register files??

[dewolf]

Since couple of days I have problem, as I start the system after boot, these messages appears. I am not very good understanding computer problem. Please do help me and let me know how I could resolve the problem. Thanks. Here are the screen shoots.

[redwudz]

You might have a bigger problem. Windows.exe could be a fairly nasty virus and or trojan: http://www.auditmypc.com/process/windows.asp

This from another site:

This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

You might try SpyBot S&D: http://www.safer-networking.org/en/download/index.html

If it is a trojan/virus, you may need to run SpyBot in 'Safe Mode' to get rid of it. And I would unplug from the internet if you are on cable or DSL when you run the scans.

Another good freeware scan is Trend Micro's Housecall: http://housecall65.trendmicro.com/

If neither of those do the trick, do a Google search for 'Windows.exe' and you may find some more complex ways to eliminate it. And you may want to update your antivirus and add SpyBot and Spyware Blaster for future protection. They are both freeware. SpyWare Blaster is available here: http://www.javacoolsoftware.com/spywareblaster.html Don't download these programs from other locations as there are bogus imitators out there.

Good luck.

[dewolf]

You might have a bigger problem. Windows.exe could be a fairly nasty virus and or trojan: http://www.auditmypc.com/process/windows.asp

This from another site:

This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

You might try SpyBot S&D: http://www.safer-networking.org/en/download/index.html

If it is a trojan/virus, you may need to run SpyBot in 'Safe Mode' to get rid of it. And I would unplug from the internet if you are on cable or DSL when you run the scans.

Another good freeware scan is Trend Micro's Housecall: http://housecall65.trendmicro.com/

If neither of those do the trick, do a Google search for 'Windows.exe' and you may find some more complex ways to eliminate it. And you may want to update your antivirus and add SpyBot and Spyware Blaster for future protection. They are both freeware. SpyWare Blaster is available here: http://www.javacoolsoftware.com/spywareblaster.html Don't download these programs from other locations as there are bogus imitators out there.

Good luck.

Thanks a lot for you kind info, I really appreciated it.
I did what you have said, same procedure and steps. But nothing happen!!
The problem is same, it is still there.

Even I ran housecell also. Yes now I notice it is indeed virus, but what shall I do now???

[JohnnyMalaria]

There is no official Windows component called windows.exe - so, clearly there is something nasty going on (and Google does indeed suggest it is a trojan...)

However, the messages state that it is missing - which is probably a good thing.

Open the registry editor (Start/Run/regedit) and search for "windows.exe". Chances are it is listed as one of the programs to run at start-up.

Post back here with any entries you find in the registry with the search.

[TBoneit]

Try AVG Antispyware from www.free.grisoft.com

It looks like the windows.exe was removed by your Antivirus/Antispyware.

[dewolf]

@Johnny

i did check all registry, couldn't find any thing. I have Avg 7 internet security, its find something name window.exe, but when i try to find the location i wasn't able to. here is the screenshoot of the avg scan result.

[dewolf]

@ TBoneit

I did have AVG from long time, yes it had remove the threats, but then why the message appeared in the start all the time?
how could i stop it??

[SanderMan]

You can also try by running msconfig. Go to start->run and type msconfig.
Click on startup and see if you canfind windows.exe as a startup service then you can turn it off. See http://www.netsquirrel.com/msconfig/msconfig_xp.html for more info.

[dewolf]

You can also try by running msconfig. Go to start->run and type msconfig.
Click on startup and see if you canfind windows.exe as a startup service then you can turn it off. See http://www.netsquirrel.com/msconfig/msconfig_xp.html for more info.

Thanks alot, i did the procedure, even i did find the actual windows.exe. but i try to disable all unnecessary components. When reboot the system, it wasn't comes up, but windows message appeared that many startup components are disable.

Even the antivirus program avg wasnt startup, i have to do it latter. Is this not problem?
But the problem is gone, do you think i have to reinstall the window again to prevent the problem permanently. Any way thanks for your kind help

[aedipuss]

from the looks of that old report your computer was seriously compromised by more than one virus/trojan. if you have the skills required i would say start over fresh. reformat *ALL* hard drives and re-install windows. and keep that computer offline until anti virus and anti spyware software is installed again.

[gll99]

You can also try by running msconfig. Go to start->run and type msconfig.
Click on startup and see if you can find windows.exe as a startup service then you can turn it off. See http://www.netsquirrel.com/msconfig/msconfig_xp.html for more info.

The trojan is probably gone but the shortcut that it placed to execute at startup is still there. That message is a standard windows message that tells you that it tried to load and run a file called "windows.exe" (the trojan) but it couldn't find it. Windows doesn't know it was loading a trojan just that it's an unmatched shortcut. You don't need to reinstall or do anything with your hdd. This problem is in the registry as part of the startup sequence. If you can do a registry search looking for windows.exe you will find the shortcut referencing that file and just delete the key. There is likely only one entry in the registry but search until there are no more references in case the trojan hid the run instruction more than one place. Although in general previously loaded processes are not reflected in the current window session until you reboot, regedit is a live change. As soon as you make the modification to the registry it is updated so be careful. As usual I offer the scary warning "A registry backup is recommended before making changes". I rarely do it but you could mess something if you delete the wrong thing there is no undo with regedit. This would be considered an easy and simple change.

