Hello all. Recently I restarted my computer for the first time in a little while, and when I restarted it I had a dialog box come up featuring the program C:/Windows/System32 or something of the sort with the Run Close etc dialog box (a typical run download box). I did a sweep with Norton Antivirus as well as Ad-Aware and Spybot and nothing came up, computer totally clean. The other odd thing is this is in the middle of my startup and it stops everything else from starting up until I close it. (It stops Apache and MySQL from booting up on my pc as well as AIM and other such progs). Any idea as to what this is, where to find it and how to get rid of it? Any assistance appreciated. Thanks all!

Okay just restarted. File is in C:\Windows\System32 folder according to dialog box. Program is called system32.exe. When I go to folder it doesnt exist as visible or hidden file. I ran a search for it and the only file that came up on my C: drive under "system32.exe" search was SYSTEM32.EXE-293D3366.pf in the C:\Windows\Prefetch folder. Could this possibly be the culprit and maybe its downloading something to my computer each time it restarts as part of a pre-fetch internet command or am I just assuming the wrong thing? Thanks again folks!

Just Google it! That should answer your question. Apparently it is a virus, as you suspected. Here's what Symantec says about it: "Backdoor.SysXXX is a backdoor Trojan program that was written in the Delphi language. Backdoor.SysXXX gives a hacker complete access to your computer. By default, the Trojan opens two TCP ports, 31,556 and 6,051, which it uses to communicate with the hacker. It notifies the hacker through email or ICQ. Also, Backdoor.SysXXX attempts to terminate various security products and system monitoring tools." Another site has the following to say about system32.exe: "Description: system32.exe is a process which is registered as the TROJ_SUA.A Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately." Good luck with it! Rob Pectol http://rob.pectol.com/

Yeah, good call. I don't know why I didn't bother to google this. I normally do, just figured it was slightly more malicious based on its course of actions and figured I would ask here, oh well lol! Thanks for the input! Appreciate it and removing it now. =] My autoupdate on my virus-scanner was off and the definitions were two weeks old lol!

Okay slight problem here. Symantecs and all other instructions do not seem to work. I manually went and poked around in my msconfig and in the Startup found the System32. I unchecked it and restarted, it doesnt pop up. But its still on my system. The loaction it gives is just plain "system32" and for registry info it gives SOFTWARE/Microsoft/Windows/CurrentVersion/Run. I cant find it in that directory. All I have in there is as follows: (Default) ATIPTA iTunesHelper MCAgentExe MCUpdateExe MPFTray MSKAGENTEXE MSKDetectorExe NeroFilterCheck QuickTime Task SunJavaUpdateSched TkBellExe VirusScan Online VSOCheckTask Symantecs directions didnt work. Any other ideas or avenues to approach? Thanks again!

I searched my registry for system32.exe and came up with these hits: <all under HKEY_LOCAL_MACHINE> NAME ------ Type ------- Data command -- REG_SZ -- system32.exe ((location: SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System Support )) NAME ------ Type ------- Data System Support -- REG_SZ -- system32.exe ((loc: SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices)) NAME ------ Type ------- Data 000 -- REG_SZ -- system32.exe ((loc: S-1-5-21-527237240-1770027372-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603 )) Could anyone please check and compare and see if they have any of these and whatnot? Thanks for the help again!

i manage to get rid off some nasty trojan backdoor files with this program: http://emco.is//download/malwarebouncer/malwarebouncersetup.exe i'm so thankful to that program. check updates before scan.. Pending...