The last coupla days, whenver i've tried to end windows, it's said there's a dos program running called NET, and occasionally one called PING. Well, trying to figure out where these are coming from, I found programs running after a clean boot -- winoldap and ping. I don't know wtf these things are besides dos programs. Now, I few days ago i found a .vbm (visual basic, i assume) file called "(kamasutra)" something or other in one of my directories...no clue wtf it was.
Now, while trying to figure out what this winoldap thing was, i checked the registry. Under local user, and down to explorer, I found the culprits in a folder called "Doc Find Spec MRU." Inside was the following:
a "'"
b "directx.*"
c "dx*.*"
d "kamasutra*.*"
e "winoldap*.*"
MRUList "eadcb"

Does anyone have any idea what this crap is? I've gone through everything under the startup tab of msconfig, but i can't seem to lock it down. I hope this has nothing to do with the general protection fault my other computer decided to have. Any help is GREATLY appreciated.

quote:

---

Originally posted by Frosty:

The last coupla days, whenver i've tried to end windows, it's said there's a dos program running called NET, and occasionally one called PING. Well, trying to figure out where these are coming from, I found programs running after a clean boot -- winoldap and ping. I don't know wtf these things are besides dos programs. Now, I few days ago i found a .vbm (visual basic, i assume) file called "(kamasutra)" something or other in one of my directories...no clue wtf it was.
Now, while trying to figure out what this winoldap thing was, i checked the registry. Under local user, and down to explorer, I found the culprits in a folder called "Doc Find Spec MRU." Inside was the following:
a "'"
b "directx.*"
c "dx*.*"
d "kamasutra*.*"
e "winoldap*.*"
MRUList "eadcb"

Does anyone have any idea what this crap is? I've gone through everything under the startup tab of msconfig, but i can't seem to lock it down. I hope this has nothing to do with the general protection fault my other computer decided to have. Any help is GREATLY appreciated.

---

get a virus scanner.. and taht will take care of it..

most new virus' are actually VBScripts.. (my parents had one called network.).. but norton or mcafee took care of it.. no problem..

you should look into that kinda soonish.

As for the rest of it...CatKnight, that's exactly what i was thinking, is that whatever it is may just ping out over and over and over to tell someone "This machine is ready to be hacked, yo" Anyway, it's good to know that the list is only shit i've searched for. Was kinda wondering what the hell anything related to kamasutra would have to do with windows...hrm. Hopefully it's just a malfunction.

------------------
"Me fail English? That's unpossible!"
- Ralph Whigham

Doc Spec MRU is just a history of files you have searched for.

Where you should be looking in the registry for malicious programs is under
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

...and your startup folder, of course.

------------------
A good programmer is someone who looks both ways on a one-way street

anyway kamasutra is that hindu book of all all the different sex positions. hehe

quote:

---

Originally posted by Observer:
Winoldap is just a DOS virtual environment for running old DOS programs like Ping.

Doc Spec MRU is just a history of files you have searched for.

Where you [b]should be looking in the registry for malicious programs is under
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

...and your startup folder, of course.
[/B]

---

check also for the lines load= and run= near the top of system.ini or win.ini (can't remember which one)

------------------
#define QUESTION (2b)| |!(2b)

[Edit -- Virus name]

This message has been edited by Frosty on March 21, 2001 at 12:34 PM