Friday, September 7, 2007

System cannot find the file system32.exe

This is the error caused after successfully removing a virus. Like most viruses today, this virus adds code to the Windows Registry to automatically run the virus program everytime windows is started.

First of all, there is no file called System32.exe in windows. The virus author has carefully named it so and the virus is copied to the system32 folder of your Winsows installation so that you would panic at seeing the message when 
windows boots up, atleast thats what I did.

Secondly, the good news is that you have been able to remove the virus from your system. So there is no harm in the message being displayed. But if you 
are annoyed with it, you can do the following steps to remove the message from
 being displayed.

Important Note : The following steps involve modifying the Windows registry 
of your system. It is generally not advised for ameteurs as an invalid setting can make your system not boot properly. Only attempt this if you know what you are doing.  The author shall not be held liable for any loss in the form of data, software or hardware. Also it would be worthwhile to check out making a backup copy of your system registry and 
restoring it in case something goes wrong. Please see the information from the 
micrososft's site.
  1.  Start the registry editor. Either press the key combination [WindowsKey + R] or Start -> Run, then type "regedit", press Enter.
  2. Backup Your Registry. Right click on the "My Computer" at the top and select Export, select a location to save the registry. You can later use this in safe mode to restore the registry to this state if you are having any problems.
  3. Finding the culprit. Press [Ctrl + F] or Edit -> Find, in the find what text box, type "system32.exe" without the quotation marks. Then press the find button. If the search is successful, you'll see an entry like this - "explorer.exe system32.exe".
  4. Restoring Order. Double click on the entry to edit the value. In the text box "Value Data", delete the part System32.exe and nothing else. Click Ok to save the changes.
  5. Keep your Fingers crossed. The editing you done to the registry will not be in effect unless you restart the system. So save all your work and restart the system. If you did it properly, there wont be any message when the system is booted.


If you are  from a programming background, heres a little fact. The Explorer.exe is the 
called the shell of the windows Operating system, ie it provides the interface for the user. It also has the ability to run a file or program that is given as parameter 
to it. The virus is set to be executed on starting if the Operating System everytime.

Hope this was helpful...
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)