MSCONFIG – using Windows System Configuration Utility to diagnose computer

The Windows System Configuration Utility is started by typing “msconfig” into the RUN command box from your start menu.

 

MSconfig

You’ll need to resize the columns a lot. Microsoft didn’t make the System Configuration Utility windows resizable. Click on the column header labels and move the column to maximize the view of the command column.

From this view you can see the program command that are being executed every time the computer starts. Look for programs running from “temp” directories, from the root directory (C:\) and other odd locations. Unchecking them tells the computer to NOT run that particular command – it doesn’t uninstall the program. Reboot the computer and check here again, I’ve seen virus turning back ON those you just unchecked!

Now we’ll need the information you gathered from the Windows Task Manager – processes identified and not. We’ll also use the clues gathered from the Event Viewer about the errors in the application and system logs.

Turn off items here that you found running in the Task Manager. Look for programs causing errors in the Event Viewer – uncheck ’em.

Web browser toolbars are notorious – uncheck ’em. Uncheck program updaters, messaging programs (Instant Messenger, AIM, etc.), QuickTime, Google Updater and anything else you can start from a menu.

These are not your viruses (well, they may be in the list) but, we’re just trying to regain some performance.

If you can spot the offending culprit, uncheck it and remember the name of command/program. Resize the columns to bring the location column into view. This shows the location in the registry that the start command located – the RUN hive.

MSconfig

 

We’ll use the regedit utility to look into the registry hives running suspicious commands.

The SERVICES tab lists the Windows services that are running – antivirus, browser, disk manager, etc. Unchecking services here will disable startup when the computer reboots leaving the service running. Instead, we’ll manage the services using the Microsoft Management Console.

UPDATE (8/11) – most of the infections I’ve seen at my store lately leave few clues in these areas. The hackers know of these and can program their malware to not be visible in the Task Manager (hidden process) or prevent writing events to the Windows Logs. If you can spot it here, it’s a long-term infection.