Not sure where I should ask this quastion so Im just gonna post it here...Yesterday I found a virus on my computer ant it told me ..In order to delete this virus I needed to go to my taskbar and end the procces of "system32.exe..So I did that and deleted the virus...But now when I start my computer I get this mesage telling me that "windows cannot locate system32.exe on my computer"

Any ideas on what I should do?

thanx

You need to remove the registry entries. Check here for instructions on how.

http://www.sophos.com/virusinfo/analyses/trojsdbotu.html

thanx .ill try that now.....

they were already removed..and I get the same problem again..It looks like the file was deleted or something...Is it possible if someone just sends me the file true msn and I just restore it into the folder??

thanx

and can this thing harm my computer?

Check in your start up folder on the desktop or open with msconfig and look at the start up what is your O/S .

sounds bad, this is one of the few times I would recommend a full reformat and reinstall of windows
next time always run a AV, and scan before you open things


using norton by chance, maybe its time to upgrade to a better AV
I like avg as resident sophos as a non-resident

MY pc is running smooth..No problems there..Its just that when I start the comp I get a pop up message telling me windown cannot locate system32.exe...


sounds bad, this is one of the few times I would recommend a full reformat and reinstall of windows
Is it that bad!?...what does this program do?? (system32)

Originally posted by far@14 November 2003 - 22:20
they were already removed..and I get the same problem again..It looks like the file was deleted or something...Is it possible if someone just sends me the file true msn and I just restore it into the folder??

thanx
You're not understanding what is happening mate.

system32.exe is either a Trojan Horse or a virus, you do not want it on your system.

So far you have rightly deleted this file, but there are registry entries still linking to it at start up. You need to delete them too. What was the name your anti virus gave you when it detected this? You say it advised you to delete the system32.exe file, what else did it tell you? Look in the AV scanners log, you'll find it in the options somewhere.

Try jv16 power tools (free- Google it) to view your registry and delete any references to this file.

Also, do an online scan such as that linked to you by muchspl. I wouldn't format and reinstall windows; there's probably no need.

I really cant remember the name of the virus..It didnt tell me to delete system32.exe..It told me to go to the task manager and end the procces of it in order to delete the virus.

Originally posted by muchspl2@14 November 2003 - 23:19
sounds bad, this is one of the few times I would recommend a full reformat and reinstall of windows
next time always run a AV, and scan before you open things


using norton by chance, maybe its time to upgrade to a better AV
I like avg as resident sophos as a non-resident
i got norton 2004 (or 2003 cant remember right now!) what resident and non resident?

Try jv16 power tools

I just installed this program and searched for system32 in the registry tools...And it found about 122 files...They look kinda important ..Should I delete them or not?

thanx

Just closing it in task manger wont delete the file, it'll only close the exe. You say that Windows reports that system32.exe is missing, so i guess your AV deleted the file.

What antivirus are you using? There will be a log file somewhere that will tell you what the virus is called. Once you have found that out, do a search at Symantecs site for instructions on how to clean the registry entries. If you're really lucky, there will be a removal tool but don't worry if there's not, just follow the instructions.

And make sure and do an online scan.

No to deleting all system32 files, it's system32.exe that is the dodgy one remember. Forget that and look for the virus log. ;)

Originally posted by 3223+15 November 2003 - 00:57--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (3223 @ 15 November 2003 - 00:57)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-muchspl2@14 November 2003 - 23:19
sounds bad, this is one of the few times I would recommend a full reformat and reinstall of windows
next time always run a AV, and scan before you open things


using norton by chance, maybe its time to upgrade to a better AV
I like avg as resident sophos as a non-resident
i got norton 2004 (or 2003 cant remember right now&#33;) what resident and non resident? [/b][/quote]
Resident = your local AV. Installed on your computer for realtime protection.

Non Resident = Online scan. This is important because some viri disable resident scanners, it&#39;s a second line of defense that may pick up something your resident misses.

All you need to know can be found here:-

http://www.klboard.ath.cx/index.php?showtopic=56265

Have you tried searching the registry for any "system32.exe" entries?
There have to be some left.

Aint got no virus log :( ..I did a online scan

Originally posted by LTJBukem+15 November 2003 - 01:05--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (LTJBukem @ 15 November 2003 - 01:05)</td></tr><tr><td id='QUOTE'>
Originally posted by 3223@15 November 2003 - 00:57
<!--QuoteBegin-muchspl2@14 November 2003 - 23:19
sounds bad, this is one of the few times I would recommend a full reformat and reinstall of windows
next time always run a AV, and scan before you open things


using norton by chance, maybe its time to upgrade to a better AV
I like avg as resident sophos as a non-resident
i got norton 2004 (or 2003 cant remember right now&#33;) what resident and non resident?
Resident = your local AV. Installed on your computer for realtime protection.

