1. Join Now

    AVForums.com uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

pc error techy help req.

Discussion in 'Desktop & Laptop Computers Forum' started by Taz, Mar 23, 2003.

  1. Taz

    Taz
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Hi all, heres a quick Q. for all you techys out there... my PC on boot up of XP is giving me the following message, whats caused it and what shall/can I do?

    Thanks in advance.


    Windows can not find C:\windows\system32\winsys.exe make sure you typed the name correctly and then try again to search for a file, click start button, and then click search.

    (BTW if I just close this error the PC works fine?)
     
  2. Gerbil

    Gerbil
    Member

    Joined:
    May 20, 2002
    Messages:
    265
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Newbury
    Ratings:
    +23
    That file doesn't exist in my installation of XP whch is working normally and a quick search on Google reveals its linked to several nasty viruses like this one

    I'd make sure your AntiVirus is up to date and do a scan.
     
  3. Taz

    Taz
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Cheers for that, so....

    Autostart Technique

    The copy that dropped WINSYS.EXE modifies the following registry keys:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

    It modifies the keys by adding this entry so that WINSYS.EXE executes upon Windows startup:

    “Configuration Loader=winsys.exe”



    can i jut delete that line from the registry then?
     
  4. Gerbil

    Gerbil
    Member

    Joined:
    May 20, 2002
    Messages:
    265
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Newbury
    Ratings:
    +23
    That might work, but if you search Google you'll find that it may be one of several different viruses. That technique may not remove all of it or stop it reactivating.

    Reading between the lines it would appear that you have no AntiVirus ;-)

    There's a free AV package here. Try running this before you try editing the registry manually.
     
  5. Taz

    Taz
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    I have full Norton AV and firewall running, it even caught it as it came in! thats whats so annoying ;)

    gonna try and remove that from the registry and see what happens:rolleyes:

    cheers
     
  6. Gerbil

    Gerbil
    Member

    Joined:
    May 20, 2002
    Messages:
    265
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Newbury
    Ratings:
    +23
    Oh dear :-(

    Guess what I'm running..... Norton.

    If you're going to edit the registry, check for the same keys under HKEY_CURRENT_USER also. Probably won't be anything there, but it doesn't hurt to look.
     
  7. Taz

    Taz
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    I dont have a registry entry called Configuration Loader in either Run or Run Services, but I do have a key in Run Services called WinSys, with a value of winsys.exe. Should I delete this value?

    I'm worried that if i do, and it is supposd to be there, that Windows won't boot up at all when I re-boot my machine? If this happens, how do I get the registry entry back?



    Taz.
     
  8. Gerbil

    Gerbil
    Member

    Joined:
    May 20, 2002
    Messages:
    265
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Newbury
    Ratings:
    +23
    You definitely don't need that line. I don't have it and Windows XP is running fine.

    The Run, RunOnce and RunServices entries are only executed once WindowsXP is in GUI mode and ready to log you on so any editing in there won't stop XP from loading. The RunServices line doesn't run critical services, those are all controlled from elsewhere in the registry.
     
  9. ReTrO

    ReTrO
    Active Member

    Joined:
    Jul 12, 2000
    Messages:
    3,498
    Products Owned:
    0
    Products Wanted:
    2
    Trophy Points:
    71
    Location:
    High Wycombe, Bucks, UK
    Ratings:
    +59
    No winsys.exe on my XP system either.:smashin:
     
  10. Taz

    Taz
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Ok, I have deleted that line from the registry(with no difference on boot up) but its also in the registry history, ACMru 5603 folder 000 & 001 and in the winlogon shell as explorer.exe C:\windows\system32\winsys.exe

    :rolleyes:

    delete these as well:confused:
     
  11. ReTrO

    ReTrO
    Active Member

    Joined:
    Jul 12, 2000
    Messages:
    3,498
    Products Owned:
    0
    Products Wanted:
    2
    Trophy Points:
    71
    Location:
    High Wycombe, Bucks, UK
    Ratings:
    +59
    I guess so.

    I remmember having this on my PC at home and just delected from wherever it was seen. That was caused by a virus.
     
  12. nutcase_1uk

    nutcase_1uk
    Active Member

    Joined:
    Apr 15, 2002
    Messages:
    479
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    Essex, unfortunately
    Ratings:
    +3
    :eek:

    Before deleting or doing ANYTHING with a registry you should back it up.

    Start menu, Run, regedit. Choose File, Export. Export range All. Then give it a name (oldreg.reg or similar). THEN delete 'til your heart's content :)
     
  13. Taz

    Taz
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    cheers nutcase :smashin:
     
  14. nutcase_1uk

    nutcase_1uk
    Active Member

    Joined:
    Apr 15, 2002
    Messages:
    479
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    Essex, unfortunately
    Ratings:
    +3
    But if you want to know how to restore a backup of the registry, that'll be a tenner :D

    I *think* (never had to do it) you load regedit again, and do import. Pick teh file and it overwrites the existing registry. You may have to boot into safemode if the registry is so dead it won't boot normally.
     
  15. Gerbil

    Gerbil
    Member

    Joined:
    May 20, 2002
    Messages:
    265
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Newbury
    Ratings:
    +23
    You could also try Erunt.

    I use it at work for taking backups of the registry under Windows 2000 (works under XP also).

    Its free and well worth a try.
     
  16. Taz

    Taz
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    I'll give erunt a go as they claim..................

    Note: The "Export registry" function in Regedit is USELESS (!) to make a complete backup of the registry. Neither does it export the whole registry (for example, no information from the "SECURITY" hive is saved), nor can the exported file be used later to replace the current registry with the old one. Instead, if you re-import the file, it is merged with the current registry, leaving you with an absolute mess of old and new registry keys.
     

Share This Page

Loading...