Archived from groups: microsoft.public.windowsxp.general (
More info?)
I am afraid you don't supply enough information for me to give an
opinion.
I suggest you look up the virus (or whatever it is) in Kapersky's
support site and see what steps you need to take to remove it.
Have a look at these thousands of hits on Google:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2005-15,GGLD:en&q=optimize%2Eexe
....Alan
--
Alan Edwards, MS MVP Windows - Internet Explorer
http://dts-l.org/index.html
On Sun, 11 Sep 2005 04:51:05 -0700, Strela
<Strela@discussions.microsoft.com> wrote:
>Hello, Alan!
>Thanks, I will research it.
>I have another problem. My Anti-Virus Kaspersky places file “optimize.exe”
>in Back up and notices that it is infected. I erase it buy it comes back.
>Want shall I do?
>Best regards.
>
>
>"Alan Edwards" wrote:
>
>> I don't know which one is the best for MediaGateway, I am afraid.
>> I have only tried Ad-Aware, Spybot and the MS Antispyware.
>> All are painless.
>> I keep MS Antispyware running but I may check with Ad-Aware and Spybot
>> once or twice a year, though I may have different security as I never
>> find anything.
>>
>> ....Alan
>> --
>> Alan Edwards, MS MVP Windows - Internet Explorer
>>
http://dts-l.org/index.html
>>
>> On Fri, 9 Sep 2005 11:48:23 -0700, Strela
>> <Strela@discussions.microsoft.com> wrote:
>>
>> >The problem is back!
>> >
>> >"Strela" wrote:
>> >
>> >> Hello, Allan!
>> >> Tone in your messages was so calm that I did not realize that I had a bigger
>> >> problem with my computer as I thought. I did everything as you suggested me
>> >> to do and today when I started my computer the Program Star up did not
>> >> appear. Everything was as it before.
>> >> I have to thank you for professional help. I would destroy my computer
>> >> otherwise.
>> >>
>> >> But now when I know that my computer has a “spy” and after reading those
>> >> links you send me to, I want to get rid of Media Gateway. Actually I heard
>> >> about Gateway before but I did not pay attention then and completely forgot
>> >> about it afterwards.
>> >>
>> >> It is strange that I have got it because I have Kaspersky Anti-Virus program
>> >> and Microsoft Firewall and I thoght that I should be warned about the
>> >> “intrusion”. But obviously did not.
>> >>
>> >> Now, will you, please, help me to get rid of it? There are a lot of
>> >> different tools for this and I need an advice, which is the best and most
>> >> “painful” one of them. What would you do?
>> >>
>> >> Best regards.
>> >>
>> >>
>> >>
>> >> "Alan Edwards" wrote:
>> >>
>> >> > No, it is not the same. Msinfo32 does not show quotation marks that
>> >> > may need to be there in this case.
>> >> > Do NOT delete it if you want MediaGateway, though you may not want
>> >> > such adware.
>> >> >
>> >> > Right-click Media Gateway in the right-hand pane of Regedit, select
>> >> > Modify and add quotation marks before and after the value so it looks
>> >> > like:
>> >> > "c:\program files\media gateway\mediagateway.exe"
>> >> >
>> >> > Do NOTHING with MediaGateway.exe in C:\Program Files unless you
>> >> > decide to delete the reference in Regedit first.
>> >> >
>> >> > Read a few of these first and decide if you want this questionable
>> >> > application.
>> >> >
http://www.google.com/search?hl=en&q=mediagateway+adware&btnG=Google+Search
>> >> >
>> >> > ....Alan
>> >> > --
>> >> > Alan Edwards, MS MVP Windows - Internet Explorer
>> >> >
http://dts-l.org/index.html
>> >> >
>> >> >
>> >> > On Thu, 8 Sep 2005 06:02:02 -0700, Strela
>> >> > <Strela@discussions.microsoft.com> wrote:
>> >> >
>> >> > >Hello, Alan!
>> >> > >I found MediaGateway according to your description:
>> >> > >(HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
>> >> > >It looks exactly as you wrote (Media Gateway "c:\program files\media
>> >> > >gateway\mediagateway.exe").
>> >> > >You suggested to altering it. How? Shall I delete it?
>> >> > >I also Found MediaGateway and MediaGateway(2) in My computer/C:\Program
>> >> > >Files" folder. What shall I do with them?
>> >> > >Best regards.
>> >> > >
>> >> > >
>> >> > >"Alan Edwards" wrote:
>> >> > >
>> >> > >> I noticed you have a "C\Program" folder as well as a C:\Program Files"
>> >> > >> folder. That used to cause conflicts in Win9x and perhaps it still can
>> >> > >> in XP?
>> >> > >> There used to be a site explaining it all.
>> >> > >> "program folder opening at Startup" problem
>> >> > >>
http://pages.infinit.net/mrobich/program_folder.html
>> >> > >> That is no longer available and I really don't recall the details of
>> >> > >> the solution.
