missing system 32 file

robbyrobby Olympia, WA New
edited March 2004 in Science & Tech
When Windows starts up, I get a message saying "Windows cannot find file C:Windows\system32\system32.exe make sure you have typed the filname correctly and then try again. To find the file, click search, bla bla." After I close this window, everything runs fine, well as far as I can see. Anyway, I was wondering if there was a way to restore this file from my windows cd or if this might be something serious I should be concerned about.

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited February 2004
    Sounds like you might have a spyware or virus infestation.

    Update and scan for viruses, and run spybot search and destroy
  • robbyrobby Olympia, WA New
    edited February 2004
    ran spybot, and I remember reading somewhere on this board about a virus scanning ware that found viruses Norton wouldn't. Happen to know of the name?
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited February 2004
    Which windows version is this??? Windows does not need this exact file with .exe extension.... There are some viruses that create an entry for this in the registry.

    Details at link below:

    http://www.liutilities.com/products/wintaskspro/processlibrary/system32/

    Since windows runs fine, one of two things has happened:

    The box has been partly cleaned of a virus or other malware. Since Windows runs, you might be able to delete the key with that exact path in it, but first lets find out what Windows this is.

    Editted massively to remove misinfo.

    John.
  • robbyrobby Olympia, WA New
    edited February 2004
    Sorry, it's xp.
  • robbyrobby Olympia, WA New
    edited February 2004
    xp pro to be exact.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited February 2004
    No, system32.exe is not a valid system file in any windows version, John.. It's a virus.

    Please be careful with your misinformation! I REPEAT: SYSTEM32.EXE NEVER HAS BEEN A WINDOW SYSTEM FILE, robby - it's a virus and needs to be gotten rid of.
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited February 2004
    F-Prot and Bitdefender both can from time to time detect things that a NAV earlier than NAV 2003 cannot find, and Kaspersky had paid defs for some viruses days before NAV got them.

    F-Prot, from http://www.f-prot.com/ can be run free for some operating systems at home, BitDefender (try http://www.bitdefender.com/bd/site/downloads.php?menu_id=21 )has a free version also of its less robust (because less often updated) subversion. The key things you get with a paid version are usually both program and virus def updates automatically or close to automaticly and more often than with a non-paid version unless you manually update the defs and live with waiting for free program to get updated.

    John D.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited February 2004
    Robby: Here's what's going on:

    You had a virus or spyware or a trojan that has since been removed. However, the startup script calls for that file still - either look in your startup items folder, or look in your registry under:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

    For a reference to system32.exe

    If you don't have the confidence to edit your registry, then download a program called HiJack This and see what it mentions for startup. You will definitely see the system32.exe file being called, and you can select it not to run. Problem solved.
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2004
    You can find a link to AVG antivirus in this article. The free version is as good as any out there. :cheers:

    Do what prime said to fix the current problem. Download and use AVG to keep yourself from having a similar problem in the future.
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited February 2004
    primesuspect wrote:
    No, system32.exe is not a valid system file in any windows version, John.. It's a virus.

    Please be careful with your misinformation! I REPEAT: SYSTEM32.EXE NEVER HAS BEEN A WINDOW SYSTEM FILE, robby - it's a virus and needs to be gotten rid of.

    Sorry, my mistake about that as far as extension. I thought NT in early form and Windows 95 running NT programs first used that....

    But, here is more detailed info for those who want it.....

    http://www.liutilities.com/products/wintaskspro/processlibrary/system32/

    Manual removal for one of the viruses that does this-- link below:

    http://securityresponse.symantec.com/avcenter/venc/data/w32.mari@mm.html

    The reg keys are good for most of the variants that do this, on older windows the first parts also apply, for this exact virus all applies.

    For another variant that runs this file from a reg entry, this key is also relevant:

    Hkey_local_Machine/software/microsoft/windows nt/current version/winlogon. IF it reads Explorer.exe windows\system32\system32.exe
    Then delete windows\system32\system32.exe
    and Leave Explorer.exe there.

    I also fixed my first reply, apologies to those who read something about some Windows needing this exact thing-- NOT. system32 followed by another extension than .exe HAS been used for legitimate things.
  • robbyrobby Olympia, WA New
    edited February 2004
    I wanted to thank all of you for your help. AVG found and removed the virus and all is golden.
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2004
    Which virus was it?

    ...me is curious... :wink:
  • robbyrobby Olympia, WA New
    edited February 2004
    I didn't even look, just deleted it, Strongbad style.
  • TimMBTimMB
    edited March 2004
    Backdoor.SdBot

    This thread helped a lot, thanks.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited March 2004
    Welcome to short-media :)
Sign In or Register to comment.