The other way to mask it is, as suggested, to run msconfig and uncheck the associated run command in the startup list. Then click on the option Selective startup. The next time you boot you will get a message stating you are running a selective startup and check off not to be warned again. I don't like this option because it temporarily masks the symptom and one day when you add some software it will reset the startup options to all and you will have forgotten and wonder what the heck this thing is again when you see the message. best to clean it up once and for all.

btw) there are registry cleaners that get rid of unattached shortcut links like that but I had one mess my registry so I prefer the manual option.

[dewolf]

thank you guys, here are new development, i try to search windows.exe in start>search>type windows.exe. the search result shows the finding. And i also try to locate it in in c:\window\prefetch\windows.exe

you will see search screen shoot and path screen shoot. Please let me know it is worthwhile to delet from the path location? or any other best to do??

here is search screeshoot








here is path screen shoot

[dewolf]

aedipuss and gll99

I am so thankful that you came to help me.

[dewolf]

i think i also find it in registry editor, but i seen it in two different locations. what should i do now? do i have to delete it from registry or path location?? need your help.

here are first location









Here are second location

[gll99]

Those are only the searches you did. Some info is on the drive and the registry keeps a copy of recent searches. You can delete them all but that's not what you need to find.

There are a few locations where shortcuts can be activated in the registry. The first location to check for the entry you want will be found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run-

There is also HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT where they could hide it in a sub key.

It is also possible to load shorcuts directly from the hdd on the windows drive in the "documents and settings" folder look under your id and start menu/programs/startup and see what is there.

There is a possibility it was disguised as a service but look in the other locations for now. Try to find an unusual entry and post a screenshot if you can of the contents of those key. It is also likely that the link has a different name than windows.exe. Remember you are looking for something that eventually asks for windows.exe but probably has a different name.

[ntscuser]

System Mechanic includes a utility to search for and remove broken shortcuts. That may explain why I never see this kind of error message?

[dewolf]

There are a few locations where shortcuts can be activated in the registry. The first location to check for the entry you want will be found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run- .

Yeh i did locate the subfolder, below is screen shoot

There is also HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT where they could hide it in a sub key.

This folder have more than 100 subfolder, i dont think it will be easy to post them all.
But could you please explain what sort of unusal file i am looking at, i do understand it could be any name or extention. As i am not good at computer, to be honest it will be damn difficult for me to identify it.

It is also possible to load shorcuts directly from the hdd on the windows drive in the "documents and settings" folder look under your id and start menu/programs/startup and see what is there. .

I have check the same folder, there is nothing, but good that we try.

[dewolf]

System Mechanic includes a utility to search for and remove broken shortcuts. That may explain why I never see this kind of error message?

Could you please explain it, how could I removed that unbroken shortcut???
I will be thankful to you.

[guns1inger]

CCleaner will also scan for and delete broken links.

[Bjs]

Number one rule :

Kiss goodbye to your restore points right now , disable it before trying to remove these type of items , or reinfection can , or most likely , will , re-appear later .

Thats a vital point .

----

Now to deal with the sucker at hand , less stuffing about .

http://www.merijn.org/files/HiJackThis_v2.exe

More info related to problematic item

http://forums.techguy.org/security/368574-virus-problem.html

The last couple of posts pretty well cover the problem

Hijackthis , when a scan is performed , will show the issue from any point within the registry .

From those last few posts , you'll get an idea of what they are talking about , when it comes to registry entries and the actual exe itself .

You simply check those offenders , click the fix button , and reboot .

I would recommend you perform this task in safemode , simply to speed up the process .

Its a far better tool than msconfig (garbage) , and having the feature to remove problematic files from system upon reboot is a capitol idea worth a gold medal .

If you want , run the scan , save log , and pm it to me and I'll tell you what else should not be running from system startup as well , which would speed the system up .

Not to forget , once the all clear is given , reset system restore point , and keep antivirus upto date .

[ntscuser]

System Mechanic includes a utility to search for and remove broken shortcuts. That may explain why I never see this kind of error message?

Could you please explain it, how could I removed that unbroken shortcut???
I will be thankful to you.

Install Iolo System Mechanic (it's free for the first 30 days). Run "fix broken shortcuts". http://www.iolo.com/sm/7/std/download.aspx

[TBoneit]

Or it should show up in MSConfig.

Just click start
click run
type msconfig
click the startup tab
uncheck anything that refers to the problems you are having.
Make sure anything referring to your antivirus is checked or it won't run at startup

[dewolf]

Dear friends

Finally I am able to get rid of the problem. I deleted all files could find in registry name window.exe.

In the last I run Hijackthis, that of course damn helpful, it shows me some window.exe extensions.

Yesterday I did disable all unnecessary registries in mscofig>startup, and that problem registry wasn’t running. But after having such operations, just to be sure

I enable those entire registry, and guess what, the window that problem didn’t shows up in reboot. Wow. Finally after straggling its gone.

I thank you all wonderful guys, for helping me out from this setback. You people are the best, great wishes to you all.