Missing file...I think

Status
Not open for further replies.

Trotter

Grandfather of Techist, ¯\_(ツ)_/¯
Staff member
Messages
33,559
Location
The South
I just spent the vast majority of a day working on a friend's computer for free. It was a serious mess.

We had reformatted it and reinstalled Windows a while back. Since then, it has acted up. Here recently it has been a real pill. So it came home with me.

Short of the story... I had to figure out that the chipset drivers were missing (not on his Dell CD), as well as the graphics driver for his onboard (Dell again). I cleaned out several spyware entries, as well as three or four viruses. I also completely updated his Windows (he didn't even have SP1), as well as installed a firewall, anti-virus, AdAware, Spybot, MS AntiSpy, etc (yes, he had been playing without a net, and it bit him).

Now, the problem... Somewhere in and amongst of of this, the file "sysmon32.exe" was deleted/wiped out. I have searched my comp, but that file doesn't exist on mine. What is this file? Is it important? How do I set Windows from trying to access it every time it starts up?

Any and all help will be appreciated.
 
PC Man Brian said:
Damn, what the hell did he do to his PC man?

How does that help? At least try to make suggestion..





Did you run the spyware scans in safe mode?
 
That is indeed the SystemMonitor Sysmon32.exe "Added by the AIDID.A WORM!" Why would you need this file?
 
A quick Google shows that Sysmon32.exe may have been added by the AIDID.A worm.

Duh! I done did that. That's why I posted it here.

Go to msconfig and disable the entry.

Done did that, too.

Is there a registry entry? If so, where?

Windows pops up asking for it each time it boots.
 
Go to start menu > run > type in regedit and press enter. Once in registry editor, click on edit > find, or press cntrl + F, type in sysmon32.exe. It should find an entry containing sysmon32.exe in a folder called 'Run' or 'Run-', or in its own folder. Delete it and reboot.
 
taken from Symantec website



1. Click Start > Run.
2. Type regedit

Then click OK.

3. Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

4. In the right pane, delete the value:

"SystemMonitor"="%System%\SYSMON32.exe"

5. Exit the Registry Editor.
 
Status
Not open for further replies.
Back
Top Bottom