Non Resident = Online scan. This is important because some viri disable resident scanners, it&#39;s a second line of defense that may pick up something your resident misses.

All you need to know can be found here:-

http://www.klboard.ath.cx/index.php?showtopic=56265 [/b][/quote]
thnx. should i use Panda Active Scan or Symantec Security Scan & Virus Detection?

Have you tried searching the registry for any "system32.exe" entries?
There have to be some left.
I missed ur comment..But yes..I did that and nothing was found

isnt system32.exe needed by windows and if thats deleted you can get serious errors (i think :rolleyes: ) i would reinstall windows m8, it would be easier. Or you could just leave ur pc on 24.7 :D

I dont think its deleted...the system32 folder is there..But it doesnt appear in the task bar no more..

Originally posted by Marius24@15 November 2003 - 02:04
isnt system32.exe needed by windows and if thats deleted you can get serious errors (i think :rolleyes: ) i would reinstall windows m8, it would be easier.&nbsp; Or you could just leave ur pc on 24.7 :D
System32 is a folder in Windows, not a file. The file system32.exe doesn&#39;t exist.

@far
Open up msconfig (go to &#39;Start&#39; > &#39;Run&#39; type msconfig and click OK).
In the System.ini tab, expand [boot].
Are there any system32.exe references?

Johnny_B...None system32.exe references

bump

You could go to Start -> Run, and type in msconfig. Click the "startup" tab, and see if there&#39;s anything relating to it coming on at startup. If there is, uncheck it and reboot.

Try starting JV16 Power Tools. Select Registry tools then Starting Programs. Is there anything there you don&#39;t recognise?

It would be much easier if you would find the log file of your AV. What brand AV do you have that advised you of the virus in the first place? If you find the name of the virus, you can look up what registry entries you need to delete.

Mate if you&#39;re still geting the pop up error.System32.exe is still in the reg.

Start>run>regedit>edit>find "system32.exe".

Then delete all the entries.

Originally posted by far@15 November 2003 - 01:50

Have you tried searching the registry for any "system32.exe" entries?
There have to be some left.
I missed ur comment..But yes..I did that and nothing was found
;)

Originally posted by LTJBukem@15 November 2003 - 18:56
Try starting JV16 Power Tools. Select Registry tools then Starting Programs. Is there anything there you don&#39;t recognise?

It would be much easier if you would find the log file of your AV. What brand AV do you have that advised you of the virus in the first place? If you find the name of the virus, you can look up what registry entries you need to delete.
I found these files under starting programs...They are marked with red "nvmediacenter" and nvcpldeamon and they filename starts with c:/windows.system32

But it tells me it is most likely not safe to remove those programs <_<

ck-uk I did what u told me and I did find a system32.exe file and deleted it...But still I get the error when I start the pc..I also found a "system32" file but didnt remove it...Should I have done that??....when I do the same search now...the same folder doesnt come up...Now I dont remember in wich folder i Found the system32 file

The entries you found are your video drivers, and nvidia media player. Don&#39;t delete them.

What AV are you using? What AV are you using? What AV are you using? What AV are you using? What AV are you using? What AV are you using?:P There will be a log entry somewhere, if you find out what the virus/worm was called then you can find out where and what the registry entries are.

:)

I did a online scan ..I dont have any antivirus program on my pc curently

Mate i just googled this for you... it wasnt that hard to find either mate

Goto regedit again & find this folder

Hkey_local_Machine/software/microsoft/windows nt/current version/winlogon

Then on the right scroll down to "shell",under data it should read explorer.exe.

Right click shell,modify & delete everything after "explorer.exe.Which should be wins......system32.exe


If its still the same..

Originally posted by LTJBukem+15 November 2003 - 00:26--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (LTJBukem &#064; 15 November 2003 - 00:26)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-far@14 November 2003 - 22:20
they were already removed..and I get the same problem again..It looks like the file was deleted or something...Is it possible if someone just sends me the file true msn and I just restore it into the folder??

thanx
You&#39;re not understanding what is happening mate.

system32.exe is either a Trojan Horse or a virus, you do not want it on your system.

