c:\WINDOWS\System\WinDriv32.exe

  • Thread starter Thread starter Ben
  • Start date Start date
B

Ben

Hi whenever i start up windows a black window appears on
the desktop called "c:\WINDOWS\System\WinDriv32.exe" It
has a flashing curser in it.

What is it ?why has it started appearing?

any thoughts on why and how to fix it

much appreciated

Ben
 
Ben said:
Hi whenever i start up windows a black window appears on
the desktop called "c:\WINDOWS\System\WinDriv32.exe" It
has a flashing curser in it.

What is it ?why has it started appearing?

any thoughts on why and how to fix it
Click to expand...

A quick Google for "WinDriv32.exe" didn't bring me any links. Do you
have a current (not earlier than 2002 version) antivirus installed? If
yes, are its definitions updated? Because the first thing I would
suspect is a virus. If you don't have an av installed, you should get
one. Try and get into Windows in Safe Mode. If you can, then go to
Start>Run and type "msconfig" without the quotes. Go to the Startup tab
and find whatever is calling WinDrive32.exe and uncheck the box next to
its name, click Apply and OK out. There will also be information on
that tab as to where the call is coming *from*, so look at that because
it will help track down the location of this executable on your hard
drive.

Post back with more information about your system and the results of the
above troubleshooting for more help.

Malke
 
Ben,

I have the same thing and I'm guessing this is NOT a good thing. We
are being hammered by a new version of gaobot right now and the timing
is too odd to be coincidental. Still, I would have expected to see
lots more posts by now.

This might also be related to a recent update?

I'll post more when I find out anything.

David
 
It's official - gaobot. I used the latest command line utility from
NAI to kill it. YMMV.

David
 
DMF said:
It's official - gaobot. I used the latest command line utility from
NAI to kill it. YMMV.

David
Click to expand...

Thanks for posting the solution, DMF. I really appreciate your input and
will put the answer in my "antivirus toolbox".

Cheers,

Malke
 
Looks like the big boy AV folks have really dropped the ball on this
one. Still no info on any major AV site I can find that relates to
this.

I had several systems that were compromised with this and honestly had
mixed results with the command-line version. There were several
registry hacks I had to make (look for windriv32 and delete the
associated keys - backup the registry first ;-)). The VirusScan app
from NAI actually killed the bugger, though my techs ran it and I
never got a chance to see if the associated registry hacks were
incorporated.

Here's a link of general info. FWIW, windriv32 is NOT mentioned in
this article. Stiil, you might find useful info esp. about
removal.... http://vil.nai.com/vil/content/v_125006.htm

David
 
DMF said:
Looks like the big boy AV folks have really dropped the ball on this
one. Still no info on any major AV site I can find that relates to
this.

I had several systems that were compromised with this and honestly had
mixed results with the command-line version. There were several
registry hacks I had to make (look for windriv32 and delete the
associated keys - backup the registry first ;-)). The VirusScan app
from NAI actually killed the bugger, though my techs ran it and I
never got a chance to see if the associated registry hacks were
incorporated.

Here's a link of general info. FWIW, windriv32 is NOT mentioned in
this article. Stiil, you might find useful info esp. about
removal.... http://vil.nai.com/vil/content/v_125006.htm

David
Click to expand...

Thanks again, David. I appreciate the link.

Malke
 
I am having this same problem, I have NortonAntivirus 2003, but everytime I try to run the definition updates, it won't let me. Everytime i start the computer, this windows pops up as well

R602
Pure Virtual Function Cal
c:\programfiles\commonfiles\symnatecshared\ccEvtMgr.exe
 
DMF, Im not as technically gifted with computers as its sounds you are, could you explain to me how to get rid of this problem i am having

Thanks

Ben

----- DMF wrote: -----

It's official - gaobot. I used the latest command line utility from
NAI to kill it. YMMV.

David
 
Back
Top