Solved

system32.exe

Posted on 2004-08-30
7
140 Views
Last Modified: 2010-04-14
When I boot the machine a popoup system32.exe shows up. There are no references to system32.exe nor cmd32.exe in the registry and I cannot find the files in the system. How do I determine what file is kicking off the process so that I can delete it. This is my daughters Laptop and she starts class tomorow.
0
Comment
Question by:JAgolio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
7 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 11930904
that is a worm

Once your system is up and running , download msconfig from here and dictate the startup programs
http://www.techadvice.com/win2000/m/msconfig_w2k.htm

or
http://www.perfectdrivers.com/howto/msconfig.html

open msconfig , go to startup tab and if you find this exe there , disable it

Also look here and remove that specific registry key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

SR
0
 
LVL 20

Accepted Solution

by:
Dufo G. Belski earned 500 total points
ID: 11930921
0
 

Author Comment

by:JAgolio
ID: 11944297
I will have acess today to my daughters PC. My guess is that I can do all of this in safe mode since if it comes up in 2K it reboots after about 5 minutes. Could this be running as a service that will make it difficult to find the rogue exe file?  
0
 
LVL 20

Expert Comment

by:Dufo G. Belski
ID: 12327879
I believe I provided the exact answer to the question that was specifically asked.  I missed the quesstioner's subsequent statement that the computer reboots after 5 minutes, but that's not related to the system32 folder popup problem, and would be the subject of a separate question.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question