>> >> > >>
>> >> > >> I cannot see anything obvious in your list and if no one else can,
>> >> > >> then selectively disable items and reboot until you find the problem
>> >> > >> and then report back.
>> >> > >>
>> >> > >> You might try altering this one:
>> >> > >> Media Gateway c:\program files\media gateway\mediagateway.exe
>> >> > >> so it looks like this:
>> >> > >> Media Gateway "c:\program files\media gateway\mediagateway.exe"
>> >> > >> You will find it using Regedit (Start-Run-Regedit) under the key:
>> >> > >> HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >>
>> >> > >> ....Alan
>> >> > >> --
>> >> > >> Alan Edwards, MS MVP Windows - Internet Explorer
>> >> > >>
http://dts-l.org/index.html
>> >> > >>
>> >> > >>
>> >> > >> On Wed, 7 Sep 2005 05:27:36 -0700, Strela
>> >> > >> <Strela@discussions.microsoft.com> wrote:
>> >> > >>
>> >> > >> >Hello, Alan!
>> >> > >> >Here is the information you asked me about.
>> >> > >> >I hope that it can help to find the problem.
>> >> > >> >Best regards.
>> >> > >> >
>> >> > >> > c:\windows\options\oemreset.exe /audit All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >CPRun c:\philips\cprun.exe connected planet.exe NT INSTANS\SYSTEM Autostart
>> >> > >> >CPRun c:\philips\cprun.exe connected planet.exe .DEFAULT Autostart
>> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT
>> >> > >> >INSTANS\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\LOKAL
>> >> > >> >TJÄNST HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe NT INSTANS\NETWORK
>> >> > >> >SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >KAV50 "c:\program\kaspersky lab\kaspersky anti-virus personal pro 5\kav.exe"
>> >> > >> >-run -n personalpro -v 5.0.0.0 All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >MSConfig c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >Media Gateway c:\program files\media gateway\mediagateway.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >NeroCheck c:\windows\system32\nerocheck.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe NT
>> >> > >> >INSTANS\SYSTEM Autostart
>> >> > >> >Power2Go Express c:\program\cyberl~1\power2go\power2~1.exe .DEFAULT Autostart
>> >> > >> >Power2GoExpress DITT-D04A620689\Galina
>> >> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >QuickTime Task "c:\program\quicktime\qttask.exe" -atboottime All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >Recguard c:\windows\sminst\recguard.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >SiS Windows KeyHook c:\windows\system32\keyhook.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >SiSUSBRG c:\windows\sisusbrg.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >SoundMan soundman.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >SunJavaUpdateSched c:\program\java\jre1.5.0_04\bin\jusched.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >ctfmon.exe c:\windows\system32\ctfmon.exe DITT-D04A620689\Galina
>> >> > >> >Thulin HKU\S-1-5-21-3138682831-2506116485-1885202939-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >desktop desktop.ini NT INSTANS\SYSTEM Autostart
>> >> > >> >desktop desktop.ini DITT-D04A620689\Galina Thulin Autostart
>> >> > >> >desktop desktop.ini .DEFAULT Autostart
>> >> > >> >desktop desktop.ini All Users Gemensam autostart
>> >> > >> >desktop(2) desktop(2).ini NT INSTANS\SYSTEM Autostart
>> >> > >> >desktop(2) desktop(2).ini .DEFAULT Autostart
>> >> > >> >eelr9ch4 c:\windows\system32\eelr9ch4.exe All
>> >> > >> >Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> > >> >
>> >> > >> >
>> >> > >> >
>> >> > >> >"Alan Edwards" wrote:
>> >> > >> >
>> >> > >> >> Autostart is unlikely to be empty.
>> >> > >> >> Check in Msconfig for any oddities.
>> >> > >> >> (Start-Run-MSCONFIG-Startup tab)
>> >> > >> >> If you cannot see anything in Msconfig then:
>> >> > >> >>
>> >> > >> >> Start-Run-msinfo32
>> >> > >> >> Click the + beside Software Environment to expand.
>> >> > >> >> Click Startup Programs
>> >> > >> >> Ctrl+A to Select All, Ctrl+C to Copy.
>> >> > >> >> Paste that information in your message.
>> >> > >> >>
>> >> > >> >> ....Alan
>> >> > >> >> --
>> >> > >> >> Alan Edwards, MS MVP Windows - Internet Explorer
>> >> > >> >>
http://dts-l.org/index.html
>> >> > >> >>
>> >> > >> >> On Wed, 7 Sep 2005 03:35:03 -0700, Strela
>> >> > >> >> <Strela@discussions.microsoft.com> wrote:
>> >> > >> >>
>> >> > >> >> >Hello!
>> >> > >> >> >Each time when I log in I get opened C:\Program as Autostart. But in reality
>> >> > >> >> >Autostart is empty. It started to appear for two weeks ago and I cannot
>> >> > >> >> >change it back. I checked everything.
>> >> > >> >> >Help!
>> >> > >> >>
>> >> > >>
>> >> >
>>
Facebook
Twitter
Instagram