In article <pw_Lb.848$(E-Mail Removed)>,
(E-Mail Removed) says...
>
>I have removed a virus from my PC (sorry, don't know which one). I
>uninstalled a load of spyware, cleaned up my system with everything I could,
>disabled System Restore (I have Windows XP) and ran a complete, updated
>virus check and everything seems OK now but I get a message at startup that
>windows can't find System32.exe. I know this is a file created by the virus
>but there is no reference to it in the usual places (eg Win.ini, Startup).
>However there is only one reference in the registry in
>HKey_LocalMachine/Software/Microsoft/Windows NT/CurrentVersion/Winlogon
>
>The right panel says
>
>Shell Reg_sz Explorer.exe C:\Windows\System32.exe
>
>I assume this is causing my startup message. Am I safe to delete this key?
>Or are there other things I should do first?
>
>Evi
****************** REPLY SEPARATER ***********************
Found this on a google search. Cannot verify the method, but system32.exe is
definitely not a system file on XP.
-------------------------------------------------------------------
Posted by Swaroop Kumar [find other messages by Swaroop Kumar]
system32.exe is a virus. To get rid of the problem... click
start>run>regedit.... go to
HKey_local_machine\software\microsoft\windowsNT\currentVersion\WinLogon.
On the right hand side you will find a value for SHELL "Explorer.exe
C:\WINDOWS\System32\System32.exe". Here..delete
"C:\WINDOWS\System32\System32.exe" so as to leave just Explorer.exe. Then boot
to the safemode and delete the file "C:\WINDOWS\System32\System32.exe". This
will remove the worm from the computer. Take care!
------------------------------------------------------------------
Similar Threads
