AGOBOT.FX






    Overview Technical Details Statistics





    QUICK LINKS Solution

    --------------------------------------------------------------------------------

    Virus type: Worm

    Destructive: No

    Aliases: AGOBOT.FX

    Pattern file needed: 736

    Scan engine needed: 5.600

    Overall risk rating: Low

    --------------------------------------------------------------------------------

    Reported infections: Low

    Damage Potential: High

    Distribution Potential: High



    --------------------------------------------------------------------------------

    Description:



    This memory-resident worm drops and executes a copy of itself as the file CSSRS.EXE in the Windows system directory.

    It takes advantage of the following system vulnerabilities:

    DCOM RPC vulnerability using TCP port 135
    RPC Locator vulnerability using TCP port 445
    WebDav vulnerability using TCP port 80
    For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:

    Microsoft Security Bulletin MS03-026
    Microsoft Security Bulletin MS03-001
    Microsoft Security Bulletin MS03-007
    It also has the following capabilities:

    Attempt to gain access to specific shared folders on the network using a predefined list of user names and passwords
    Connect to an Internet Relay Chat (IRC) channel and listens for commands from a remote user
    Allow the malicious user to perform several malicious tasks on a vulnerable system
    Terminate antivirus products, firewall programs, and system tools
    It runs on Windows NT, 2000, and XP.

    Solution:



    Removing Autostart Entries from the Registry

    Removing autostart entries from the registry prevents the malware from executing during startup.

    Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
    In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Run
    In the right panel, locate and delete the entry:
    WinFX = "cssrs.exe"
    Display Drivers = "cssrs.exe"
    In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
    CurrentVersion>RunServices
    In the right panel, locate and delete the entry:
    WinFX = "cssrs.exe"
    Display Drivers = "cssrs.exe"
    In the left panel, locate and delete the following:
    HKEY_LOCAL_MACHINE>System>CurrentControlSet>
    Services>Driver
    Close Registry Editor.
    NOTE:Since the malware cannot be terminated manually, restart your system.
    Additional Windows ME/XP Cleaning Instructions

    Running Trend Micro Antivirus

    Scan your system with Trend Micro antivirus and delete all files detected as WORM_AGOBOT.FX. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner.

    Applying Patches

    This malware exploits known vulnerabilities on certain platforms. Download and install the critical pathes from the following links:

    Microsoft Security Bulletin MS03-026
    Microsoft Security Bulletin MS03-001
    Microsoft Security Bulletin MS03-007
    Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business or home PC.



    For additional information about this threat, see Technical Details.






    Email this page Rate this page







    Copyright 1989-2004 Trend Micro, Inc. All rights reserved. Legal Notice and Privacy Policy
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - does msconfig shut
  1. xITmasterx
    Replies:
    11
    Views:
    515
  2. SilverSurf
    Replies:
    5
    Views:
    353
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/202392

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice