Anybody else get res://C:\WINDOWS\system32\nusrmgr.cpl/nusrmgr.hta script error showing up on winxp sp2 when trying to open the user accounts in control panel?
+ Reply to Thread
Results 1 to 15 of 15
I think,therefore i am a hamster.
ANYTHING with res:// at the beginning is SPYWARE.
Download a program called Hijackthis and you'll see exactly where it is on your computer.
Hell...I was even somewhat afraid to click this thread. I've dealt with that RES crap before. Don't rely on Adaware(?) or Spybot alone either.
These guys are back up and running as well.
Post your log from Hijackthis in the appropriate spot on the message board...explain that you have tried Spybot and Adaware(?)...in other words follow the instructions on the website carefully...and someone will be along to help you remove it....if you don't know how already.
Ive scrubbed my puter to find that line but no success.
Logfile of HijackThis v1.96.0
Scan saved at 8:12:11 AM, on 28/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Hijackthis log file
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiI think,therefore i am a hamster.
Is that the entire log?
Yup,entire file,i keep my system running with least amount of crap,just cant find that line.I think,therefore i am a hamster.
I tried CWShredder but no help,i do this type of repair for customers but this one is my own system and it is well hidden.I can get into my user accounts if i click again and this problem is intermittent in that it doesnt happen all the time.I think,therefore i am a hamster.
I'm pretty computer stupid...it took me a while to get rid of that RES crap....but mine was also visable on my Hijackthis log. I say also because it WAS hidden in another entry of the log where RES did not show up in writing.
Try a Google search on those .exe's and see what comes up.
This is the closest i got to an answer:
I'm an OEM builder and have noticed this only occurs with XP's Servicepack2 installed, I've seen the problem vanish when uninstalling SP2 (obviously not an acceptable solution) so IMHO I believe its somehow tied to changes SP2 makes to the operating system. I'm able to reproduce the error by quickly double clicking on the picture in the start menu aswell. as yet my MS rep hasnt heard anything from his techs about a possible solution because the script error does not produce the standard error report they're used to working with. Just my 2 cents.
If i turn on script debugging i get this error:
A runtime error has occurred,do you wish to debug?
Error:access is denied.I think,therefore i am a hamster.
Like I said...I'm no expert but....that RES crap had my computer tied up for DAYS. It's main objective on my system was to hijack my IE Start Page. If it is not doing that on your machine....the "infection" may just be sitting there somewhere useless because SP2 has plugged the holes...so to speak?
I have the SP2 CD here....but have not installed it yet....too chicken..
Here's a site that wasn't around when my computer was acting up:
Well i deleted my winxp sp2 partition and reinstalled winxsp2 and sure enough i got the same error opening users account and didnt even go on the net so installed winxpsp1 and no error so it never was a virus or trojan or pest program,proly athlon64 incompatibilty with sp2.
Res isnt a virus command alone,its just a script pointer to the path.I think,therefore i am a hamster.
"Like I said...I'm no expert but....that RES crap had my computer tied up for DAYS. It's main objective on my system was to hijack my IE Start Page. If it is not doing that on your machine....the "infection" may just be sitting there somewhere useless because SP2 has plugged the holes...so to speak?"
I had the same problem (sort of). I ran adaware and found I had several infections, which I promptly deleted. After this, everytime I would restart I would get these same things back. I tried removing them from startup in MSCONFIG but to no avail. After puzzling over where these files could be starting from, I checked the Prefetch folder and BOOYAA!!!! all of the .exe files for these little pieces of spyware/adware were in there. After deleting them from prefetch, I never had a problem again.