I had a trojan attached to win32sys.exe. Using Cybermedia First Aid I deleted it. I deleted the whole exe file. I tried restoring it using First Aid but it didn`t work. Now I can`t defrag or run scandisk. Help?
The trojan was Tojan.win.kewl.

From your Windows CD, use the EXTRACT command (use EXTRACT /? for instructions) to find the win32sys.exe inside the .CAB files. Make sure you copy the file back to it's original location. Good Luck.

i deleted win32sys.exe and i've lost my windows disk is there any were i get it off the net

I also am missing my win32sys.exe I haven't any idea what it does. I have a feeling it is something my son deleted. Everything seems to be working except I get a message about this file upon booting up. Please let me know anything you find out.

Reply to SHER:
(In win95) go to MS-DOS mode and type command EDIT at the C:\WINDOWS prompt. From the editor screen, call up the WIN.INI file. You will find the third line reads load c:\windows\win32sys.exe -- place a REM statement in front of this line. This will take care of the error message boxes until you can restore the file as WIREHEAD described.

(Follow Up to my Follow Up)Remember to remove the REM statement afterward...

A word about virus scan progs: McAfee 4.0 can detect and isolate the virus without deleting the file. It's available free from their FTP site. The version I have is a little older (must remember to update those .DAT files) so it was not able to fix the infected file, it simply renamed it with a VXE termination.

what application does this execute... and does it affect 16 bit commands as wellas 32 bit commands/thanks

Win32sys.exe is the virus file itself, . Aol has alot of pranks and ghosting programs, and this sounds like one. To get it out edit you config.sys and your autoexe.bat file in you system configuration utility and take the file win32sys.exe out, and use a cold reboot. As for trying to restore the file off the windows cd you can't . causes its not a window file. I don't think that this file could cause any phyical damage to your system

This IS NOT A MICROSOFT File...
your system will run ok with out it

If you are still having this problem.
go to start>run>sysedit
open your win.ini file
under the [windows] section
locate the line that says LOAD=":\windows\win32sys.exec and remove all but "LOAD="

this should take care of your problem
also you should run a current anti-virus program
that can check for other trojan horse viruses

This IS NOT A MICROSOFT File...
your system will run ok with out it

If you are still having this problem.
go to start>run>sysedit
open your win.ini file
under the [windows] section
locate the line that says LOAD=":\windows\win32sys.exec and remove all but "LOAD="

this should take care of your problem
also your anti-virus program up to date!

When i start my computer i get a message saying the file win32sys.exe is missing. What should i do?

Ok, I was stupid enough to download a small prog and execute it, and since pc-cillin didn't detect anything i thought it was ok. Well, i decided anyway to download the update for pc-cillen, and sure enough pc-cillin did detect it as a virus, but by then i had already executed it. Its a trojan that steals passwords, but i pressed 'ctrl', 'alt' and 'del' and closed down the mysterious program that was running which doesn't normally, and sure ebough i had closed down the trojan, which was active. I had to do this because i started aol to see if i could find any info on the virus and as soon as i started aol pc-cillin popped up saying it detected a virus. Anyway, i closed it all down, did one last virus check on the whole of my pc, and sure enugh win32sys.exe was infected. After reading here, i now know that win32sys.exe is the virus, but because i started aol and pc-cillin then detected the virus again, i'm wondering whether it infected aol?? If so it might possibly give my password away by sending a e-mail or something. Anyway, this virus or trojan is probably extremely new anyway, so if anyone else has a similar problem, give me an E-Mail. There si absoloutely nothing on the internet which meantions this virus (called Robin.exe)
Anyway, i'm not sure what i am going to do, but also send me an e-mail if you know how these things work,

Cya,
Chili111

I had bloodhound attached to my win32sys.exe, and norton told me to delete the file and get a uninfected copy of it, but i don't know where to get it from...

Thanks for your help everyone ... because of the above information - I got rid of the APSTROJAN.exe virus that attached itself in C:windows as PKG7000.exe (with a smiley face before the PKG). McAfee Clinic detected it, but could not delete it. I also had the constant message at startup that WIN32.exe was deleted - well NO MORE!! HAHA - I guess that was part of the virus also??? Anyway - I deleted it by: Start, Run, Sysedit, found WIN.INI and there was ... Load=\Window\PKG7000.exe. I deleted all but "Load=" as stated above, restarted my computer, and then deleted the PKG7000.exe file going into My computer, windows, found the file and deleted it. Everything seems to be running smoothly. I found information about the APStrojan.gen virus on the web page WWW.Symantec.com.

By the way - when I deleted the the information from the WIN.INI text, the smiley face turned to an evil looking demon face - interesting?!

Thanks everyone!

WHAT AM I GOING TO DO? I STRESS OVER THIS AND I'M NOT DOING WELL. I NEED HELP NOW.THIS THING IS GETTING ON MY NERVES!I'M GOING TO TRY TO DO WHAT YOU SAY AND IF IT DON'T WORK I'M SENDING THIS THING BACK! THANKS FOR YOUR SUPPORT

Well,
I had a virus,i got rid of the virus with nortons , but now i don't have the win32sys.exe file.
I don't know jack about fixing it!
Is there an easy way to take care of this are do you have to know something about computers ? I'm totally lost!
HELP!

