Does anybody know anything about this file, "systemie.exe"? The CEO has it on his home W2K PC in the WINNT\system32 directory. I do not find it on any W2K machine here in our office, nor on any XP machines. What

Hi to the list.


Hi Jeff,

New to the list. I spent part of the day researching and cleaning out this file and another today. It looks like a keystroke logger that sends information to the web. If you need specifics on removing it, or if these directions don't make sense to you, you can contact me off list.

But, I'd like one thing if you can get me a bit of information from it when you remove it. I'd like to know which I.P. it's contacting from your system. If you can do a netstat -a or run the free program TDIMON from Sysinternals, and let me know what that I.P. is, I'd appreciate it.

As for removing it:

There is at least one entry for SYSIE.DLL in the registry that needs to be removed.
There is at least one entry for SYSTEMIE.EXE in the registry that needs to be removed. You should be able search for them and delete them.


That will stop it from reloading on reboot. Then, reboot and delete the following files.

In the system32 folder, you can find and delete 4 files:

SYSIE.DLL
SYSTEMIE.DLL
SYSTEMIE.DAT
SYSTEMIE.EXE



--
Mark Bunner
Greywolf Computer Services  -- http://www.greywolfcomputer.com
80 Liberty Av.
Weirton, WV 26062-2124
Phone: 304-797-0064
FAX:    815-461-2582

----------
Make payments with <https://www.paypal.com/affil/pal=greywolf@xxxxxxxxxxxxxxxxxxxx>PayPal - it's fast, free and secure!


----------

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.