Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: is system32/root/system32.exe a virus?

27 Mar 2013   #1

win 7
 
 
is system32/root/system32.exe a virus?

when i installed windows 7 any version after installing the drivers a dialog box poped up saying system32.exe has stopped working and many such box appeared at once....then when i got a software called combofix.exe which was a boon to me and ran then in the result it deleted system32/root/system32.exe and system32/root folder too,,,,, then pc worked and no such warning again

my question is
1. is that path which i have mention is not needed
2. was that virus
3, does Ur c drive contains that folder or not please confirm me friends...
4,,,in reality (healthy pc) that path and directory is available or it was only created in my pc and later deleted....is that directory needed or not
4. main strange is that when it is been deleted and pc works well then when i re install any version of win 7 same thing repeated and i have to run the software again,,,why does it reappears in each installation with drive formatting even though it is deleted



plese help me exeperts with the solution that same thing doesn't appear in new installation

My System SpecsSystem Spec
.

27 Mar 2013   #2

W7 Pro SP1 64bit
 
 

You should not use Combofix without the help of a trained person.
Do not use Combofix on your own!!
My System SpecsSystem Spec
27 Mar 2013   #3

win 7
 
 

thanks for reply but why ...will that software harm?
My System SpecsSystem Spec
.


27 Mar 2013   #4

W7 Pro SP1 64bit
 
 

That software can make your computer not boot or be unstable. It is not bad software; you just need to know how to use it.

Did you get a chance to read any of the thread that I linked to?
Do not use Combofix on your own!!
I do understand that this is an international forum and perhaps the "doorstop" idiom does not translate well.
My System SpecsSystem Spec
27 Mar 2013   #5

Windows 8 Core X64
 
 

There is no \Windows\system32\root directory on my system. Was it created by one of the device driver installs?
My System SpecsSystem Spec
27 Mar 2013   #6

Windows 7 Home Premium
 
 

quiclslvr,

You have posted this issue not only here, but also saw it at BleepingComputer.

ComboFix 13-03-24.03 - Dare2winn 03/27/2013 21:40:46.1.4 - x64, found the following in your system:

c:\windows\root\system32.exe

It is manifesting on the following Active Setup Registry key:

HKLM_Wow6432Node-ActiveSetup-{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} - c:\windows\root\system32.exe

The CLSID: {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} is associated with a Trojan.
ComboFix did remove it, though.

As to ComboFix, it is not a scan for the everyday user to casually run on a computer, and see what it finds. Its output, the ComboFix log, in many cases requires further actions in the form of a script.
It is a tool specifically created for the use of malware eradicators that have been trained on its operation.
Even then, it is used cautiosly, and only when it is called for.

Since you already posted at the BleepingComputer forums prior to coming here, I suggest you follow up with the guidance given to you there.
My System SpecsSystem Spec
28 Mar 2013   #7

win 7
 
 

Quote   Quote: Originally Posted by Ztruker View Post
There is no \Windows\system32\root directory on my system. Was it created by one of the device driver installs?
thanks but which driver?
My System SpecsSystem Spec
28 Mar 2013   #8

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Quote   Quote: Originally Posted by quiclslvr View Post
2. was that virus
Most likely. Viruses like to camouflage themselves by either naming themselves after a common known system file to avoid detection or corrupting a system file and taking over the function, along with added virus code injected into the process.
My System SpecsSystem Spec
28 Mar 2013   #9
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

CLSID: {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} is a Botnet/Trojan ....
What Is the Difference: Viruses, Worms, Trojans, and Bots? - Cisco Systems

Suscribe to your topic at Bleeping Computers.
My System SpecsSystem Spec
28 Mar 2013   #10

Windows 8 Core X64
 
 

I don't know, that's what I'm asking you

What is in it? Maybe something there will give you a clue to its origin.

You can rename \system32\root to system32\root-save then reboot and see how the system runs. If okay then after a bit you can delete it, but if it's not very big, why not just leave it alone unless you can determine where it came from?
My System SpecsSystem Spec
Reply

 is system32/root/system32.exe a virus?





Thread Tools



Similar help and support threads for2: is system32/root/system32.exe a virus?
Thread Forum
X:\windows\system32\cmd.exe - What is this...??? General Discussion
Two System32 Folder General Discussion
can't run programs from system32 with CMD General Discussion
Jumplists And System32 General Discussion
Let <system32\startup.exe> run on 64-bit? Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:43 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33