View Full Version : System32.exe XP? is this a virus
Taj
December 5th 03, 07:39 PM
Previous post i wrote:
"When starting the PC to the desktop screen a message box
titled "C:\WINDOWS\System32\system32.exe" appears saying:
"Windows cannot find 'C:\WINDOWS\System32\system32.exe'.
Make sure you typed the name correctly, and then try
again. To search for a file, click the Strt button, and
then click Search."
I then have the option of clicking "OK". This occurs
everytime at start up now even though i don't remember
making a search for that file and i don't reme,ber
deleting it at anypoint."
Well a guy named Earl said this may be
a "W95.Smoker.Worm@mm" virus. I have some questions:
1)Reputable antivirus sites say this type of virus uses
the system32.exe file to start itself. I have been told
XP doesn't have a system32.exe file. Does this mean i
have the virus or not since the key file for the virus to
work isnt on XP. I think this virus was meant for
previous windows that had the system32.exe file.
2)There are many similar but DIFFERNT viruses like this
with different methods of removal involving the Registry
Keys. Since im not even sure if i have the virus should i
bother to follow the antivirus removal instructions.
3)If i should go through with removal- how do i choose
which type of virus i have. since the virus has not
executed properly (no system32.exe file-hence the reason
for the message at startup), i cannot tell what the
symptoms are . If i cant see the symptoms i cant identify
what virus type i have, therfore i dont know how to
remove it. HOWEVER like i say, there seems to be no
symptoms other than this startup message box which
implies the virus hasnt actually exectued yet , in which
case....
4) is there a way to remove the message that i recieve at
startup
PHEW ! thanks for reading this far! lets see whos the
first to understand this one.....
Taj
Earl F. Parrish
December 5th 03, 07:39 PM
"Taj" > wrote in message
...
> Previous post i wrote:
>
> "When starting the PC to the desktop screen a message box
> titled "C:\WINDOWS\System32\system32.exe" appears saying:
>
> "Windows cannot find 'C:\WINDOWS\System32\system32.exe'.
> Make sure you typed the name correctly, and then try
> again. To search for a file, click the Strt button, and
> then click Search."
>
> I then have the option of clicking "OK". This occurs
> everytime at start up now even though i don't remember
> making a search for that file and i don't reme,ber
> deleting it at anypoint."
>
> Well a guy named Earl said this may be
> a "W95.Smoker.Worm@mm" virus. I have some questions:
>
> 1)Reputable antivirus sites say this type of virus uses
> the system32.exe file to start itself. I have been told
> XP doesn't have a system32.exe file. Does this mean i
> have the virus or not since the key file for the virus to
> work isnt on XP. I think this virus was meant for
> previous windows that had the system32.exe file.
>
> 2)There are many similar but DIFFERNT viruses like this
> with different methods of removal involving the Registry
> Keys. Since im not even sure if i have the virus should i
> bother to follow the antivirus removal instructions.
>
> 3)If i should go through with removal- how do i choose
> which type of virus i have. since the virus has not
> executed properly (no system32.exe file-hence the reason
> for the message at startup), i cannot tell what the
> symptoms are . If i cant see the symptoms i cant identify
> what virus type i have, therfore i dont know how to
> remove it. HOWEVER like i say, there seems to be no
> symptoms other than this startup message box which
> implies the virus hasnt actually exectued yet , in which
> case....
>
> 4) is there a way to remove the message that i recieve at
> startup
>
> PHEW ! thanks for reading this far! lets see whos the
> first to understand this one.....
>
> Taj
The guy named Earl say that worms and virus often give themselves
names similar to authentic Windows files to discourage people from
deleting them or they place them in a different folder from the
authentic file with the same name. Some of the favorite names have
"system" or "32" somewhere in the name. One worm is called
"Iexplorer.Exe" while the authentic file is called "Iexplore.Exe."
Many people would have deleted the authentic file and kept the fake
if they could.
You can go to http://www.vtoy.fi/jv16/shtml/software.shtml and
download RegCleaner 4.3 which makes it easier to remove lines in the
Registry. It also backs up the delete in case you make a mistake.
--
Earl F. Parrish
Taj
December 5th 03, 07:39 PM
lol! thanks again Earl. What are the chances! lol
okay so if i go to that reg clear place u said then the
message will sop popping up at startup?
>-----Original Message-----
>
>"Taj" > wrote in message
...
>> Previous post i wrote:
>>
>> "When starting the PC to the desktop screen a message
box
>> titled "C:\WINDOWS\System32\system32.exe" appears
saying:
>>
>> "Windows cannot find 'C:\WINDOWS\System32
\system32.exe'.
>> Make sure you typed the name correctly, and then try
>> again. To search for a file, click the Strt button, and
>> then click Search."
>>
>> I then have the option of clicking "OK". This occurs
>> everytime at start up now even though i don't remember
>> making a search for that file and i don't reme,ber
>> deleting it at anypoint."
