PDA

View Full Version : system32.exe???


Mahin
2010-10-07, 11:47
Hallo
Yesterday I installed spybot on my Computer and took a look on the list of the System startups. I saw a line with a blank value and no filename. Spybot-information showed that this is system32.exe which is considered as Trojaner.
I was looking in my computer after this file but didn’t find it (also after revealing hidden foldernames).
How can I find the filename of this blank-appearing exe??
Thanks
Mahin
Zenobia
2010-10-07, 21:53
Please see here:
http://forums.spybot.info/showthread.php?t=12948


odly enough I just noticed another 'odd' entry in the system startup list.

This one is at the top of the list and is plain white. (no red/green/yellow) Also, there's nothing written in the 'value' and 'command line' slots.

Here is it's description:

Current filename:

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: system32.exe

Description
Added by the _AGOBOT-KU_ WORM! Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list
----------------

Is this right? I'm having trouble believing it as this is a very new system and has been completely protected from the beginning and I do not recall ever having caught the _AGOBOT-KU_ WORM.

Should I delete this entry or ignore it? I'm running vista home premium in case that matters.

ANy input or response is greatly appreciated, thanks!:D:



I have the same blank start-up entry on my Vista computer.Looking in the registry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,I see no blank entry except the top one,(Default) Reg_SZ,and under Data,it is blank.I added (Value Not Set)to the (Default) entry,and restarted Spybot,and Spybot picked up on it in the description/Current filename:
Current filename: (Value Not Set)

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: system32.exe

Description
Added by the _AGOBOT-KU_ WORM! Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list

So I'm pretty sure Spybot is just picking up on the (Default) registry entry.