caw81677
asked on
Windows cannot find C:\WINDOWS\System32\winsys.exe
I am running window XP pro. When I start up my computer the error message "Windows cannot find C:\windows\system32\winsys
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_CURRENT_USER\SOFTWARE
I would imagine that the virus put something on my computer that is trying to use that key on startup. It's not in the startup options under msconfig so I can't disable it. Where else might I look to keep windows from looking for this file on startup.
Thanks
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_CURRENT_USER\SOFTWARE
I would imagine that the virus put something on my computer that is trying to use that key on startup. It's not in the startup options under msconfig so I can't disable it. Where else might I look to keep windows from looking for this file on startup.
Thanks
Look in all of these
Look to see if it in the registry under
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
Some other registry settings
HKEY_LOCAL_MACHINE\Softwar
HKEY_LOCAL_MACHINE\Softwar
HKEY_LOCAL_MACHINE\Softwar
HKEY_LOCAL_MACHINE\Softwar
HKEY_LOCAL_MACHINE\Softwar
Look to see if it in the registry under
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
Some other registry settings
HKEY_LOCAL_MACHINE\Softwar
HKEY_LOCAL_MACHINE\Softwar
HKEY_LOCAL_MACHINE\Softwar
HKEY_LOCAL_MACHINE\Softwar
HKEY_LOCAL_MACHINE\Softwar
Start > Run msconfig
Click the startup tab and experiment by unchecking some of the items in there and see what happens.
Click the startup tab and experiment by unchecking some of the items in there and see what happens.
ASKER
Thank you for your suggestions.
I already checked all of those registry keys and under Start> Run msconfig. When norton scanned my system for viruses it basically quarantined the winsys.exe file that was infected but cannot repair it. Now, when I restart the computer, some program is looking to run that file. How can I find out what program is looking to run that file and disable it. I have tried a program called "startup list" (I think that's what it's called) which listed everthing that starts automatically on my computer and "bootvis" from microsoft but don't quite understand them yet. Where else could I possibly look for items that are set to startup automatically on my computer.
Looked in Win.ini, startup group for me and all users, msconfig, and all registry keys listed above.
Any further advice would be appreciated
Thank you
I already checked all of those registry keys and under Start> Run msconfig. When norton scanned my system for viruses it basically quarantined the winsys.exe file that was infected but cannot repair it. Now, when I restart the computer, some program is looking to run that file. How can I find out what program is looking to run that file and disable it. I have tried a program called "startup list" (I think that's what it's called) which listed everthing that starts automatically on my computer and "bootvis" from microsoft but don't quite understand them yet. Where else could I possibly look for items that are set to startup automatically on my computer.
Looked in Win.ini, startup group for me and all users, msconfig, and all registry keys listed above.
Any further advice would be appreciated
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah yes, excellent suggestion. I had tried searching the registry but you helped me realize I didn't do it from my computer down. Sure enough, I found 4 or 5 keys that needed to be deleted. The specific one that it was referring to was
HKLM\Software\Microsoft\Wi
in the right pane the entry was
Shell Reg_Sz Explorer.exe C:\Windows\System32\winsys
I know this because it was the last one to be deleted and I still received the error until this one was gone.
Excellent help everyone, Thank you very much
HKLM\Software\Microsoft\Wi
in the right pane the entry was
Shell Reg_Sz Explorer.exe C:\Windows\System32\winsys
I know this because it was the last one to be deleted and I still received the error until this one was gone.
Excellent help everyone, Thank you very much
Hello again!
Just curious whether you had a chance to try any of the links I posted, all of which dealt with different methods (spelling them out, in some cases) of dealing with this WINSYS.EXE worm virus?
Many experts will do this (post links) for assistance, rather than re-invent the wheel.
Glad you found a solution!
Ted
Just curious whether you had a chance to try any of the links I posted, all of which dealt with different methods (spelling them out, in some cases) of dealing with this WINSYS.EXE worm virus?
Many experts will do this (post links) for assistance, rather than re-invent the wheel.
Glad you found a solution!
Ted
ASKER
Ted,
Yes, I checked out most of the links you posted and they all basically gave the same advice of checking the obvious run, and runonce keys in the registry. I searched most of the sites for the w32.kwbot.d.worm in particular but none of them returned any results. Symantec.com had instructions for removing the virus from the run and runonce keys so it wouldn't start and Norton quarantined the infected file but the worm created entries in some of the less obvious registry entries that were looking for the infected file on startup. The answers may have been located in those links, but I may not have read thoroughly enough to find the answer.
You know, everybody wants the quick and easy solution that requires the least amount of work :)
Craig
Yes, I checked out most of the links you posted and they all basically gave the same advice of checking the obvious run, and runonce keys in the registry. I searched most of the sites for the w32.kwbot.d.worm in particular but none of them returned any results. Symantec.com had instructions for removing the virus from the run and runonce keys so it wouldn't start and Norton quarantined the infected file but the worm created entries in some of the less obvious registry entries that were looking for the infected file on startup. The answers may have been located in those links, but I may not have read thoroughly enough to find the answer.
You know, everybody wants the quick and easy solution that requires the least amount of work :)
Craig
That's all anyone can ask for, isn't it <smile>.
Glad you have your fix - I like quick 'n' easy, too ;)
Take care!
Ted
Glad you have your fix - I like quick 'n' easy, too ;)
Take care!
Ted
Will not show up in Add/Remove programs. Run c:\winnt\unin.exe to disable. But this uninstaller will not remove smt.exe, unin.exe, winsys.exe, or any of the dll's it installs.