MSConfig Spyware Profile

MsConfig should not be mistaken for the Windows process by the same name.  It is actually quite a malignant program.  It is also a Cool Web Search variant.

MsConfig has behaviors that match Trojan Backdoors, Rogue Security Tools, and Worms.  As a Trojan Backdoor, it allows access to your computer by remote users.  It takes control of several system processes, accesses your personal data, and disables certain services.

As a Rogue Security Tool, it disguises itself as the Windows MsConfig program, which can disable all running processes.  It also disables the real MsConfig and causes false security warnings.

As a Worm, it can replicate itself and spread across networks.

MsConfig is one of the most malicious programs out there.  It disguises itself as a legitimate Windows process.  You should ONLY use a trusted spyware removal tool such as ZookaWare PC Cleaner to remove it.

Also Known As:
MSConfig.exe, CWS.MSConfig,
Trojan.MSConfig.BHO and mscfg.dll

Associated Files:
MSCONFIG.EXE
NZZM.EXE
NZZM[n].EXE
DECRYPTED.EXE
84408825.DAT
SETUP2.EXE
SETUP.EXE
15883121.SVD
MSCONFIGJKHKJHK.EXE
91146436.EXE
36490911.BAT
UG 58.COM
DOCUMENT.DOC (30.5K) .COM
SVCHOST.EXE
PROGRAMS.EXE
DUY.EXE
CSRSS.EXE
NG 126.COM
UG 42.COM
INTERNAT.EXE
SHUTTER.EXE
WINRAR.EXE
EM 54.COM
NO 134.COM
LSASS.EXE
MICROSOFT VISUAL STUDIO_BUG.ZIP (30.5K) .COM
SPOOLSV.EXE
CTFMON.EXE
REGEDIT.EXE
SENDTO.EXE
KAV.EXE
START MENU.EXE
NT 139.COM
THE BEST IMPORTANT MEND OF MICROSOFT (30.5K) .COM
HM 88.COM
NOTEPAD.EXE
PROGRAM FILES.EXE
NV 141.COM
NW 142.COM
TASKMGR.EXE
N0 84.COM
WINDOWS.EXE
N2 86.COM
COMMON FILES.EXE
MF 51.COM
NQ 136.COM
N3 87.COM
CONIME.EXE
HM 72.COM
N5 89.COM
N7 91.COM
N8 92.COM
NA 94.COM
NC 96.COM
ND 97.COM
NF 99.COM
EF 43.COM
EF 111.COM
EM 94.COM
APPLICATION DATA.EXE
DESKTOP.EXE
MYPLAYCITY.EXE
STARTUP.BAT
REGEDIT32.COM
MYPLAYCITY.COM.EXE
NETMEETING.EXE
ONLINE SERVICES.EXE
WINLOGON.EXE
OUTLOOK EXPRESS.EXE
DEFAULT USER.EXE
NL 77.COM
PICC.EXE
RICHFX.EXE
RIGEL.EXE
VIDEOLAN.EXE
WINDOWS MEDIA CONNECT 2.EXE
WINDOWS MEDIA PLAYER.EXE
WINDOWS NT.EXE
INSTALL.EXE
NU 140.COM
MATLAB6P5.EXE
SONNY’S MUSIC.EXE
ACEZ JUMP START SCREEN SAVER 1.1.EXE
N1 85.COM
ANSWERWORKS 4.0.EXE
AUTOCAD 2007.EXE
N4 88.COM
MY GAMES.EXE
MY MUSIC.EXE
SMSS.EXE
MY PICTURES.EXE
MY VIDEOS.EXE
N6 90.COM
ALL USERS.EXE
N9 93.COM
LJ 87.COM
COMPLUS APPLICATIONS.EXE
NB 95.COM
CONDUIT.EXE
FARSTONE.EXE
FOXIT SOFTWARE.EXE
GABEST.EXE
GLOBETROTTER SOFTWARE INC.EXE
INCREDIFIND.EXE
INSTALLSHIELD INSTALLATION INFORMATION.EXE
NE 98.COM
INTERNET DOWNLOAD MANAGER.EXE
INTERNET EXPLORER.EXE
REGSVR32.EXE
ATI2EVXX.EXE
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesNetBTParameters TransportBindName
HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceslanmanserverparameters AutoShareWks value:
HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceslanmanserverparameters AutoShareServer value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters NameServer
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters ForwardBroadcasts value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters IPEnableRouter value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters Domain
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters SearchList
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters UseDomainNameDevolution value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters EnableICMPRedirect value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DeadGWDetectDefault value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DontAddDefaultGatewayDefault value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters EnableSecurityFilters value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters AllowUnqualifiedQuery value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters PrioritizeRecordData value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters TCP1320Opts value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters KeepAliveTime [REG_DWORD, value: 00023280]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters BcastQueryTimeout [REG_DWORD, value: 000002EE]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters BcastNameQueryCount value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters CacheTimeout [REG_DWORD, value: 0000EA60]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters Size/Small/Medium/Large value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters LargeBufferSize [REG_DWORD, value: 00001000]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters SynAckProtect value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters PerformRouterDiscovery value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters EnablePMTUBHDetect value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters FastSendDatagramThreshold [REG_DWORD, value: 00000400]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters StandardAddressLength [REG_DWORD, value: 00000018]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DefaultReceiveWindow [REG_DWORD, value: 00004000]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DefaultSendWindow [REG_DWORD, value: 00004000]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters BufferMultiplier [REG_DWORD, value: 00000200]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters PriorityBoost value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters IrpStackSize value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters IgnorePushBitOnReceives value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DisableAddressSharing value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters AllowUserRawAccess value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DisableRawSecurity value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DynamicBacklogGrowthDelta [REG_DWORD, value: 00000032]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters FastCopyReceiveThreshold [REG_DWORD, value: 00000400]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters LargeBufferListDepth value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters MaxActiveTransmitFileCount value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters MaxFastTransmit [REG_DWORD, value: 00000040]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters OverheadChargeGranularity value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters SmallBufferListDepth [REG_DWORD, value: 00000020]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters SmallerBufferSize [REG_DWORD, value: 00000080]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters TransmitWorker [REG_DWORD, value: 00000020]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DNSQueryTimeouts [REG_MULTI_SZ, value: “1”, size: 26 bytes]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DefaultRegistrationTTL [REG_DWORD, value: 00000014]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DisableReplaceAddressesInConflicts value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters DisableReverseAddressRegistrations value:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParameters UpdateSecurityLevel value:

Download Free Scan
ZookaWare runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select ZookaWare and click Uninstall.

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php