none
Syswow64 folder keeps opening up

    Question

  • Hello,

    I installed Windows 7 a few months ago and I haven't had any problem since 2 days ago. Each time I boot up windows, the folder C:\Windows\SysWOW64 keeps opening up. If I close it, it opens up again. I tried unpining, unchecking start-up programs in msconfig.exe, but it still opens up.

    I'd appreciate any help.

    Thanks,
    Patrick
    Tuesday, December 01, 2009 3:41 AM

Answers

  • @Noel Patrick's issue is the folder C:\Windows\SysWOW64 keeps opening up, not only occurs after boot. I am afraid we need to monitor this folder access history.

    @Patrick As I mentioned above, I suggest you enable Audit on your computer.

    To do it:

    1. Click Start, enter GPedit.msc in the Start Search box.
    2. Open the following branch.

    Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Security

    3. Enable the following policy:

    Audit object access

    4. Open Windows Explorer, open the folder  C:\Windows.
    5. Right click the folder SysWOW64, choose Properties->Security. Click the Advanced button.
    6. Click the Auditing tab. Click Continue.
    7. Click Add. Then click Advanced.
    8. Click the button Find Now.
    9. Wait for the process finishes. Then from the users list add the following users.

    BATCH
    CREATOR OWNER
    Everyone
    Guests
    LOCAL SERVICE
    NETWORK
    NETWORK SERVICE
    SERVICE
    SYSTEM

    10. After selecting each user, choose Full Control.

    If you would like to check which application was trying to open this folder, please open Event Viewer, check the Windows Logs\Security Log for detail information.

    Hope it helps.

    • Marked as answer by Patrick JT Thursday, December 03, 2009 11:19 PM
    Wednesday, December 02, 2009 8:01 AM

All replies

  • Something has been set to start up when you log in, and possibly by a goof in the program or path name the folder is opening up instead of the program within the folder.  Perhaps an extra space got in the path.

    I suggest you install and execute Autoruns to see what's starting up on your computer.  It may seem like a daunting task to figure out what all of the entries are, but you can see everything that's starting in any of the myriad ways with Autoruns.  Whatever's starting that window will be there.

    http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

    -Noel

    • Proposed as answer by Noel Carboni Wednesday, December 02, 2009 5:17 AM
    Wednesday, December 02, 2009 5:16 AM
  • @Noel Patrick's issue is the folder C:\Windows\SysWOW64 keeps opening up, not only occurs after boot. I am afraid we need to monitor this folder access history.

    @Patrick As I mentioned above, I suggest you enable Audit on your computer.

    To do it:

    1. Click Start, enter GPedit.msc in the Start Search box.
    2. Open the following branch.

    Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Security

    3. Enable the following policy:

    Audit object access

    4. Open Windows Explorer, open the folder  C:\Windows.
    5. Right click the folder SysWOW64, choose Properties->Security. Click the Advanced button.
    6. Click the Auditing tab. Click Continue.
    7. Click Add. Then click Advanced.
    8. Click the button Find Now.
    9. Wait for the process finishes. Then from the users list add the following users.

    BATCH
    CREATOR OWNER
    Everyone
    Guests
    LOCAL SERVICE
    NETWORK
    NETWORK SERVICE
    SERVICE
    SYSTEM

    10. After selecting each user, choose Full Control.

    If you would like to check which application was trying to open this folder, please open Event Viewer, check the Windows Logs\Security Log for detail information.

    Hope it helps.

    • Marked as answer by Patrick JT Thursday, December 03, 2009 11:19 PM
    Wednesday, December 02, 2009 8:01 AM
  • Ah, I missed that "keeps opening up"...

    If it's happening over and over again, not just once after login, by all means follow Robinson's advice and watch carefully for malware.

    -Noel
    Wednesday, December 02, 2009 1:48 PM
  • Thanks for your help Rob, I was able to find the problem. It was caused by a file called bigdog.exe which was installed with my webcam from lenovo. MSE and windows defender didn't picked it up.
    Thursday, December 03, 2009 11:19 PM