Malware and slow bootup

One of my concerns when it comes to my computers is the bootup time. Sometimes when I have borrowed other people's computers (particularly laptops, it seems) I experience devices that use several minutes to boot up and load Windows. I don't know why this annoys me so much, but I guess the combination of impatience and seeing a poorly maintained system might be the reason. Bootup isn't supposed to take that long, and it can be a sign of an overfilled harddrive or that something is wrong with the installation.

My IBM T43 has always had a fairly quick bootup, and I have always made sure to take actions if any changes I do seem to affect the bootup time. If it does, I take a quick peek into msconfig/startup to see if some strange process is suddenly added to the list. So far, the thing that has affected the bootup time the most is actually my AVG antivirus. Especially the upgrades to newer versions. But I guess that's the price to pay for being up to date. New antivirus applications are created to take advantage of newer computers’ increased processing capabilities, to offer the best possible protection. Which means that older computers, like my T43, get a harder time dealing with these applications.

But I shouldn't complain. It only takes 70 seconds from I push the button and turn the T43 on, until I see my desktop with the icons. When my XP installation was new it did the same in between 40 and 50 seconds, but after going through a whole bunch of upgrades, installations and uninstallations during 3 years, 70 seconds is still not too bad.

So what happened last weekend really gave me a headache for a while...

My wife was using the T43, when she suddenly lost internet access. It later turned out that our Packet8 phone modem caused that, but we didn't know that then. Jenn does IT support and computer troubleshooting for a living, so she knows what she's doing, but this time she had to deal with a computer that had menus in norwegian. So instead of disconnecting from the wireless network, she ended up disabling the T43’s wireless card. It took me a while before I figured out why I couldn't see my wireless connections anymore, but I got it enabled again and did a reboot. Then I suddenly noticed that the T43 took forever to reboot. Between 2 and 3 minutes would be my estimate. Wow, what had happened?

Usually, the root cause of a problem is the most recent change you have done to the system. Could a bad driver cause Windows to look for my wireless card as a missing hardware component? After trying to update the driver, I realized that could not be the case. So I took a quick peek into msconfig/Startup, and noticed there were a couple of new entries there. Most of the names doesn’t really explain much, so I did an online search for all of them. A site that returned good search results was bleepingcomputers.com, and I indetified two entries as “Undesireable programs” . These two were ld08 and mstre18, pointing to the ld08.exe and mstre18.exe files in the C:\Windows folder. The ld08 is described as a Trojan that displays fake antivirus messages.

The actual .exe files were no longer in the Windows folder, so I have no idea if they have ever been there at all. I suspect they have been there at one point, even though I have never had problems with fake antivirus popups. But as soon as I unhooked these two startup items, bootup was back to it’s old, and maybe even slightly faster than it’s been for the last two months or so. Windows apparently spent time looking for these two files, and that caused the slow bootup.

If you are curious, and want to check this on your own computer, the Startup Items menu is found by opening Run (Kjør), and running the commando msconfig. The window named System Configuration Utility will appear, and you select the tab Startup. My startup list contains 39 items, of which 8 are now disabeled. But be very careful! Some of these are processes needed to make your computer and operating system work. So make sure to do a search, with the search text msconfig, followed by the name from the column Startup Item. An example of a search term from my computer is “msconfig syntplpr”. SynTPLpr is a process needed to make the T43’s touchpad work, so this can not be disabeled. In my case, the search results from bleepingcomputer.com gave me the answers what the items were, and if they should be disabeled or not.


Bjørn Sveigdalen