| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 45092 | 2004-05-09 22:50:00 | System32 dot exe | BaasHenk (5261) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 235408 | 2004-05-09 22:50:00 | The m/c: a friend's HP 2.66 p4, 80gig hdd, 512meg ram, running XP home. The problem: I used AVG to detect virusses, found seven instances of infection including a trojan in the file "system32.exe". Tried to put it in the vault as per AVG. No go. AVG offered to delete it. I said yes. No go!! What I did: I changed the "system32.exe" to "system31.dxe" and deleted it. Well done? I don't know!?! Anyway the trojan is gone. Now, when the m/c boots, it complains that it cannot find this file. I thought I'll copy it from my m/c and put it on the other. Funny my m/c, running same version of XP does not have it. My questions are these: WHere can I get this file? What app uses it or is it Xp using it. How does a virus end up inside a file? Last note: You guys need idiots like me to practice your skills on. I'm sure it is only someone like me who will mess up a straight forward virus removal. Please help, I really need to finish what I started. Thanks guys Henk |
BaasHenk (5261) | ||
| 235409 | 2004-05-09 23:14:00 | system.exe is a system file, you don't want system32.exe back What was the name of the trojan/virus. With this info you can find exactly what is needed as far as removing the last vestages of it. You'll need to be prepared to edit the registry and possibly some system files. Cheers Murray P |
Murray P (44) | ||
| 235410 | 2004-05-10 00:49:00 | Thanks for responding so soon Murray. I'm happy not to take it back. I do not recall the virus name but it seems that the virus has left the building. My main concern is that the m/c keeps on complaining that it needs this file to open something and that I should check the spelling. But it does not state what it wants to open ie.: nero or acdsee etc. How will I find what app is trying to use this file? I'm happy to edit the reg etc as I have done so before. Hoever I'm always cautious as I might change something, restart and find that I can not! Catch 22............ I'm just looking at your post again....are you saying that this file belongs to the trojan? If so I should be able to find the rest of the virus by going to Mcafee or the likes to get the details of what it does and where it sits.....then again I spose I'll need the name. Ahhh the joy of swapping pen&paper for keyboard&screen Henk |
BaasHenk (5261) | ||
| 235411 | 2004-05-10 01:27:00 | Removal instructions here (securityresponse.symantec.com) | godfather (25) | ||
| 235412 | 2004-05-10 01:36:00 | Thanks guys! Godfather, that helped. I'll fix it tonight. Henk |
BaasHenk (5261) | ||
| 235413 | 2004-05-10 02:31:00 | That was the one I was thinking of GF. Just wanted to make sure as I'm believe there are other ones that create a system32.exe. Henk look in you anti-virus programme for a virus log file or recently found viruses. If you can't find anything your probably pretty safe to follow the Symantic how to (if you can't find that particular registry key, you can't alter can you so, no harm). Cheers Murray P |
Murray P (44) | ||
| 235414 | 2004-05-10 02:57:00 | Thanks mate! | BaasHenk (5261) | ||
| 1 | |||||