removing system32.exe from registry

I have removed a virus from my PC (sorry, don't know which one). I
uninstalled a load of spyware, cleaned up my system with everything I could,
disabled System Restore (I have Windows XP) and ran a complete, updated
virus check and everything seems OK now but I get a message at startup that
windows can't find System32.exe. I know this is a file created by the virus
but there is no reference to it in the usual places (eg Win.ini, Startup).
However there is only one reference in the registry in
HKey_LocalMachine/Software/Microsoft/Windows NT/CurrentVersion/Winlogon

The right panel says

Shell Reg_sz Explorer.exe C:\Windows\System32.exe

I assume this is causing my startup message. Am I safe to delete this key?
Or are there other things I should do first?

Evi

In article <pw_Lb.848$Ez4.565@newsfep1-gui.server.ntli.net>,
jimbob4evaSpamTrap@hotmail.com says...
>
>I have removed a virus from my PC (sorry, don't know which one). I
>uninstalled a load of spyware, cleaned up my system with everything I could,
>disabled System Restore (I have Windows XP) and ran a complete, updated
>virus check and everything seems OK now but I get a message at startup that
>windows can't find System32.exe. I know this is a file created by the virus
>but there is no reference to it in the usual places (eg Win.ini, Startup).
>However there is only one reference in the registry in
>HKey_LocalMachine/Software/Microsoft/Windows NT/CurrentVersion/Winlogon
>
>The right panel says
>
>Shell Reg_sz Explorer.exe C:\Windows\System32.exe
>
>I assume this is causing my startup message. Am I safe to delete this key?
>Or are there other things I should do first?
>
>Evi
****************** REPLY SEPARATER ***********************
Found this on a google search. Cannot verify the method, but system32.exe is
definitely not a system file on XP.
-------------------------------------------------------------------
Posted by Swaroop Kumar [find other messages by Swaroop Kumar]

system32.exe is a virus. To get rid of the problem... click
start>run>regedit.... go to
HKey_local_machine\software\microsoft\windowsNT\currentVersion\WinLogon.

On the right hand side you will find a value for SHELL "Explorer.exe
C:\WINDOWS\System32\System32.exe". Here..delete
"C:\WINDOWS\System32\System32.exe" so as to leave just Explorer.exe. Then boot
to the safemode and delete the file "C:\WINDOWS\System32\System32.exe". This
will remove the worm from the computer. Take care!
------------------------------------------------------------------

On Sat, 10 Jan 2004 21:54:26 -0000, Jimbob <jimbob4evaSpamTrap@hotmail.com> wrote:

> virus check and everything seems OK now but I get a message at startup that
> windows can't find System32.exe. I know this is a file created by the virus

Google is your friend<G>!

According to http://www.liutilities.com/products...brary/system32/
it's safe to delete the registry key.

Regards, Dave Hodgins

--
Change nomail.afraid.org to rogers.com to reply by email.
(nomail.afraid.org has been set up specfically for
use in usenet. Feel free to use it yourself.)