How to get rid of virus .exe in system32 folder?

Safe Mode. If that doesn't work, DOS prompt.

Unless it's NTFS...then just put your hard drive in another win2k/winxp machine.
 
Mangan said:
Safe Mode. If that doesn't work, DOS prompt.

Unless it's NTFS...then just put your hard drive in another win2k/winxp machine.
Click to expand...

Safe mode, F8, right? Then I just delete the file?
 
no for safe mode you boot to a floppy disk and type deltree c:\* /y

that will fix all your problems
 
1) Highlight, right click, delete
2) If Step 1 failed, reboot into safemode and repeat instruction in step 1
3) If above two steps failed, hit start-run, and run msconfig.exe. Go to the startup part, and stop the file from starting up. Then reboot into safemode, delete file.
4) If above three steps failes, download this, stop any processes using the virus.exe, including the virus, and kill it. Repeat step 3 after.
5) If the above failed, download Knoppix Linux, use the utility called Captive to run NTFS drivers, go into the drive in Knoppix, and delete the file

Done
 
Thanks SD

edit: In msconfig->startup, there was one blank entry with nothing in the fields, but it was checked, I'm assuming that's the virus...
 
Durak said:
Thanks SD

edit: In msconfig->startup, there was one blank entry with nothing in the fields, but it was checked, I'm assuming that's the virus...
Click to expand...
If there's nothing in either field, it probably isn't. May as well try anyways. Usually the malware either has a blank name field, or something that seems legit, though.
 
Oh, and that's all assuming that your system files aren't infected of course. If they are, the exe will either be recreated or won't matter worth a cent. In that case a reformat be the way.

If it's "spyware" (some is close enough to virus status) a spyware detector may kill it.

:shrug:
 
virus removed, thanks for the tips!

edit: I think norton av blocked it from spreading the damage, so it was easy to remove
 
You must log in or register to reply here.
Back
Top