>>
>> Well a guy named Earl said this may be
>> a "W95.Smoker.Worm@mm" virus. I have some questions:
>>
>> 1)Reputable antivirus sites say this type of virus uses
>> the system32.exe file to start itself. I have been told
>> XP doesn't have a system32.exe file. Does this mean i
>> have the virus or not since the key file for the virus
to
>> work isnt on XP. I think this virus was meant for
>> previous windows that had the system32.exe file.
>>
>> 2)There are many similar but DIFFERNT viruses like this
>> with different methods of removal involving the
Registry
>> Keys. Since im not even sure if i have the virus
should i
>> bother to follow the antivirus removal instructions.
>>
>> 3)If i should go through with removal- how do i choose
>> which type of virus i have. since the virus has not
>> executed properly (no system32.exe file-hence the
reason
>> for the message at startup), i cannot tell what the
>> symptoms are . If i cant see the symptoms i cant
identify
>> what virus type i have, therfore i dont know how to
>> remove it. HOWEVER like i say, there seems to be no
>> symptoms other than this startup message box which
>> implies the virus hasnt actually exectued yet , in
which
>> case....
>>
>> 4) is there a way to remove the message that i recieve
at
>> startup
>>
>> PHEW ! thanks for reading this far! lets see whos the
>> first to understand this one.....
>>
>> Taj
>
>The guy named Earl say that worms and virus often give
themselves
>names similar to authentic Windows files to discourage
people from
>deleting them or they place them in a different folder
from the
>authentic file with the same name. Some of the favorite
names have
>"system" or "32" somewhere in the name. One worm is
called
>"Iexplorer.Exe" while the authentic file is
called "Iexplore.Exe."
>Many people would have deleted the authentic file and
kept the fake
>if they could.
>
>You can go to
http://www.vtoy.fi/jv16/shtml/software.shtml and
>download RegCleaner 4.3 which makes it easier to remove
lines in the
>Registry. It also backs up the delete in case you make
a mistake.
>
>--
>Earl F. Parrish
>
>.
>
Doug Knox MS-MVP
December 5th 03, 07:39 PM
This is not a Windows file. The command to run it is a left over remnant
from a virus.
http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.c.worm.html
For automated removal of the remnants of this virus, see www.dougknox.com,
Win XP Fixes, Clean KWBot.Worm Registry Entries.
--
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Associate Expert
ExpertZone - http://www.microsoft.com/windowsxp/expertzone
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
"Taj" > wrote in message
...
> lol! thanks again Earl. What are the chances! lol
>
> okay so if i go to that reg clear place u said then the
> message will sop popping up at startup?
>
> >-----Original Message-----
> >
> >"Taj" > wrote in message
> ...
> >> Previous post i wrote:
> >>
> >> "When starting the PC to the desktop screen a message
> box
> >> titled "C:\WINDOWS\System32\system32.exe" appears
> saying:
> >>
> >> "Windows cannot find 'C:\WINDOWS\System32
> \system32.exe'.
> >> Make sure you typed the name correctly, and then try
> >> again. To search for a file, click the Strt button, and
> >> then click Search."
> >>
> >> I then have the option of clicking "OK". This occurs
> >> everytime at start up now even though i don't remember
> >> making a search for that file and i don't reme,ber
> >> deleting it at anypoint."
> >>
> >> Well a guy named Earl said this may be
> >> a "W95.Smoker.Worm@mm" virus. I have some questions:
> >>
> >> 1)Reputable antivirus sites say this type of virus uses
> >> the system32.exe file to start itself. I have been told
> >> XP doesn't have a system32.exe file. Does this mean i
> >> have the virus or not since the key file for the virus
> to
> >> work isnt on XP. I think this virus was meant for
> >> previous windows that had the system32.exe file.
> >>
> >> 2)There are many similar but DIFFERNT viruses like this
> >> with different methods of removal involving the
> Registry
> >> Keys. Since im not even sure if i have the virus
> should i
> >> bother to follow the antivirus removal instructions.
> >>
> >> 3)If i should go through with removal- how do i choose
> >> which type of virus i have. since the virus has not
> >> executed properly (no system32.exe file-hence the
> reason
> >> for the message at startup), i cannot tell what the
> >> symptoms are . If i cant see the symptoms i cant
> identify
> >> what virus type i have, therfore i dont know how to
> >> remove it. HOWEVER like i say, there seems to be no
> >> symptoms other than this startup message box which
> >> implies the virus hasnt actually exectued yet , in
> which
> >> case....
> >>
> >> 4) is there a way to remove the message that i recieve
> at
> >> startup
> >>
> >> PHEW ! thanks for reading this far! lets see whos the
> >> first to understand this one.....
> >>
> >> Taj
> >
> >The guy named Earl say that worms and virus often give
> themselves
> >names similar to authentic Windows files to discourage
> people from
> >deleting them or they place them in a different folder
> from the
> >authentic file with the same name. Some of the favorite
> names have
> >"system" or "32" somewhere in the name. One worm is
> called
> >"Iexplorer.Exe" while the authentic file is
> called "Iexplore.Exe."
