Have I got a virus or is my XP bust?

[darthshearer]

Yesturday whilst on my PC may Pa bless him switched the power off to fix a plug socket, BUT didnt tell me and I was on my poota!

When I tried to boot back up it was saying the system32.exe file was bust! I have had my zonealarm asking a few times if this file can access the net!

I asked someone once on this board and they said it was a virus!

The problem is that I cant get on the net "cant find page" and its Damn slow and sometimes I find it hard to shut down.

My PC IS:-

Windows XP Pro
128Mb DDR mem
Asus Mobo (sorry dunno make of top of my head @ work)
40Gb Hard Disk
Geforce 440Mx 64Mb
128Mb OEM Soundblaster
Cable Connection

Thanks

 

[Wilier]

Try booting into safe mode (F8?) see if it will let you in that way, then try a restore point.

Might work?

Otherwise, you can use the repair installation on the XP disc.

 

[darthshearer]

IT says I dont have a restore point but will try the CD thanks

 

[Miles_Binck]

darthshearer as you yourself said in this thread it is a virus, having assumed you attempted the removal procedure it should be cleared up.

Do a quick google search for system32.exe and you will see a vast number of links saying it is a virus

http://www.annoyances.org/exec/forum/winxp/n1042090990 is a good place to start.

 

[Tom]

Boot your computer from an antivirus cd, or a virus rescue disc. If you don't have one, either go out and buy it (only £25 or so for Norton), or borrow off a friend. Deleting the file before windows boots is no guarantee that you will delete the virus.

 

[smurkin]

Dude, the guys are right...deal with the virus problem first...you probably arent running an up-to-date virus checker as you seem to still have the mairjuana virus....it is possible there are all sorts of unpleasant little virus problems running underneath the hood of your os...which might be causing some of your problems..plus...theres no point trying to repair the os from the XP disk until your system is clean as you'll just get reinfected.

Good thing is that zonealarm is monitoring your network traffic and hopefully preventing your data from being nicked. However, I would be nervous about doing anything sensitive...banking etc until the virus problem is sorted.

*edit* have a look at Norton Antivirus free download / trial...or perhaps run this first: McAffee Freescan

 

[darthshearer]

Dudes

Thanks for the very helpful and happy advice, its great having this community /me cries

Anway I got the Norton Sys works and it has got rid of most of the infected files BUT it has one that I cant put in Quarentine nor can I delete it, so what now?

Shall i leave it there and just scan say everyday?

Thanks again guys

 

[Tom]

Are you running the Antivirus from an installation on your computer, or are you booting from the CD itself. Try the latter, you should have more success.

 

[darthshearer]

TRied it from my CD and it only raelly scans 28 files! am I not doing it right?

Another thing is my zonealram. The items that have asked for access etc are in a list yrp! In that list is 2 of the viruses that have tried to access the net. I cant delete them from the list as it keeps coming backi, could this be one of the reasons why I cant delete them?

 

[Miles_Binck]

darthshearer did you follow all the steps in manually removing the virus including editting the registry??

 

[smurkin]

Originally posted by darthshearer
TRied it from my CD and it only raelly scans 28 files! am I not doing it right?

Another thing is my zonealram. The items that have asked for access etc are in a list yrp! In that list is 2 of the viruses that have tried to access the net. I cant delete them from the list as it keeps coming backi, could this be one of the reasons why I cant delete them?

28 files....sounds like you are scanning the CD ROM...change directory/drive ??

I'd be surprised if zonealarm was causing the reinfection - I'd bet the virus(es) are lurking either in your outlook express mail or in downloaded .exe or files....be especially aware of keygen programs and cracks (and bots ). Often what happens, when a virus is "activated" it (1) writes a line in the registry that tells windows to run the virus, perhaps on startup (2) the virus copies itself elsewhere either corrupting other files or .exes maybe even on other machines on your network.

Attempts to eliminate the virus result in destruction of the copies but the copies are remade when the registry executes the original contaminated files..hence reinfection. I guess what I'm saying is you have to be thorough.

Its helpful to search using findfiles for files with the virus name if you are removing infection by hand.....and you have to remove the bad lines in the registry, or the virus may recontaminate the registry if still active. (careful with regedit tho...follow the removal instructions exactly). Also enable real time or system scanning as this will block naughty processes as they occur and let you know there is a virus in action.

Also disable previes in outlook express as in the past this has allowed e-mail viruses to run without you officially opening them (found in view layout)

What were the names of the virus .exes trying to reach the internet ?

 

[darthshearer]

The names were browselc.exe and system32.exe
I have got rid of most of them but the system32 is proving a little difficult.

Miles gave me a good link which I have been following!

Thanks for all the input.

Edit...

After 2 days and all the help from you guys I think (touch wood ) I have got rid of the little bliter!

Thanks again guys