Tech Support banner

Status
Not open for further replies.
1 - 13 of 13 Posts

·
Registered
Joined
·
178 Posts
Discussion Starter #1
I have 2 other user accounts(siblings) on my computer. On my little sisters acount, an application crashes(Winstart.exe) on start up. I checked the event viewer, and it only happens on her account. Does anyone know what the problem/solution is? I am attaching pictures of the crash.
 

Attachments

·
Citizen of the world
Joined
·
51,042 Posts
If it only happens on one account, and the same application runs on other accounts, my guess is that some settings have gotten corrupted in her user account. You might try establishing a new account for her and see if you can then run the application successfully.
 

·
Registered
Joined
·
9 Posts
Also there maybe some incoming or out going mail that is corrupted in the user account like John says. I seen it before, you may try going into your servers website and retrieve her mail from there and delete it than try it......
 

·
Registered
Joined
·
178 Posts
Discussion Starter #5 (Edited)
She uses aol for her email(I dont have aol, she just uses it for her email). Does accessing aol mail directly affect my computer? I don't use Outlook or any other email program. She goes to aol for her mail, and I use Yahoo for mine. Yea, I thought it was weird that it only happens on that account. I'll try deleting the acount and recreating it. She doesn't have any important files worth backing up or moving into folders anyway. Thanks, Ill post if it happens after the recreation of the account. By the way does anyone know what Winstart is used for, sounds important. Actually i think the actual file name is Winstart001.exe.
 

·
Citizen of the world
Joined
·
51,042 Posts
I avoid AOL like the plague, so I don't know much about it. I'm also not interested in learning about it. :D

As far as WINSTART, I have no idea what it is, I was thinking of asking you what it was. :D It doesn't appear on my machine, so I'm thinking it's been added by some application or virus. You might want to find out what folder the file is in and attempt to find out what it really is.
 

·
Registered
Joined
·
178 Posts
Discussion Starter #7
Well I deleted and recreated the acount and everything is fine, so far. Winstart001 is in C:\WINDOWS\system folder along with 21 .dll files. I double-clicked on the icon, the timer by the mouse was there for a second and went away. Thats all that happened so I still have no clue what it is for. I tried looking on the internet and still haven't found out yet. I'll try harder to find out what it is and why it crashed on startups so I dont have to keep recreating accounts if it happens again.

I stay away from aol also. A friend of my family has aol and put her on their aol account so she could get email from aol. This was before I put my computer together a year ago.
 

·
Registered
Joined
·
178 Posts
Discussion Starter #8
OK I think I found out what it is but I dont know why it is in my system folder. It is from IGetNet and I have no idea how it got on my computer. I think I have to edit the registry(which I have never done before) to remove it. This is what I found:

Description
IGetNet is a keyword-search service implemented as an IE Browser Helper Object and a process run at Windows start-up (WinStart.exe) which writes to the Hosts file, so that every time you try to contact MSN or Netscape's search sites you are re-routed though IGetNet's servers (ignkeywords.com, rspsearch.com).

Their server checks to see whether your search includes a keyword they have sold to one of their advertisers, and if so redirects you to that site. If not they forward you to a search engine, either the real MSN/Netscape Search or searchresult.net.

Variants
IGetNet/v4: original variant, installs files 'BHO.DLL', 'rsp.dll' and 'Winstart.exe' into the 'System' folder in the Windows folder.

IGetNet/v5: works the same as v4, but the files are now called 'BHO001.DLL', 'rsp001.dll' and 'Winstart001.exe' and they use new class IDs internally. You can tell if you have v5 as new IE windows will show the text 'Enter Keyword or Web Address here' in the address bar.

Distribution
Bundled with P2P apps and software downloaded from 'Blue Haven Media', also installed by the FavoriteMan parasite. May also be installed by ActiveX drive-by-download on pop-up adverts.

What it does
Advertising
No, other than unexpected redirects to advertiser sites when searching from the address bar.

Privacy violation
No.

Security issues
No.
 

·
Citizen of the world
Joined
·
51,042 Posts
I'm not surprised that it turned out to be malware. :rolleyes:

I'd download SpyBot Search-n-Destroy and let it clean things out for you.
 

·
Registered
Joined
·
178 Posts
Discussion Starter #10
I have no idea how it got on my computer. I make sure that no one downloads anything on my computer. I am the only one that does download and don't remember coming across it. Ill try SpyBot cause I don't feel like messing with the registry. Thanks.
 

·
Registered
Joined
·
178 Posts
Discussion Starter #11
OK, that IGetNet crap is back on. I have been the only one on the computer and I haven't downloaded anything or seen anything that would put that on my computer. Does anyone know why it keeps coming back? I use Spybot to get rid of it, but it just comes back. It is irritating me like poison ivy.
 

·
Citizen of the world
Joined
·
51,042 Posts
You are obviously going to a site that is sending it to you. I'd carefully visit any suspect sites, one-at-a-time, and run SpyBot between each different site visit. You'll know when you hit the site that's sending you the present. :)
 

·
Registered
Joined
·
178 Posts
Discussion Starter #13 (Edited)
OK, I fixed the problem. I had to open a command prompt and input this:

regsvr32 /u BHO001.DLL
regsvr32 /u rsp001.dll

Then remove the Winstart001.exe from startup using msconfig(I forgot to do that before, so everytime the computer was started, that crap was on my computer). Then restarted the computer, deleted BHO001.DLL, rsp001.dll, Winstart001.exe files. Then I ran Search n Destroy which cleaned up the rest of the crap in the registry. I rebooted and everything is fine.
 
1 - 13 of 13 Posts
Status
Not open for further replies.
Top