Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System 32 Window


  • Please log in to reply
12 replies to this topic

#1 Cajun

Cajun

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 20 February 2006 - 01:35 PM

My mcafee virus scan found a PUP called PrcViewer which it could not delete. I quarantined it and from quarantine folder, I deleted it. Now upon startup, my System 32 window comes up.

Would appreciate any help in fixing.

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:44 AM

Posted 20 February 2006 - 02:24 PM

See if this helps:
http://support.microsoft.com/?kbid=170086
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:44 PM

Posted 20 February 2006 - 02:31 PM

Welcome to BC Cajun

If tg1911's instructions do not work, Click Here to open a Kelly's Korner vbs script . Download a small .vbs file to your desktop.

Once it's downloaded, run it according to the directions at the top of the Kelly's Korner page.

Let me know what happens :thumbsup:

David

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:44 AM

Posted 20 February 2006 - 08:34 PM

I think this page is the one that David is referring to. :thumbsup:

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:10:44 AM

Posted 20 February 2006 - 09:20 PM

Welcome to BC Cajun.
"2007 & 2008 Windows Shell/User Award"

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:44 PM

Posted 21 February 2006 - 04:16 AM

Ooops..thanks Leurgy :thumbsup:
David

#7 Cajun

Cajun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 21 February 2006 - 08:13 AM

Thank you, everyone, for the welcome and the suggestions. I am thrilled that Davids' vbs file did indeed fix my problem.

tg1911, thank you for your link. (Love your coat-of-arms). I have to admit that reading about editing the registry not only scares the $#!@ out of me, it makes my brain get fuzzy. Sometimes I know just enough to get myself in trouble.

Any ideas on where I may have picked up PrcViewer? Could it be the Dell Support stuff? Is it malicious or legit?

Anyway, thanks for the solution!

:thumbsup:

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:44 PM

Posted 21 February 2006 - 12:43 PM

Great, glad it worked for you :thumbsup:

'PrcView is a process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads and module usage. For each DLL it shows full path and version information. PrcView comes with a command line version that allows you to write scripts to check if a process is running, kill it, etc. '

I'm sure it's legit. Does this help?

David

#9 Cajun

Cajun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 21 February 2006 - 01:02 PM

Thanks David. I just don't know how I picked it up and mcafee couldn't delete it. when I quarantined it and then deleted it, it created my System 32 window problem. if it was legitimately bundled with Dell Support or something else, I would have left it alone to begin with.

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:44 PM

Posted 21 February 2006 - 01:19 PM

Might you be thinking of prcview.exe? That's completely different to the prcview program....
David

#11 Cajun

Cajun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 22 February 2006 - 09:50 AM

David,
McAfee identifies it as a PUP ... PrcViewer. It showed up in Documents and Settings yesterday and I quarantined it.
Today it is showing up as

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP51\A0008038.exe

and

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP51\A0008039.exe

I just wish I knew if is legitimately bundled with something. I have uninstalled the Dell Support software thinking it might have been with them. I rebooted, ran virus scan and the above showed up. Don't know if I should quarantine, try to delete or leave alone.

Note: I just noticed The two files in quarantine that PrcViewer is associated with are smitrem.exe and process.exe. I had downloaded smitRem exe. as a fix for removing winhound. It is still on my desktop.

I'm dizzy.

#12 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:10:44 AM

Posted 22 February 2006 - 10:40 AM

Here is information or the to .exe files you were wondering about.

Process.exe

smitrem.exe
"2007 & 2008 Windows Shell/User Award"

#13 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:44 AM

Posted 22 February 2006 - 12:15 PM

ackan is on the right track there however the process.exe that is bundled in smitrem is not a malicious file but rather part of the smitrem removal tool. It also gives false positives with Kapersky AV and A-Squared Trojan Remover, and perhaps other anti malware programs but those are the only two I'm aware of. There is also a pv.exe included in smitrem.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP51\A0008038.exe


This is part of your XP System Restore. You can remove both those entries by turning off and re-enabling System Restore. This will delete those restore points and create a new (hopefully) clean one. See Windows XP System Restore Guide

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users