WIN.INI Entry

Discussion in 'Windows - Virus and spyware problems' started by jaz720848, Jun 6, 2007.

  1. jaz720848

    jaz720848 Member

    Joined:
    May 25, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    I was wondering if anyone has any idea what this entry in my win.ini file is and what it was designed to do. I believe it to be malicious in nature:

    [XXXXXXXXXXXX]
    ;msconfig ShellExecute=01/14/2007 20:41:17
    ;msconfig I_AVUI::CloseWindow=2007/01/17 13:56:29
    ;msconfig I_AVUI::CloseWindowend=2007/01/17 13:56:47
    ;msconfig I_ASUI::CloseWindow=2007/01/17 13:56:47
    ;msconfig ~CSpyBlocsView=2007/01/17 13:56:48
    ;msconfig ~CNetwork=2007/01/17 13:56:50
    ;msconfig ~CDownloadFile=2007/01/17 13:56:50
    ;msconfig ~CDownloadFile end=2007/01/17 13:56:50
    ;msconfig ~CUploadFile=2007/01/17 13:56:50
    ;msconfig ~CUploadFile end=2007/01/17 13:56:51
    ;msconfig ~CNetwork end=2007/01/17 13:56:51
    ;msconfig ~CScanControl=2007/01/17 13:56:51
    ;msconfig StopThread m_hShieldThread=2007/01/17 13:56:51
    ;msconfig StopThread m_hScanThread=2007/01/17 13:56:51
    ;msconfig ~CProcessList=2007/01/17 13:56:51
    ;msconfig delete m_pNtProcessMonitor=2007/01/17 13:56:51
    ;msconfig StopThread m_hRemoveAllThread=2007/01/17 13:56:51
    ;msconfig StopThread m_hRestoreAllThread=2007/01/17 13:56:51
    ;msconfig delete m_TaskManagerForProcessList=2007/01/17 13:56:51
    ;msconfig m_PatFilesList.clear=2007/01/17 13:56:51
    ;msconfig FreeLibrary(m_hModPSAPI)=2007/01/17 13:56:51
    ;msconfig ~CProcessList end=2007/01/17 13:56:51
    ;msconfig delete m_pProcessList=2007/01/17 13:56:53
    ;msconfig ~CScanControlend=2007/01/17 13:56:53
    ;msconfig EBlocsSB ExitInstance=2007/01/17 13:56:53
    ;msconfig EBlocsSB ExitInstance end=2007/01/17 13:56:53
    ;msconfig ~CSpyBlocsViewend=2007/01/17 13:56:55
    ;msconfig I_ASUI::CloseWindowend=2007/01/17 13:56:54
    ;msconfig ~CSYSView=2007/01/17 13:56:55
    ;msconfig LiveReport=2007/01/17 13:41:15
    ;msconfig LiveReportend=2007/01/17 13:41:16
    ;msconfig StartDownload=2007/01/17 13:56:16
    ;msconfig endDownload=2007/01/17 13:56:20

    Jason
     
    jaz720848, Jun 6, 2007
    #1
  2. bluecoal

    bluecoal Guest

    Hi,

    You could set your system to show hidden and system files and folders and then do a search for files created on 01/17/2007 (or a range from say 1-17 to 1-20). That might give you additional information to evaluate what is going on.


    EDIT:
    From this line:
    msconfig StopThread m_hShieldThread=2007/01/17 13:56:51

    I googled on hshield. One hit (I don't think I am allowed to post the actual link) I got referred to a game called InGunz. Is that something you played or installed?

    Also found another reference to it in relation to a game called Audition.

    I'm guessing the hshield may be a protection software of some kind for games - possibly your win.ini file relates to a game.
    ENDEDIT
     
    Last edited by a moderator: Jun 6, 2007
    bluecoal, Jun 6, 2007
    #2
  3. jaz720848

    jaz720848 Member

    Joined:
    May 25, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    Thanks for the help i will have a look into it. I tend to believe that the entry has/had something to do with a problem i had with avg anti-malware, in that it had a componet that was blank and i had two two resident shield processes.

    I have contacted avg about it and i am waiting to see what they sat.

    Jason
     
    jaz720848, Jun 7, 2007
    #3

Share This Page