Popup message on startup

Discussion in 'All other topics' started by nownthen, Dec 28, 2004.

  1. nownthen

    nownthen Regular member

    Joined:
    Nov 14, 2004
    Messages:
    763
    Likes Received:
    0
    Trophy Points:
    26
    Every time one of the users logs in a message pops up that says "Windows cannot find C:\WINDOWS\Downloaded. I have no idea what is calling the file. Can anyone help me to get ride of this popup.

    Thanks for any help.
     
  2. SparkeyNi

    SparkeyNi Member

    Joined:
    Jul 14, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    16
    Had a look around and it sounds like it may be due too adware/spyware trying to load up. Download something like spysweeper (make sure to update the definitions) and run to see if it makes any difference.
    http://www.webroot.com/downloads/
     
  3. Otherone

    Otherone Guest

    hey, nice link sparkey, even comes with a tracking cookie!
     
  4. nownthen

    nownthen Regular member

    Joined:
    Nov 14, 2004
    Messages:
    763
    Likes Received:
    0
    Trophy Points:
    26
    I ran my adware/spyware program. it found a bunch of spyware but when I removed it the popup is still coming up.
     
  5. nownthen

    nownthen Regular member

    Joined:
    Nov 14, 2004
    Messages:
    763
    Likes Received:
    0
    Trophy Points:
    26
    Is there any type of file that doesn't do anything. I figure I could just call it downloaded and the popup will go away.
     
  6. SparkeyNi

    SparkeyNi Member

    Joined:
    Jul 14, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    16
  7. SparkeyNi

    SparkeyNi Member

    Joined:
    Jul 14, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    16
    does the popup say anything else other than Windows cannot find C:\WINDOWS\Downloaded
     
    Last edited: Dec 29, 2004
  8. Adavis

    Adavis Member

    Joined:
    Sep 28, 2004
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    16
    Try finding the culprit using start/run "msconfig". select "selective startup" and untick anything you don't need - also clean out your start/programs/startup folder. If you don't know what a particular item is use the search function to locate the install folder or google it This will also help speedup your system.

    I use:

    Zonealarm 4.5
    Adaware
    AVG
    HijackThis
    Firefox 0.93 with imagetool and spiderzilla extensions

    ALL FREE.
     
    Last edited: Dec 30, 2004
  9. Otherone

    Otherone Guest

    Hi nownthen,
    I assume the pop up is still there. I am unclear on a few things:
    1 what users on what system? When windows starts or users on something else?
    2 there is a "downloaded Installations" and a "downloaded program files" directory in windows.

    Seems the program or what ever has a mistake, which might be good for you, you may never have known it was there.
    I agree with Adavis's idea.

    I wonder what would happen if you created a directory called Downloaded, would the pop up still be there and would there be anything appearing in the directory? :) give it what it wants and maybe it will go away :)

    Try the system configuration utility/startup tab and see if anything suspicious is loading.

    And guys, I'm not so worried about cookies n popups, but there's websites out there that infect a computer just going there so i dont usually even click on links without all defenses on. So, cookies n pop ups make me nervous. So when a popup breaks thru, I feel there's a weakness in my defenses.
    I use:
    Netscape 7
    PeerGaurdian
    Avaste anti-virus
    Win XP SP2 firewall
    Sygate firewall
    spybot S&D
    Spyblaster
    Y! anti popup & antispy
    MSN anti popup
    DSL router
    P2P Identity Secure
    Port monitors
    Java and AxtiveX disabled,

    And with all this, I still got a trojan from a fake site run by the RIAA that used Java and a fake free mp3 shield program that taged all my mp3's with XML extensions, to install a MP3 file search & tag trojan. I suppose they will be coming for me next. Found and deleted it with good ol Avaste and a boot time scan!
     
  10. nownthen

    nownthen Regular member

    Joined:
    Nov 14, 2004
    Messages:
    763
    Likes Received:
    0
    Trophy Points:
    26
    When you put a folder in its place it opens when you log into windows.

    I'm using Windows XP Home.
    Windows loads to a Welcome Screen. The users are listed there. There are three users my family including my brother, sister and myself.
     
  11. nownthen

    nownthen Regular member

    Joined:
    Nov 14, 2004
    Messages:
    763
    Likes Received:
    0
    Trophy Points:
    26
    I RAMBOO~1 something I have to keep? I wouldn't want to prevent something from starting that I need.
     
  12. Otherone

    Otherone Guest

    I would be doing a serious boot time full scan using Avast anti virus. This is not a normal windows routine and sure looks like some weird trojan virus. where is that ramboo file located?
     
  13. nownthen

    nownthen Regular member

    Joined:
    Nov 14, 2004
    Messages:
    763
    Likes Received:
    0
    Trophy Points:
    26
    Location
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVer...
    Then it cut off

    So is this something that I can take off my startup list?
     
    Last edited: Dec 29, 2004
  14. Otherone

    Otherone Guest

    My startup list shows ctfmon in the same HKCU registry key
    I used regedit to search the registry and found simalar refernces, and the seemed to have something to do with msmsgs.exe, or it could be windows messenger. That is either the message maker for system popups or.... If you disable it, and restart, you can see if anything changes. If you cant start, hit F8 at bootup and start in safe mode and re enable it. I donno, I did not find any exact match such as "HKCU\SOFTWARE\Microsoft\Windows\CurrentVer..", but if you go into the registry using regedit, you can see ecactly what is loading there too under current user or local machine. That ramboo thing sounds kinda scarey. You might also try a trojan finder program and use it. But if no virus turns up on a boot time scan, then maybe it is nothing to be really worried about, but I know I would not sleep until the mystery is solved.. You could always try a system restore as a last resort to a time just before the pop up happened, but some trojans insert themselves in system restore files so that you can't even do that to get rid of it.
    I hope somebody else had a better clue than I do. What I would do?
    I'd go into the registry, back it up first, edit/find then "find" that ramboo thing and delete that key. I searched mine for "I RAMBOO~1" and found nothing (if i typed it right) Write down exactly where it is and what the key value is before you delete so you know how to restore it. Might even do a system restore point first too.
    Just be careful and dont do anything ya cant undo.
     
  15. Adavis

    Adavis Member

    Joined:
    Sep 28, 2004
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    16
    Nowthen try this site:

    www.grc.com

    and use the "three muskateers"

    shootthemessenger.exe will disable messenger and you won't have to install any annoying windowz sp packs - I NEVER have and my system is a jam packed p4 with only 512mb of ram and 3 pci cards/dvd/cd writer and a whole lotta cable -still very fast.


    xpidite.exe
    upnp.exe
    shootthemessenger.exe
    dcommob.exe

    as far as i can tell from zonealarm 4.5 the only program that i've allowed internet access(server rights) to is svchost.exe - apparently you have to, not sure exactly what it does but none of my browsers will work without it - all other programs I configured independently as the required access...this will help prevent future "infection" if you do get this sorted out.

    I know this doesn't really solve your problem but when u do get it sorted these any my above mentioned post will help prevent it happening again.
     
    Last edited: Dec 30, 2004

Share This Page