removing system32.exe from registry

J

Jimbob

I have removed a virus from my PC (sorry, don't know which one). I
uninstalled a load of spyware, cleaned up my system with everything I could,
disabled System Restore (I have Windows XP) and ran a complete, updated
virus check and everything seems OK now but I get a message at startup that
windows can't find System32.exe. I know this is a file created by the virus
but there is no reference to it in the usual places (eg Win.ini, Startup).
However there is only one reference in the registry in
HKey_LocalMachine/Software/Microsoft/Windows NT/CurrentVersion/Winlogon

The right panel says

Shell Reg_sz Explorer.exe C:\Windows\System32.exe

I assume this is causing my startup message. Am I safe to delete this key?
Or are there other things I should do first?

Evi
 
J

John Coutts

I have removed a virus from my PC (sorry, don't know which one). I
uninstalled a load of spyware, cleaned up my system with everything I could,
disabled System Restore (I have Windows XP) and ran a complete, updated
virus check and everything seems OK now but I get a message at startup that
windows can't find System32.exe. I know this is a file created by the virus
but there is no reference to it in the usual places (eg Win.ini, Startup).
However there is only one reference in the registry in
HKey_LocalMachine/Software/Microsoft/Windows NT/CurrentVersion/Winlogon

The right panel says

Shell Reg_sz Explorer.exe C:\Windows\System32.exe

I assume this is causing my startup message. Am I safe to delete this key?
Or are there other things I should do first?

Evi
****************** REPLY SEPARATER ***********************
Found this on a google search. Cannot verify the method, but system32.exe is
definitely not a system file on XP.
-------------------------------------------------------------------
Posted by Swaroop Kumar [find other messages by Swaroop Kumar]

system32.exe is a virus. To get rid of the problem... click
start>run>regedit.... go to
HKey_local_machine\software\microsoft\windowsNT\currentVersion\WinLogon.

On the right hand side you will find a value for SHELL "Explorer.exe
C:\WINDOWS\System32\System32.exe". Here..delete
"C:\WINDOWS\System32\System32.exe" so as to leave just Explorer.exe. Then boot
to the safemode and delete the file "C:\WINDOWS\System32\System32.exe". This
will remove the worm from the computer. Take care!
------------------------------------------------------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top