You cannot start programs when your computer is infected with the SirCam virus
This article was previously published under Q311446
This article has been archived. It is offered "as is" and will no longer be updated.
If you click Yes, download the updated Setup files (Recommended) in the Get Updated Setup Files dialog box while the Setup program is running, you may receive the following message in the Upgrade report:
Setup found some blocking issues. You must address these issues before you can continue upgrading you computer. For more information, click Full Report.If you click Full Report, you receive the following message:
Bad System Configuration
Bad System Configuration
Setup detected an invalid system configuration, which is typically caused by a virus. See KB Article Q311446 and follow the instructions there.If you click No, skip this step and continue installing Windows in the Get Updated Setup Files dialog box during Setup, you may experience any one of the following symptoms:
- If you try to start a program (.exe file), the program may not start, and you may receive any one of the following error messages:
310585 You are unable to start a program with an .exe file extension
- The specific path does not exist. Check the path and try again.
- Windows cannot find 'program_file'. Make sure you typed the name correctly, and then try again. To search for a file, click Start, and then click Search.
- Additionally, if you upgrade your computer, you may receive the following message, where filename is the full path and the specific file mentioned in the message: Windows cannot find C:\Filename
In this case, when you start Registry Editor, you may receive the following error message:Windows cannot find C:\Windows\Regedit.exe
The W32.Sircam.Worm@mm worm virus can cause this issue. The W32/Sircam virus spreads itself through e-mail messages or unprotected network file shares and can reveal or delete information on your computer.To verify that your computer is infected with this kind of virus:
- Restart your computer, press F8 at the Windows XP Startup menu, and then select Safe Mode with Command Prompt.
- At the command prompt, type regedit, and press ENTER.
- If the following registry keyis set toC:\recycled\sirc32.exe "%1" %*, your computer is infected with the W32/SirCam worm virus:HKEY_CLASSES_ROOT\exefile\shell\open\commandNote If this registry setting is anything other than"%1" %*your computer may be infected with a different virus.
Microsoft does not provide software that can detect or remove computer viruses. If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. For a list of antivirus software manufacturers, click the following article number to see the article in the Microsoft Knowledge Base:
49500 List of Antivirus Software Vendors
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
How to try to prevent the virus from runningImportant The following procedure only prevents the virus from running so that you can run an updated antivirus program or W32/Sircam virusremoval tool. While you work to resolve this issue, physically disconnect all your infected computers from the Internet or any other network. For detailed instructions about how to recover an infected computer, please see the following Carnegie Mellon Web site:
- Verify that your computer is infected with the W32.Sircam.Worm@mm worm virus.
For information about how to do this, view the steps that are included in the "Cause" section of this article. If your computer is infected with the W32.Sircam.Worm@mm worm virus, continue to step 2. If your computer is not infected with the W32.Sircam.Worm@mm worm virus, skip the remaining steps, and then follow the instructions that are included in the "Resolution" section of this article.
- Use Registry Editor to change the (Default) string value in the following registry key to "%1" %* (with quotation marks):HKEY_CLASSES_ROOT\exefile\shell\open\command\
- At a command prompt, type cd \, and then press ENTER.
- At a command prompt, type del /f /s /a sirc32.exe, and then press ENTER.
- At a command prompt, type del /f /s /a scam32.exe, and then press ENTER.
- At a command prompt, type shutdown -r, and then press ENTER.
- Follow the instructions that are included in the "Resolution" section of this article.
The removal of the Sirc32.exe virus without modification of the HKEY_CLASSES_ROOT\Exefile\Shell\Open\Command key will invalidate every executable file on the computer because, according to this line in the registry, the executable files are to be run as a command line parameter to the Sirc32.exe file which no longer exists. This prompts the "Windows cannot find" message when you try to start the executable file.
Additional information about how to remove W32/Sircam virusFor additional information about how to correctly remove the W32/Sircam virus, please see the following third-party Web sites:
Availability of W32.Sircam.Worm@mm Removal toolsFor information about tools you can use to correctly remove the W32/Sircam virus, please see the following third-party Web sites:
306913 Error message caused by Sircam32 virus when you start a programMicrosoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
rundll32 exe null
Article ID: 311446 - Last Review: 12/07/2015 08:06:00 - Revision: 4.6
Microsoft Windows XP Home Edition, Microsoft Windows XP Professional
- kbnosurvey kbarchive kbhotfixserver kbqfe kbbug kbenv kberrmsg kbfix kbsetup KB311446