Ever had this error message when you had the administrative powers, if so you are troubled with a nifty protection system employed by a virus/trojan that prevents registry editing so that the virus can't be taken out from the startup.
Luckily there is a way around this problem.
Important Note : The following steps involve modifying the Windows registry
of your system. It is generally not advised for ameteurs as an invalid setting can make your system not boot properly. Only attempt this if you know what you are doing. The author shall not be held liable for any loss in the form of data, software or hardware. Also it would be worthwhile to check out making a backup copy of your system registry and
restoring it in case something goes wrong. Please see the information from the
micrososft's site.
First of all you need to scan your system with the latest virus definition of your antivirus software.
We highly recomend the Avast! antivirus which is completely free for home use. It also provides boot
time scan so that viruses running in memory can be deleted before they start.
After cleaning your system of all viruses, you need to install a third party windows registry
editing software like Tuneup Utilities which is a trial application.
Now laumch the third party registry editor and either search for the key 'DisableRegistryTools' in HKEY_USERS
or browse to HKEY_USERS -> { S-1-5-21-1390067357-515967899-725345543-500} ->
Software -> Microsoft ->Windows ->CurrentVersion -> Policies ->System.
here { S-1-5-21-1390067357-515967899-725345543-500} could be different for you, it is a
unique string assigned for a user.
Now next to System, if there is an entry named 'DisableRegistryTools', just delete that key and either log off or restart. The problem should be solved.
Saturday, October 13, 2007
Friday, September 7, 2007
System cannot find the file system32.exe
This is the error caused after successfully removing a virus. Like most viruses today, this virus adds code to the Windows Registry to automatically run the virus program everytime windows is started.
First of all, there is no file called System32.exe in windows. The virus author has carefully named it so and the virus is copied to the system32 folder of your Winsows installation so that you would panic at seeing the message when
windows boots up, atleast thats what I did.
Secondly, the good news is that you have been able to remove the virus from your system. So there is no harm in the message being displayed. But if you
are annoyed with it, you can do the following steps to remove the message from
being displayed.
Important Note : The following steps involve modifying the Windows registry
of your system. It is generally not advised for ameteurs as an invalid setting can make your system not boot properly. Only attempt this if you know what you are doing. The author shall not be held liable for any loss in the form of data, software or hardware. Also it would be worthwhile to check out making a backup copy of your system registry and
restoring it in case something goes wrong. Please see the information from the
micrososft's site.
If you are from a programming background, heres a little fact. The Explorer.exe is the
called the shell of the windows Operating system, ie it provides the interface for the user. It also has the ability to run a file or program that is given as parameter
to it. The virus is set to be executed on starting if the Operating System everytime.
Hope this was helpful...
First of all, there is no file called System32.exe in windows. The virus author has carefully named it so and the virus is copied to the system32 folder of your Winsows installation so that you would panic at seeing the message when
windows boots up, atleast thats what I did.
Secondly, the good news is that you have been able to remove the virus from your system. So there is no harm in the message being displayed. But if you
are annoyed with it, you can do the following steps to remove the message from
being displayed.
Important Note : The following steps involve modifying the Windows registry
of your system. It is generally not advised for ameteurs as an invalid setting can make your system not boot properly. Only attempt this if you know what you are doing. The author shall not be held liable for any loss in the form of data, software or hardware. Also it would be worthwhile to check out making a backup copy of your system registry and
restoring it in case something goes wrong. Please see the information from the
micrososft's site.
- Start the registry editor. Either press the key combination [WindowsKey + R] or Start -> Run, then type "regedit", press Enter.
- Backup Your Registry. Right click on the "My Computer" at the top and select Export, select a location to save the registry. You can later use this in safe mode to restore the registry to this state if you are having any problems.
- Finding the culprit. Press [Ctrl + F] or Edit -> Find, in the find what text box, type "system32.exe" without the quotation marks. Then press the find button. If the search is successful, you'll see an entry like this - "explorer.exe system32.exe".
- Restoring Order. Double click on the entry to edit the value. In the text box "Value Data", delete the part System32.exe and nothing else. Click Ok to save the changes.
- Keep your Fingers crossed. The editing you done to the registry will not be in effect unless you restart the system. So save all your work and restart the system. If you did it properly, there wont be any message when the system is booted.
If you are from a programming background, heres a little fact. The Explorer.exe is the
called the shell of the windows Operating system, ie it provides the interface for the user. It also has the ability to run a file or program that is given as parameter
to it. The virus is set to be executed on starting if the Operating System everytime.
Hope this was helpful...
Subscribe to:
Posts (Atom)