Little off the subject but still pertains to XP

ncweidner

I got a virus on my box.. ..( backdoor.sdbot) Norton cleaned it all except C:\windows\system32\system32.exe......It keeps telling me that it can't clean this file. So disabled "system restore" , Next Exported my registry, then I booted up in safe mode and deleted the file. My system runs fine but at boot up I get this error message saying that it can not find system32.exe. I was wondering if I searched for system32.exe though the entire registry and remove the entry for system32.exe if that will get rid of the error.

Any thoughts.

The only good thing I is that I am studing for the 70-270!

Thanks!

bellboy

have you tried replacing the file from the setup cd?

RussS

I suspect that system32.exe is in fact a virus as it is definitely NOT a windows file.

Type "system32.exe" here
http://www.symantec.com/search/

See here for more info
http://forums.techguy.org/t140854/s34769fe7f5edd8173d730d46d663d135.html

ncweidner

After futher research.....the file system32.exe is part of the virus...and my PC is STILL RUNNING STRONG!

Thanks for the help!

curio

Norton sometimes doesn't delete virus bodies or trojans. Usually it's OK but just sometimes it won't touch them. After you delete the file thre will still be a stsrtup key in the registry somewhere, usually one of the 'run' keys. Quickest way to find it is to use 'Autoruns.exe' - download from SysInternals

http://www.sysinternals.com/ntw2k/source/misc.shtml#autoruns

it is very useful for tracking down dodgy startup keys.

nethersdenizen

All these out of work programmers giving us viruses, nothing better to do.

system32 is a folder not a file, maybe. I don't use XP and can't check.

lazyart

Sounds like there is a registry entry pointing to the virus executable at startup. A registry search for the value "system32.exe" will help you get rid of it. Delete any entry containing it and you will be set.

HKEY_CURRENT_USER/software/microsoft/windows/currrent version/ will have a few startup branches.