So far you have rightly deleted this file, but there are registry entries still linking to it at start up. You need to delete them too. What was the name your anti virus gave you when it detected this? You say it advised you to delete the system32.exe file, what else did it tell you? Look in the AV scanners log, you&#39;ll find it in the options somewhere.

Try jv16 power tools (free- Google it) to view your registry and delete any references to this file.

Also, do an online scan such as that linked to you by muchspl. I wouldn&#39;t format and reinstall windows; there&#39;s probably no need. [/b][/quote]

Edit:

Coment Removed by RF....... if you cant post constructively, then dont post <_<

what was the point of being offensive? maybe edit your post?

Edit:

.hack quote removed by RF....see above.

thanks RF&#33;

Originally posted by .hack+15 November 2003 - 21:47--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (.hack &#064; 15 November 2003 - 21:47)</td></tr><tr><td id='QUOTE'>
Originally posted by LTJBukem@15 November 2003 - 00:26
<!--QuoteBegin-far@14 November 2003 - 22:20
they were already removed..and I get the same problem again..It looks like the file was deleted or something...Is it possible if someone just sends me the file true msn and I just restore it into the folder??

thanx
You&#39;re not understanding what is happening mate.

system32.exe is either a Trojan Horse or a virus, you do not want it on your system.

So far you have rightly deleted this file, but there are registry entries still linking to it at start up. You need to delete them too. What was the name your anti virus gave you when it detected this? You say it advised you to delete the system32.exe file, what else did it tell you? Look in the AV scanners log, you&#39;ll find it in the options somewhere.

Try jv16 power tools (free- Google it) to view your registry and delete any references to this file.

Also, do an online scan such as that linked to you by muchspl. I wouldn&#39;t format and reinstall windows; there&#39;s probably no need.

Edit:

Comment Removed by RF....... if you cant post constructively, then dont post <_<[/b][/quote]
It is a virus thou mate.

Type "system32.exe"in the search box.

http://search.symantec.com/custom/us/query.html

Originally posted by ck-uk@15 November 2003 - 21:10
Mate i just googled this for you... it wasnt that hard to find either mate

Goto regedit again & find this folder

Hkey_local_Machine/software/microsoft/windows nt/current version/winlogon

Then on the right scroll down to "shell",under data it should read explorer.exe.

Right click shell,modify & delete everything after "explorer.exe.Which should be wins......system32.exe


If its still the same..
Mate..I did everything u told me..I found the shell file and I modified it..Now...Do u want me to delete the shell file or some other files??

Erm.... Did i miss something? :lol:

I&#39;m guessing he was saying something along the lines of .......... system32.exe is not a virus you ..........

Well .hack, i&#39;m sorry but you&#39;re wrong.

:lol:

Originally posted by LTJBukem@15 November 2003 - 22:22
Erm.... Did i miss something? :lol:

I&#39;m guessing he was saying something along the lines of .......... system32.exe is not a virus you ..........

Well .hack, i&#39;m sorry but you&#39;re wrong.

:lol:
well your right but it was rather more offensive

Yeah, i kinda thought that it would have been. :lol:

:)

Originally posted by far@15 November 2003 - 22:11
Mate..I did everything u told me..I found the shell file and I modified it..Now...Do u want me to delete the shell file or some other files??
I thought you said you searched the registry and didn&#39;t find anything with &#39;system32.exe&#39;?
Didn&#39;t you use the search function in regedit (&#39;Edit&#39; > &#39;Find...&#39;) and searched for &#39;system32.exe&#39;? :huh:

Anyway, it doesn&#39;t matter now.
Just edit the registry entry that ck-uk pointed out, so that it only shows &#39;explorer.exe&#39;. Close regedit and reboot.
The irritating popup should be gone now. ;)

I searched the registry in the jw power tools..and didnt find anything there....

U want me to delete the shell entry right??..I tried that now but didnt find a way to do it..Please explain how to do this?

thanx

Originally posted by far@15 November 2003 - 23:09
I searched the registry in the jw power tools..and didnt find anything there....

U want me to delete the shell entry right??..I tried that now but didnt find a way to do it..Please explain how to do this?

thanx
No, don&#39;t delete "shell".
You just need to modify the value data (right-click on "Shell" and choose &#39;Modify&#39;) so that it only reads &#39;explorer.exe&#39;.
If you have already done this, you can close regedit.
Reboot your computer and see if the popup is gone.

damn..I already deleted the shell :unsure: but the pop up thing is gone..Am I in trouble? :unsure: