System32.exe problem
Posted by admin on 14 Nov 2007 at 11:07 pm | Tagged as: registry, registry cleaner, configuration, windows, computer, Uncategorized
If you receive an error stating “Cannot find C:\Windows\System32\System32.exe” when booting your copy of Windows XP, it’s highly likely that you’re suffering from a well documented problem associated with the W32.KWBot.C.Worm virus.
Also known as Worm.P2P.Tanked.14 and Win32/HLLW.Kwbot.C, this particular virus operates through the Kazaa and Limewire sharing environment. It’s a medium threat virus, so while it isn’t totally destructive, it can cause some significant damage to your system.
So, naturally you’re already thinking, how can I get rid of this threat? Well the good news is that it’s quite easy to remove, as long as you’re careful when working and don’t go making any brash mistakes!
The actual “Cannot find C:\Windows\System32\System32.exe” error is thrown AFTER the virus has been removed. Not a very successful removal after all, you’d think. And you’d be right. The major anti-Virus suites are all guilty of an occasional loophole. In the case of the System32.exe error, that loophole is usually an incomplete removal of all registry traces of the W32.KWBot.C.Worm virus.
If you run through a standard virus scan of your computer and delete a few troublesome looking files, it’s possible that the next time you boot Windows; you’ll be presented with this error. To get to the bottom of it, we need to access the Windows registry and make a few slight alterations to remove the last traces of the virus.
Now, as ever, you should note that using the Registry Editor requires a great deal of attention. It’s not the sort of utility that you open up and play around with callously. In fact, a single bad edit can leave you locked out of your Windows XP system!
We would suggest that you download one of the many free registry cleaners if you’re lacking confidence in the area of critical system edits. In fact, we can’t stress it highly enough. A registry cleaner will usually get rid of stray entries and you’ll notice that the errors disappear with them.
But for the sake of knowing what you’re doing to your system, here’s how you can remove the W32.KWBot.C.Worm virus entries manually.
- Go to Start, then Run, and type “regedit”.
- Locate the following keys:
- Click on the Edit menu option.
- Delete each key.
- Find the HKEY_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell key.
- Click on the Edit menu option
- Click Modify and enter Explorer.exe as your value.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\SystemSAS system32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\CMD cmd32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\RunServices\SystemSAS system32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\RunServices\CMD cmd32.exe HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\
CurrentVersion\RunOnce\SystemSAS system32.exe HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\
CurrentVersion\RunOnce\CMD cmd32.exe HKEY_Local_Machine\Software\Krypton
Finally, you will need to delete any of the remaining corrupted entries from the Kazaa and iMesh libraries. You will only need to do this for the program which you have installed.
Search for any values that point to C:\%Windir%\User32 or C:\%Windir%\UserTemp, and delete them.
You should then save your registry and restart Windows. In most cases, the error will have disappeared. If it remains, you will definitely need to download a comprehensive registry cleaning utility. This will search out any extra complications. As an absolute last resort, a full Windows repair may be necessary. This shouldn’t be considered until the other avenues have been exhausted. The registry edits above will fix the problem nine times out of ten.
Get a Free Online Diagnostic Scan with RegCure PC Optimizer (Download Takes 2 Mins)
