I'm looking for info on System32 (WindowsXP).

Running System Suite 5's virus program, it detected a trojan horse in this directory c:\Windows\system32\restsrv32a.sys. A side note- I had Norton AV updated and running on this computer since it was new and it did not detect this.

Anyhow, I directed SystemSuite to clean the file. It could not. Then it offered me the choice of deleting the files archive. I'm very hesitant to do this because I don't know what System32 is or does and if removing it would break my system. Would removing this files archive disrupt the functioning of Windows XP?

Any thoughts or suggestion?

Thanks!
-Dave

Hey,

Delete it, even though system32 is a dangerous place to be deleting stuff, but if you have windows XP, no big deal delete the file reboot run AV again, then goto run, and type this in... sfc /scannow

This will scan and repair any system files that are corrupted or deleted. Also...

Click Start > Run.

Type regedit

Then click OK.


Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce


In the right pane, delete any values that refer to the file detected as Adware.Margoc.

Good Luck,
CT

http://it.trendmicro-europe.com/enterprise/security_info/ve_de...mp;VSect=T

This virus is less than 2 weeks old. That's probably why it didn't catch it. Are you regularly updating the AV program. Update it and run it again. It's OK to delete it and any other files it dropped as shown. If it won't clean it and you have to delete it but it won't let you go into safe mode and delete it. Make sure you have show hidden files and folders enabled in the file options in control panel. Also delete your system restore files in system properties/system restore tab.

Norton is poor (being polite now)
The box is great for lighting fires. Ive been on so Many CALLOUT's with NORTON, Big Pile of S

Norton dont work, wont work, I dont see what going on and why they have not fixed it.

there is a topic i made state anti virus tell you about it a links to show what failing and what not.

LINKs HERE
http://www.hardwareanalysis.com/content/topic/21435/
and
http://www.hardwareanalysis.com/content/topic/19010/

system 32 or any file is ok to delete, as long as you know what it is and can download a replacement to place there just incase. (you will need to know about DOS but if you can read , there is a help file.)

as some one said, if it dont work there restore... UMM NO. you will need to remove all the system restor points and them norton proteced files, as this will keep it for you and re install it.

Just down load the file you abot to delete, check with a search to find out what it is and was it does. if it s virus only them dont download it,

there you go happy days again

It would be very bad to delete your entire System32 directory as this is basically the core of Windows. However the infected file is within the directory so you can safely delete it without touching the rest. Once you've removed the file run the repair as Castor suggested. Then, get another antivirus because Norton is fairly poor. (I recommend two antiviruses, one is Panda and the other is McAfee. AVG ain't bad if you can't afford anything else.) Norton's detection rate is way down and its ability to clean is very low.

Good luck cleaning your system!