• Undesirable program

    WIN32K.SYS:2 Information

    This is an undesirable program.

    This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

    If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums.

  • Alert
    This file is a rootkit and may be hiding other files, processes, and registry entries on your computer.

    If you find this file on your computer, it is strongly advised that you create a virus removal assistance topic. Instructions on how to do this can be found here.

  • Name
    win32k.sys
  • Filename
    win32k.sys:2
  • Command
    C:\WINDOWS\win32k.sys:2
  • Description
    The ZeroAccess rootkit. This rootkit terminates any program that scans its processes or files and then changes the permissions on them so you can no longer run them. This infection uses Alternate Data Streams and rootkit technology to hide itself and the service entry.

    Please note, this infection should not be confused with the legitimate C:\Windows\System32\win32k.sys file, which should not be deleted.

  • File Location
    %WinDir%
  • Startup Type
    This startup entry is a Windows Driver. A driver is a program, that when started, allows Windows to communicate with specific hardware or virtual devices that are installed on your computer. Therefore, if you disable a Windows Driver, the piece of hardware that it was designed to work with may no longer work or have limited functionality.
  • Service Name
    win32k.sys
  • Display Name
    win32k.sys
  • Note
    %Windir% refers to the Windows installation folder. By default, this is C:\Windows for Windows 95/98/ME/XP/Vista/7 or C:\Winnt for Windows NT/2000.
  • This entry has been requested 17,468 times.

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Login

Remember Me
Sign in anonymously