system32 virus...

November 7, 2005 12:19 AM from

Mcafee found an infected file called C:\WINDOWS\system32\MSWINDOWS.exe.
My computer has started to run slowly and i need to know what to do to get rid of this. I have run adaware, spybot, and mcafee virusscan in safemode and nothing has worked. Please help me out!!

55,447 views 29 replies

Reply #1 November 7, 2005 12:24 AM from

WinCustomize Forums Top

Try a google search for a removal tool

Reply #2 November 7, 2005 12:30 AM from

WinCustomize Forums Top

thanks for the link, but my computer does not have any of those signs of the virus. I am thinking about using system restore to go back to a system checkpoint, is this safe? do you think it would work?

Reply #3 November 7, 2005 12:40 AM from

WinCustomize Forums Top

try the free scans at trendmicro or panda

i'm not too sure that restore points work with viruses

Reply #4 November 7, 2005 12:41 AM from

JoeUser Forums Top

if nothing else, try finding a bootcd (like hiren's) that enables you to work in dos, navigate to it and delete it.

also check for other exe files in your system directories...and review your startup stuff.

Reply #5 November 7, 2005 12:41 AM from

WinCustomize Forums Top

prior to doing scans for removal, did you turn off the restore point? virus scanners can't get in there if it's on

Reply #6 November 7, 2005 12:43 AM from

WinCustomize Forums Top

there is any number of things that could be associated to, Ben. Try using the proggy at the end of this here link: Link

it might give you an idea of whether or not it is attached to anything, or if you wanna take steps to remove it. Read through the SysInternals site for other good info on rootkits, spyware and security measures. Happy skinning!

Reply #7 November 7, 2005 12:44 AM from

WinCustomize Forums Top

Be carefule with McAfee. I have had it identify things as virus' that were not. Adaware has a some free plug ins that remove certain virus'. Also, try CWShredder if you can't find any info on the virus, or McAfee identifies it but can't tell you how to remove it.

On a personal note, I have tried Norton, McAfee, and AVG for virus protection. Of the three AVG was the best. Then I tried AVAST (it is free) and AVAST has been by far better than the other ones I have used. You can get the DL on their site and on Cnet. It has found and removed things the others missed. It has some great options (full system scans on boot...and a lot more) that make it convenient and easy to use. But that's just my opinion.

Reply #8 November 7, 2005 12:44 AM from

WinCustomize Forums Top

Try AVG Antivirus (free.grisoft.com), it's free, then get Microsoft Antispyware (microsoft.com/downloads), also free, if that doesn't do it, go with ewido antivirus, that one not free. Do not do a system restore, odds are there is spyware associated with that virus and those can embed themselves within your system restore files, not rally getting rid of the problem. Last resort, back up all of your stuff and reload.

Keep me posted.

Reply #9 November 7, 2005 12:46 AM from

WinCustomize Forums Top

Spyware doctor is also good at getting rid of infections, but it is not free.

Reply #10 November 7, 2005 1:16 AM from

WinCustomize Forums Top

yea i saw something saying that system restore actually backs up infected files, so it would not help me. thanks for the suggestions guys.

Reply #11 November 7, 2005 1:35 AM from

WinCustomize Forums Top

Just out of curiosity..what happens when you just delete it....????

Reply #12 November 7, 2005 1:44 AM from

WinCustomize Forums Top

no telling, yraq. Do a google on "mswindows.exe", see what you can come up with.

Reply #13 November 7, 2005 1:47 AM from

WinCustomize Forums Top

caveman: AdAware is good. So is Spybot S&D. I run MS AntiSpware, and Spybot's resident at the same time. Then when I get suspicious, I'll run AdAware just to be sure no one else missed it. If I am really suspicious, I'll use rootkitrevealer (see link in #6), and autoruns (also at sysinternals). As far as virus-anti: Avast is the best AND it is FREE.

Reply #14 November 7, 2005 1:48 AM from

WinCustomize Forums Top

I don't think it's a virus. I'm guessing Mcafee is giving a false positive and the file is locked by something. If it is, he can just delete it on a boot. http://www.softwarepatch.com/software/moveonboot.html

Reply #15 November 7, 2005 6:23 AM from

WinCustomize Forums Top

I got avast and ran it, it didnt find anything. I think i will run it again in safemode with system restore disabled.

I just read that boot page, i have never used that before. Would i just use the delete option?

Reply #16 November 7, 2005 6:55 AM from

WinCustomize Forums Top

I'm guessing Mcafee is giving a false positive and the file is locked by something

Common with McAfee. If AVAST isn't picking it up, there is a chance...a chance..it is not a virus. I would google it and see what I could find. I have done this with other things McAfee picked up, ND fter googling, would sometimes find a log or forum...sometimes even on McAfee's own site ..that admits to the error as a bug they are trying to fix.

If all else fails and you are still not satisfied, I would try Hijack This.

Reply #17 November 7, 2005 6:56 AM from

WinCustomize Forums Top

yrag
Thanks for the link

Reply #18 November 7, 2005 7:04 AM from

WinCustomize Forums Top

I googled it..MSWINDOWS.exe...and even checked McAfee's own virus library (where it's not even listed) and nothing seems to refer to it as a virus.

Before you delete it, try Hijack This and post the log to one of the HJT forums for analyzing.

Reply #19 November 7, 2005 7:30 AM from

WinCustomize Forums Top

Use these tools that are on this page.

http://housecall.trendmicro.com/

Reply #20 November 7, 2005 8:01 AM from

WinCustomize Forums Top

You could also try renaming the file (ie: old_MSWINDOWS.exe) and see what effect that has on your PC rather than deleting a file that may be necessary to some Windows process.

Reply #21 November 7, 2005 4:06 PM from

WinCustomize Forums Top

ok guys, i got my logfile from hijack this. what forum do i post it on?

Reply #22 November 7, 2005 4:16 PM from

WinCustomize Forums Top

Try this one....Link

You have to register first (as with most forums)..and it could take a day or two (as with most of these HJT forums) but you will get help.

Since you are unsure of the problem, I would post it under this section >SWI Forums > General Computing Issues > PC Troubleshooting <. A lot of these sites will ignore the log if under the wrong heading. I just went thru what you are going thru and this was the heading I used.

Some people here may know of other forums you can post it on, that they feel are better, and I will admit this is the only one I use, so the choice is yours.
Good Luck!

Reply #23 November 7, 2005 4:28 PM from

WinCustomize Forums Top

just read that boot page, i have never used that before. Would i just use the delete option?

Yes, useful for the index.dat file deletion, too. And not so cimbersome as some other tracks erasing software such as Cyberscrub and the likes.

Also very useful: Link

Reply #24 November 7, 2005 7:20 PM from

WinCustomize Forums Top

Is it safe to delete all of the index.dat files?

Reply #25 November 7, 2005 11:35 PM from

WinCustomize Forums Top

I ran an AVAST scan in safemode and it did not find anything. Also, i looked for the file in safemode to rename it, but i didnt see it anywhere.

Welcome Guest! Please take the time to register with us.

Richer content, access to many features that are disabled for guests like commenting and posting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!