When you start Windows XP, you receive 'Cannot find C:\Windows\System32\System32.exe'
The subject error message is indicative of an incomplete removal of the W32.KWBot.C.Worm virus from the registry.
To remove the virus from the registry:
01. Open Regedit.exe.
02. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. If the SystemSAS Value Name exists, and contains the system32.exe data value, delete the Value Name.
03. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. If the CMD Value Name exists, and contains the cmd32.exe.exe data value, delete the Value Name.
04. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices. If the SystemSAS Value Name exists, and contains the system32.exe data value, delete the Value Name.
05. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices. If the CMD Value Name exists, and contains the cmd32.exe.exe data value, delete the Value Name.
06. Navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce. If the SystemSAS Value Name exists, and contains the system32.exe data value, delete the Value Name.
07. Navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce. If the CMD Value Name exists, and contains the cmd32.exe.exe data value, delete the Value Name.
08. Delete the HKEY_Local_Machine\Software\Krypton key if it exists.
09. If the Shell Value Name, at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon does NOT contain the correct shell, Explorer.exe by default, change it.
10. Navigate to HKEY_CURRENT_USER\SOFTWARE\Kazaa\LocalContent. Delete any Value Names that reference the %Windir%\UserTemp or %Windir%\User32 folders.
11. Navigate to HKEY_CURRENT_USER\SOFTWARE\iMesh\Client\LocalContent. Delete any Value Names that reference the %Windir%\UserTemp or %Windir%\User32 folders.
12. Exit the Registry Editor.
13. Shutdown and restart Windows XP.
Loading Comments ...
Comments
No comments have been added for this post.
You must be logged in to make a comment.