Solved

system32.exe

Posted on 2004-08-30
7
139 Views
Last Modified: 2010-04-14
When I boot the machine a popoup system32.exe shows up. There are no references to system32.exe nor cmd32.exe in the registry and I cannot find the files in the system. How do I determine what file is kicking off the process so that I can delete it. This is my daughters Laptop and she starts class tomorow.
0
Comment
Question by:JAgolio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
7 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 11930904
that is a worm

Once your system is up and running , download msconfig from here and dictate the startup programs
http://www.techadvice.com/win2000/m/msconfig_w2k.htm

or
http://www.perfectdrivers.com/howto/msconfig.html

open msconfig , go to startup tab and if you find this exe there , disable it

Also look here and remove that specific registry key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

SR
0
 
LVL 20

Accepted Solution

by:
Dufo G. Belski earned 500 total points
ID: 11930921
0
 

Author Comment

by:JAgolio
ID: 11944297
I will have acess today to my daughters PC. My guess is that I can do all of this in safe mode since if it comes up in 2K it reboots after about 5 minutes. Could this be running as a service that will make it difficult to find the rogue exe file?  
0
 
LVL 20

Expert Comment

by:Dufo G. Belski
ID: 12327879
I believe I provided the exact answer to the question that was specifically asked.  I missed the quesstioner's subsequent statement that the computer reboots after 5 minutes, but that's not related to the system32 folder popup problem, and would be the subject of a separate question.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In order to fulfill our mission of inspiring learning in the technology community, Experts Exchange is launching a Course of the Month program. Premium and Team Account members will have access to one course per month as a part of their membership, …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question