I am another person that needs help cause I deleted win32sys.exe and don't know too much on how to get it back. Can you please help me!!

doe any of you people know what do do to get one of thes files?

Thanks all for the info. I was just looking for the win32sys.exe to replace the one i needed to delete because of the bloodhound trojan pws on one of my computers. If the info I read here is correct, then I can safely delete the file. My problem with all this is that the trojan must have bungled becuae it did not insert a command into any of the ini files that boot the system. Could the command be in some other ini file on the system?

Dale:
I believe you can find the exe file that runs the virus in the ini file named: WIN.INI ... it will look like: Load=\Window\
with the name of the exe file after the last \. It may have a virus name, but that would be different from the exe file name. There would be nothing else on the command line. (I believe)

Also, the error message that everyone is receiving about the Win32sys.exe is part of the virus. You delete it from the ini file, and presto - your error message is non-existent.

By the way - where are you tech support? Is there any really knowledgeable computer experts listening to this? If so - please respond with some good answers ... Please?

Hopefully this helps. I know how aggravating this is. I worked on it for almost 6 months until walla!

Have fun!

looks like we all got this virus around the same time does anyone know how they got it our what exactly it effected????
At least I can quite stressing on how to get rid of it.. thank you all..
I'm off to deleting. WISH ME LUCK LoL

I also fell prey to the trojan horse virus residing in win32sys....however after editing my WIN.INI file....I still get an error message saying that my WIN.INI file is trying to launch Win32SYS.exe....but I see no reference to it in the INI file....anyone have an idea?.....thanks in advance

MY WIN32SYS.EXE HAD THE APS TROJAN.GEN. I DONT KNOW WHAT KIND A VIRUS THAT IS ,BUT I HAD DELETED MY WIN32. NEED TO KNOW HOW TO DOWNLOAD IT BACK. MY MCFAEE VIRUS SCAN COULD NOT CURE IT. I HAD SAVED IT TO A FLOPPY.SOMEBODY PLEASE NEED HELP!IT HAS SLOWN MY PC DOWN.ALSO MESSAGE ABOUT INI FILE WHEN START UP.

I am also one of the apparent many of the trojan victims. I've deleted and have ended the replacement search of the win32sys.exe file due to the valuable information here. My problem is that the trojan virus seemed to have caused my computer to have; created many bad sectors, run scandisk on the boot-up of my system but unable to finish, cause most applications to run errors and close, ocasionally freeze on shut-down..etc. Perhaps its some other factor but it all happened after I detected the virus. PLEASE HELP!!! E-MAIL ME ASAP!!! MUCH APPRECIATED!!!

Ihad the same problem, however I had no virus on my system. I had however recently updated my virus dat files. I thought maybe this was a file that did not download properly, so I reinstalled the dat files. Guess what? That took care of the problem.

I stand corrected. I guess the virus was there, but had been cleaned the day before by another user. Why that file was still there, and why reinstallation removed it, are a mystery to me.

I also had the APStrojan.gen in my win32sys.exe file...And after looking here...I did delete both, and changed that whole win.ini thing...
Where IS the tech support in all of this??? Shouldn't they be helping? There's got to be enough of us here to do something about it...
Anyway, After I deleted and thought everything was better...Im having some strange problems...None of my online programs...(realplayer, IE5.0, ICQ, anything that uses the connection) wont connect..they all say "cannot connect to server". Can anyone tell me if this is from damage, or is it just some freak problem that happened right after all this?

If anyone can help, please drop me a line. AOL does me no good. Thru all of this I've written them over 10 emails, all with little tips on how to fix my problem...none were the right little tip.

Anyways, thats my input.

Megan

okie okie,i have been reading these re's for a while and everyone one is trying to say something different! is this win32sys.exe really that important? and if it is what does it effect? how should i restore it? can i restore it? thank you. . .

I have a trojan horse in my win32sys.exe i don't know what to do

Hello,
I also recently got this APS tojan virus. I used Protector Plus and deleted the files that contained the virus. However, now I am getting error messages when I start up my computer and it says that some files are missing. Also, when I go into display, I cannot change my screen settings. Does anyone have any information? Thank you in advance.

emily

I'm on the phone with a friend who was experiencing exactly the same problems as above. I had her send me here win.ini file, and there were no entries after
[windows]
load=
yet she still got the error when loading her desktop that win32sys.exe could not be found. Interestingly enough, she used her restore CD and reported the problem was still happening after that. In speaking with her now, we are unable to get that error (I did have her restore again). Think this is a 216 error (2 eyes 16 inches from monitor)?

I also too had the win32sys.exe virus. I can't get into the win.ini file to edit it through run, sysedit or through DOS edit. Won't let me edit file. What to do ? HELP!!!!

We have Windows 98, McAfee found APStrojan.gen6 in win32sys.exe, says can't 'clean', that we need to delete. You have shown a way to excise the bad line of code, but cannot find the LOAD=[etc] in the WIN.INI file thru the start>run>sysedit method; our LOAD= has nothing after the "=" sign. Ideas, anyone?

Hey,
I deleted my Win32sys.exe file. And I lost my windows cd is there a site I can go to to download it? Please help Me!!
--Whitney