Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect and System32


  • Please log in to reply
12 replies to this topic

#1 warn23

warn23

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 26 April 2011 - 12:57 PM

Hello,

I am at wits end trying to get rid of what ever it is that I have. I have had my issue for a few months and it is finally started to bug be. The two issues I am have may or may not be related. The first issue: every time I start my computer, the "System 32" folder opens up and one of the folder names is in blue text (see pic).

Posted Image

The second issue happens when searching the internet, I often get redirected after clicking a link (my web browser Firefox v. 3.6.16). For the past 3 years I have been using CenturyLink Online Security (an F Secure product) and I run a full system scan once a week. I uninstalled that virus software today and installed free AVG in hopes that it would be able to detect the issue on a full system scan. AVG was also unsuccessful in finding the problem.

Aside from a system reformat, what else can I try to clear this problem?

Thanks,
Jessica

BC AdBot (Login to Remove)

 


#2 warn23

warn23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 26 April 2011 - 01:07 PM

I forgot to mention, I am on a Dell Inspiron Mini running Windows XP.

#3 Computerproblem101

Computerproblem101

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 26 April 2011 - 01:08 PM

If you are infected, the infection seems to be a very weak one. Go to Http://www.malwarebytes.org and download Malwarebytes. Update it, and run the quick scan. Remove anything found & reboot your PC and then come back here.

#4 warn23

warn23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 26 April 2011 - 01:21 PM

Will do. Thanks.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 26 April 2011 - 01:25 PM

The System32 folder opens at startup because of a corrupt registry value. The value could have been corrupted for a number of reasons to include malware or installing/uninstalling a program which did not install/uninstall itself properly.

The problem could also be caused by empty run entries in your startup shortcuts which will open the system32 folder. The first thing to do is check the startup run registry entries with AutoRuns and if any are present, remove those entries.

If that does not resolve the issue, click on the link below:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to #260 and click "System32 Folder Opens Upon Boot" in the right column. You will be prompted to download xp_systems32opens.vbs. Save the file to your desktop and double-click on it to run the script. Since the script modifies certain registry settings you may receive an alert from your anti-virus or any script blocking program. Ignore the warning and allow it to continue.

Also see System32 Folder Opens When Logging on to Windows.

CAUTION: This solution involves making changes in the Windows registry. Always Create a New Restore Point and back up your registry before making any changes. Vista/Windows 7 users can refer to these instructions. If you're not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable. ERUNT is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.


Note: By design, Windows displays compressed or encrypted files and folders with a unique color. Windows compressed files that do not get used frequently are displayed in blue (NTFS compression) and encrypted files are in green.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Computerproblem101

Computerproblem101

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 26 April 2011 - 01:27 PM

Good advice, even still, run Malwarebytes just in the case that it was Malware that caused this in the first place.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 26 April 2011 - 01:35 PM

Yes, I would still recommend warn23 scan with Malwarebytes.
  • Follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 warn23

warn23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 26 April 2011 - 02:09 PM

I downloaded malwarebytes and did the quick scan but it did not find anything.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 26 April 2011 - 02:28 PM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.[/color][/i]
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 warn23

warn23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 26 April 2011 - 02:31 PM

Ok, I'll do that now. Thanks.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 26 April 2011 - 02:34 PM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 warn23

warn23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 26 April 2011 - 03:26 PM

I am running the Eset scan now (on the infected computer). It is on step 3 or 4 at 37%. Thus far, it has found 2 infected files, one of which is a "variant of Win32/HackTool.Patcher:P application." Thanks again for all of the help. :)

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 27 April 2011 - 06:45 AM

Post the results when the scan is complete.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users