> >Many people would have deleted the authentic file and
> kept the fake
> >if they could.
> >
> >You can go to
> http://www.vtoy.fi/jv16/shtml/software.shtml and
> >download RegCleaner 4.3 which makes it easier to remove
> lines in the
> >Registry. It also backs up the delete in case you make
> a mistake.
> >
> >--
> >Earl F. Parrish
> >
> >.
> >
Taj
December 5th 03, 07:40 PM
Ok Doug! Did all that you said - went to the norton
website but decided to just use your cleaning tool (nice
site!). ok then i turned off system retore and then put
it back on.
now after all that - has that virus left my computer for
good? no left over files?
another thing what damage does it do (antivirus sites are
vague) and now that i used you cleaning tool - has all
the damage been repaired?
>-----Original Message-----
>This is not a Windows file. The command to run it is a
left over remnant
>from a virus.
>
>http://securityresponse.symantec.com/avcenter/venc/data/w
32.kwbot.c.worm.html
>
>For automated removal of the remnants of this virus, see
www.dougknox.com,
>Win XP Fixes, Clean KWBot.Worm Registry Entries.
>
>--
>Doug Knox, MS-MVP Windows XP/ Windows Smart Display
>Win 95/98/Me/XP Tweaks and Fixes
>http://www.dougknox.com
>--------------------------------
>Associate Expert
>ExpertZone -
http://www.microsoft.com/windowsxp/expertzone
>--------------------------------
>Please reply only to the newsgroup so all may benefit.
>Unsolicited e-mail is not answered.
>
>"Taj" > wrote in message
...
>> lol! thanks again Earl. What are the chances! lol
>>
>> okay so if i go to that reg clear place u said then the
>> message will sop popping up at startup?
>>
>> >-----Original Message-----
>> >
>> >"Taj" > wrote in message
>> ...
>> >> Previous post i wrote:
>> >>
>> >> "When starting the PC to the desktop screen a
message
>> box
>> >> titled "C:\WINDOWS\System32\system32.exe" appears
>> saying:
>> >>
>> >> "Windows cannot find 'C:\WINDOWS\System32
>> \system32.exe'.
>> >> Make sure you typed the name correctly, and then try
>> >> again. To search for a file, click the Strt button,
and
>> >> then click Search."
>> >>
>> >> I then have the option of clicking "OK". This occurs
>> >> everytime at start up now even though i don't
remember
>> >> making a search for that file and i don't reme,ber
>> >> deleting it at anypoint."
>> >>
>> >> Well a guy named Earl said this may be
>> >> a "W95.Smoker.Worm@mm" virus. I have some questions:
>> >>
>> >> 1)Reputable antivirus sites say this type of virus
uses
>> >> the system32.exe file to start itself. I have been
told
>> >> XP doesn't have a system32.exe file. Does this mean
i
>> >> have the virus or not since the key file for the
virus
>> to
>> >> work isnt on XP. I think this virus was meant for
>> >> previous windows that had the system32.exe file.
>> >>
>> >> 2)There are many similar but DIFFERNT viruses like
this
>> >> with different methods of removal involving the
>> Registry
>> >> Keys. Since im not even sure if i have the virus
>> should i
>> >> bother to follow the antivirus removal instructions.
>> >>
>> >> 3)If i should go through with removal- how do i
choose
>> >> which type of virus i have. since the virus has not
>> >> executed properly (no system32.exe file-hence the
>> reason
>> >> for the message at startup), i cannot tell what the
>> >> symptoms are . If i cant see the symptoms i cant
>> identify
>> >> what virus type i have, therfore i dont know how to
>> >> remove it. HOWEVER like i say, there seems to be no
>> >> symptoms other than this startup message box which
>> >> implies the virus hasnt actually exectued yet , in
>> which
>> >> case....
>> >>
>> >> 4) is there a way to remove the message that i
recieve
>> at
>> >> startup
>> >>
>> >> PHEW ! thanks for reading this far! lets see whos
the
>> >> first to understand this one.....
>> >>
>> >> Taj
>> >
>> >The guy named Earl say that worms and virus often give
>> themselves
>> >names similar to authentic Windows files to discourage
>> people from
>> >deleting them or they place them in a different folder
>> from the
>> >authentic file with the same name. Some of the
favorite
>> names have
>> >"system" or "32" somewhere in the name. One worm is
>> called
>> >"Iexplorer.Exe" while the authentic file is
>> called "Iexplore.Exe."
>> >Many people would have deleted the authentic file and
>> kept the fake
>> >if they could.
>> >
>> >You can go to
>> http://www.vtoy.fi/jv16/shtml/software.shtml and
>> >download RegCleaner 4.3 which makes it easier to
remove
>> lines in the
>> >Registry. It also backs up the delete in case you
make
>> a mistake.
>> >
>> >--
>> >Earl F. Parrish
>> >
>> >.
>> >
>
>
>.
>
vBulletin® v3.6.4, Copyright ©2000-2012, Jelsoft Enterprises Ltd.