Strange characters in HKCU:Run

[Sampson]

I am a great believer in CCleaner!!! However, I offered to do some maintenance on a friend's laptop and I ran the cleaner. In the Tools> Startup window I saw 2 entries with Chinese/Japanese/Korean characters, and I don't know whether I should delete them outright, or not.

 

I ran the anti-virus and it did not find anything 'suspicious'. Being an English [Australian] language machine setup, I am totally lost in this instance.

 

Can you please advise me what to do?????

 

Regards.

[Alan_B]

Can you please advise me what to do?????

 

I would WORRY !!!

 

I cannot substantiate this, but I have seen claims that China is :-

high in the league for spam emails and worse;

not to be trusted as a source of security software to protect secrets with commercial value.

 

Then I would investigate.

 

Aim Windows Explorer at the location designated by Tools / Startup.

Look at all the files in this folder, and any sub-folders

Talk to your friend.

Perhaps your friend paid top dollar for wonderful software that he needs for life support,

or maybe some-one used this P.C. to visit a dodgy part of the internet and something nasty sneaked in,

and perhaps its function is to start-up each morning and phone home with latest passwords and credit card numbers.

 

Action I would take if still worried :-

 

I would seek further help from more appropriate forums, e.g "SPYWARE HELL" below

http://forum.piriform.com/index.php?showforum=2

 

Alan

[davey]

I am a great believer in CCleaner!!! However, I offered to do some maintenance on a friend's laptop and I ran the cleaner. In the Tools> Startup window I saw 2 entries with Chinese/Japanese/Korean characters, and I don't know whether I should delete them outright, or not.

 

I ran the anti-virus and it did not find anything 'suspicious'. Being an English [Australian] language machine setup, I am totally lost in this instance.

 

Can you please advise me what to do?????

 

Regards.

Hello Sampson,this is David.

Did you REBOOT?.Many people must think I am a Fanatic about REbooting but good basic practices help to avoid many strange things from occurring.

Have a look at this thread if that doesn't help.

http://forum.piriform.com/index.php?s=&amp...ost&p=93242

Of course they may have just come with the laptop software.HP and many others like to phone home 5 or 6 times a day.Who provided the software? Who made the associated hardware?

Good Luck,

davey

P.S. I am glad to find out that those are Chinese simplified characters and not the hard ones.

P.S.S. Hey Prince Charming !!! Make sure you understand your friends PC processing habits also.Cleaning up the friends PC can be risky business.I could give you some similar links but I won't.

Since it is already early tomorrow morning where you are,you probably won't see these replies for awhile.I would leave you friends entries alone and get us a thumbnail of that Startup list.There are people here who can Translate those entries for you.

Edited April 17, 2008 by davey

[hotdoge3]

Nero 7 I click it said Chinese all so in Windows > Service Pack > i386 > lang * for one]

[Augeas]

Sampson, try to get the executable address these entries point to (from the CC listing) and post them here, someone may know what they are.

 

As they are in the startup list they can quite easily be stopped by clicking on Start - Run - (enter msconfig in the box) - OK - which will bring up Sys Config. Tab to Startup and untick the two boxes relating to the unknown Chinese entries. You will need to reboot. Your pc will startup with a box saying someting like In Diagnositc Mode, do you want to continue? If all has booted up OK then say yes, and tick the Don't Show This Again box. Now continue using the pc. If some application doesn't work you can reinstate the startups by repeating the process and ticking the two startup boxes and rebooting again, but I doubt if this will be necessary.

 

Once you've found the exe address Google it and see what it says. If it is a pukka pgm then whether you leave it in the startup process is up to you. If it's something dangerous then report back here! Rgds.

[davey]

Nero 7 I click it said Chinese all so in Windows > Service Pack > i386 > lang * for one]

Hi HotDog,

I was just just about to recommend your Translation services.You seem to have a few different translators for you.Sometimes it is very basic translation and other times it seems to be excellent English.

Was that the Nero 7 referenced in that prior links Thumbnail.

We don't have a thumbnail from Sampson yet.

You may be on the right track.

davey

[Sampson]

Thanks to all for your suggestions and advice.

 

Now that I've collected myself, I should say that my friend does not have Nero installed, he did have to send his notebook away for 'Caterpillar' to install some software/manuals, so no one knows who used it and what they accessed.

 

What I can say is that I have deleted [and saved the Key from the Registry] it and have restarted the notebook several times and nothing seems to be wrong with it.

 

I am attaching a copy of that 'Key' for you to look at. In all my 30+ years in computing, I've never seen such an entry in the Registry!! The dashes/hyphens are the strange characters.

 

 

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="C:\\Program

Files\\Windows Sidebar\\sidebar.exe

/autoRun""捁牥吠畯r"="""捁牥吠畯⁲敒業摮牥"="㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e""ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe""MsnMsgr"="\"C:\\Program

Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background""DAEMON Tools

Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\"

-autorun""CCleaner"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\"

/AUTO"

 

Again, thanks to all and look forward to your remarks.

[Sampson]

Hello Sampson,this is David.

Did you REBOOT?.Many people must think I am a Fanatic about REbooting but good basic practices help to avoid many strange things from occurring.

Have a look at this thread if that doesn't help.

http://forum.piriform.com/index.php?s=&amp...ost&p=93242

Of course they may have just come with the laptop software.HP and many others like to phone home 5 or 6 times a day.Who provided the software? Who made the associated hardware?

Good Luck,

davey

P.S. I am glad to find out that those are Chinese simplified characters and not the hard ones.

P.S.S. Hey Prince Charming !!! Make sure you understand your friends PC processing habits also.Cleaning up the friends PC can be risky business.I could give you some similar links but I won't.

Since it is already early tomorrow morning where you are,you probably won't see these replies for awhile.I would leave you friends entries alone and get us a thumbnail of that Startup list.There are people here who can Translate those entries for you.

 

 

Davey.....You've hit it on the head with that link you suggested. The characters look identical, but the progs are different, of course. Also refer to my previous reply. Cheers to all.