System32.exe on XP Home??

[Dynamo]

Hi all,

To cut a long story short. I have just recovered from a virus (on my PC). Norton now says I am clear. However during the process - a file system32.exe in the windows\system32 folder has been deleted.

Now after boot, XP complains that it can't find this file.

I have looked on an XP pro PC, and can't see system32.exe file anywhere.

Was this file then part of the virus, and I don't need to find the file to replace it? If so how can I get rid of the message after boot up? I have checked the startup folder, gone through MSCONFIG the boot up and start processes but cant find anything tyring to open system32.exe

Can any one help?


Thanks in advance..

 

[khha4113]

I don't believe there is a file called <b>system32.exe</b> in XP only the folder.

Good or Bad have no meaning at all, depends on what your point of view is.

 

[Toejam31]

The reason that Windows can't find the file is because ... it <i>is</i> the worm that was deleted, an Internet Worm commonly known as I-Worm.Mari.

The Registry still contains references to the file and therefore must be repaired in order to eliminate the error message. However, be advised that changing or deleting items from your Registry can cause serious and even irrecoverable stability problems with your system, including not being able to boot into Windows. Backing up the Registry before making any alterations would be an excellent idea, easily done by using the File\Export command in the Registry Editor.

To get rid of the error message, click on the Start button, go to Run, type regedit, and then press Enter. After this you will need to start at the beginning of the Registry, by highlighting "My Computer". Next, go to the Edit menu, choose "Find" and in the field supplied type system32.exe. Delete any references to system32.exe. However -- DO NOT DELETE ANY KEYS IN THE REGISTRY OTHER THAN THOSE THAT CONTAIN THE TEXT "system32.exe". Be sure that you are not deleting Registry keys related to the Windows system32 folder ... <i>only</i> the .exe file. For example, if you should happen to see a Value Name called "Shell" (under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon) with the Value Data being "Explorer.exe C:\Windows\System32\system32.exe" -- do not remove "Shell" ... simply modify the Value Data so that it reads Explorer.exe.

Extra Info: <A HREF="http://www.antivirusebook.com/database/marijuanavirus.html" target="_new">Marijuana Virus Information & Removal</A>

Time to start scanning ye olde e-mail, I think, and to try and be more careful about what you open when the mail arrives.

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=328&s=91c282f2e5207e99b7a652ee13b3512a" target="_new"><font color=green>My System Rigs</font color=green></A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>Your Computer Questions Answered</font color=orange></i>

 

[Dynamo]

Thanks,

I assumed that the file was infact a virus and bein gcalled via the registry or something somewhere - but a second opinion is always welcome, thanks.

I do always scan my emails, dont open dodgey stuff and take good care (I am a programmer for my sins, and know of some of the nasties). However last week, I was using a file sharing thing as well as having a lot of things going off at once - so to increase the speed of my PC temporaily I turned off Norton AV, the rest I think we know..........

I have since learnt that in some cases being patient and waiting for things to happen without shutting critical things off is better than cuting down on security.

Thanks for the help.

 

[James35]

Thanks toey. i just wrote out a question based on exactly that and i just happen to scroll thru this and found the answer. i wasnt overly sure if there was one or not since i been outta touch with the systems for the past two years.

thanks dude

by the way can you resend me how to speed up the i.e. 6 browser?

thanks toey LTNS

 

[James35]

It worked ... thank you sir

 

[Toejam31]

Is this what you are looking for?

<A HREF="http://tutorials.freeskills.com/read/id/23" target="_new">Speed up Internet Explorer</A>

You could also try clearing the "Enable page transitions" check box under the Advanced tab in Internet Properties. This will speed up some pages, but not all; don't expect miracles.

Some people have also discovered, that with a fast Internet connection, setting the size of the Temporary Internet Files to somewhere between 1-5MB can enhance performance to a certain degree. I use 1MB, and that seems to work well.

Other folks also swear that browsing speed is increased by periodically flushing the DNS cache. To clear it type the following in a command prompt: ipconfig /flushdns.

And, of course, if you have an xDSL modem, and you notice that it takes time to access any web page, and then, right out of the blue, your connection establishes full-speed again ... the reason usually lies in amount of time it needs for the TCP/IP protocol to translate a host name to an IP address. In order to fix this problem your modem should have an internal IP address specified in TCP/IP properties. In most cases the IP address would be 192.168.1.2; subnet mask : 255.255.255.0.

You also might find some additional helpful information on the subject by browsing around the <A HREF="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ie/reskit/ie6/ie6rkit.asp" target="_new">I.E. 6 Resource Kit</A> page.

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=328&s=91c282f2e5207e99b7a652ee13b3512a" target="_new"><font color=green>My System Rigs</font color=green></A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>Your Computer Questions Answered</font color=orange></i>

 

[James35]

i found it was at speed guide where you turn up how many hits a browser can do at once and i like doing them at 400 +? just need to access the reg to set it up thanks thou

 

[Toejam31]

Sorry ... I wasn't exactly sure what you meant when I read the post, so I just threw a few things out there, hoping that one of them might be what you needed. Glad you found it on your own!

Later ...

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=328&s=91c282f2e5207e99b7a652ee13b3512a" target="_new"><font color=green>My System Rigs</font color=green></A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>Your Computer Questions Answered</font color=orange></i>

 

[James35]

np