System32.exe trojan

C

CJintheUK

Ok I have a slight problem, somehow I appear to have got
myself a trojan thats parked it's self in my System32.exe
file, NAV can't clear it out so short of a full reinstall
of windows (not another one) is there anyway to get rid
of this wee beasty. I'm using XP pro.

Has the System32.exe been updated since XP came out,
stupid ? I know but I could always drag the file from the
XP CD and copy it over the infected file. Would this work
or would it screw up my system.
 
Y

Yves Leclerc

System32 is not an EXE but a folder. It keeps being updated whenever you
add software/hardware.

Y.
 
G

Guest

In my system32 folder is a file called system32.exe, I
just checked my ladtop (also installed with XP pro)which
I use for business and that doesn't have the system32.exe
file, the infected computer I use for games and general
web browsing so wherever the file came from I don't know,
either from istalling a game or game add-on or from
verious driver installs I've done lately, NAV can't get
rid of it, and just keeps bugging me about it..... :),
I'll have a fish around the registry see if I can figure
out what calls it/starts it.
 
C

CJintheUK

Thanks for the help, I quess thats what it must be,
strange thing is I don't use any P2P client software like
KaZaa for this reason, so god knows where it came from.

Oh well, it's fixed now.... hopefully....... :)
-----Original Message-----

Hi!

As windows doesn't have a file called system 32.exe this may be due to
an infection of Backdoor.SysXXX trojan
Click to expand...
or,W32.Kwbot.C.Worm.So scan your
 
D

Daniel L. Belton

In my system32 folder is a file called system32.exe, I
just checked my ladtop (also installed with XP pro)which
I use for business and that doesn't have the system32.exe
file, the infected computer I use for games and general
web browsing so wherever the file came from I don't know,
either from istalling a game or game add-on or from
verious driver installs I've done lately, NAV can't get
rid of it, and just keeps bugging me about it..... :),
I'll have a fish around the registry see if I can figure
out what calls it/starts it.



updated whenever you


in message
Click to expand...
I had the same thing on mine, and it was started from an alternate data
stream entry. Virus scanner wouldn't even touch it.
 
D

Daniel L. Belton

purplehaz said:
System32.exe file is a virus, you don't want it back. It is not a real XP
system file.
Your seeing your computer ask for it because the virus was not cleaned out
properly.
Follow the link for removal instructions.

W32.Kwbot.C.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.c.worm.html
Click to expand...
that's not the same one I had on my system. I still haven't found out
all I want to know about the one I had, but it was really nasty.
 
B

Bruce Chambers

Greetings --

You really don't want to get that file back. It's part of several
well-known viruses/worms. It is *not* a valid Windows file. Pay
particular attention to _all_ of the removal instructions:

W32.Kwbot.C.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.c.worm.html

Additionally, MS-MVP Doug Knox has kindly scripted a tool that
should help:
http://www.dougknox.com/xp/scripts_desc/xp_clean_kwbot.htm


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What if Virus can't be cleaned and can't be quarantined? 10
For MVP: Trojan-horse associated with C:\WINDOWS\system32\wdmaud.s 1
System 32 trojan horse 6
Trojan 10
Trojan horse pc32.exe - should I delete?? 3
system32 file mess 2
missing System32.exe 5
windows\system32\netdll32.exe messages after boot 1

Top