system32.exe

When I boot the machine a popoup system32.exe shows up. There are no references to system32.exe nor cmd32.exe in the registry and I cannot find the files in the system. How do I determine what file is kicking off the process so that I can delete it. This is my daughters Laptop and she starts class tomorow.
JAgolioAsked:
Who is Participating?
 
Dufo G. BelskiRetired bureaucrat/desktop supportCommented:
0
 
sunray_2003Commented:
that is a worm

Once your system is up and running , download msconfig from here and dictate the startup programs
http://www.techadvice.com/win2000/m/msconfig_w2k.htm

or
http://www.perfectdrivers.com/howto/msconfig.html

open msconfig , go to startup tab and if you find this exe there , disable it

Also look here and remove that specific registry key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

SR
0
 
JAgolioAuthor Commented:
I will have acess today to my daughters PC. My guess is that I can do all of this in safe mode since if it comes up in 2K it reboots after about 5 minutes. Could this be running as a service that will make it difficult to find the rogue exe file?  
0
 
Dufo G. BelskiRetired bureaucrat/desktop supportCommented:
I believe I provided the exact answer to the question that was specifically asked.  I missed the quesstioner's subsequent statement that the computer reboots after 5 minutes, but that's not related to the system32 folder popup problem, and would be the subject of a separate question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.