You receive a "Cannot find C:\Windows\System32\System32.exe" warning message when you start Windows XP (833767)


The information in this article applies to:

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

When you start Microsoft Windows XP, you may receive the following warning message:
Cannot find C:\Windows\System32\System32.exe

CAUSE

This issue occurs because of an incomplete removal of the W32.KWBot.C.Worm virus from your computer.

RESOLUTION

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue, you must remove the virus completely from the Windows Registry. To do so, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. For each of the following registry keys, locate the key, click the key, on the Edit menu, click Delete, and then click Yes to confirm the deletion:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemSAS system32.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CMD cmd32.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SystemSAS system32.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\CMD cmd32.exe

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SystemSAS system32.exe

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\CMD cmd32.exe

    HKEY_Local_Machine\Software\Krypton

  3. Locate, and then click the following key in the registry:

    HKEY_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

  4. On the Edit menu, click Modify.
  5. Type Explorer.exe, and then press ENTER.
  6. Locate, and then click the following key in the registry:

    HKEY_CURRENT_USER\SOFTWARE\Kazaa\LocalContent

  7. Delete any values that refer to the C:\%Windir%\UserTemp or the C:\%Windir%\User32 folders.
  8. Locate, and then click the following key in the registry:

    HKEY_CURRENT_USER\SOFTWARE\iMesh\Client\LocalContent

  9. Delete any values that refer to the C:\%Windir%\UserTemp or the C:\%Windir%\User32 folders.
  10. Quit Registry Editor.
  11. Restart your computer.
Modification Type:MajorLast Reviewed:1/28/2004
Keywords:kbRegistry kbprb KB833767 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.