What does it do?
When the Syswin.exe infects your PC it conveniently makes its way to drive c: where your operating system is stored. Once there, the virus will run itself stealthily in the background bypassing any sort of access control contained within your operating system. Once that happens carnage begins. In a split second Syswin.exe sifts through your entire hard drive deleting everything with the file extension ".exe" leaving only a name of what was once an executable file.
 |
| Syswin.exe in action |
It is basically the software equivalent of the terminator
When you try to run an executable file corrupted by the virus all you'll get is a message saying "This app can't run on your PC; To find a version for your PC, check with the software publisher" and when you check the properties of that program you'll find that it's size has been diminished to '0' kb. Also, when you try to open any program that did not come with the operating system or downloaded from the windows app store, the same message as above comes up.
How can you tell you're infected?
Well, your first clue should be that the icons of your uninstalled executable files will have been replaced by the windows generic icon for .exe files. Secondly you won't be able to install said program because its size will have been diminished to zero (it will essentially have been deleted except only in name). Also, it uses a big chunk of your processors capacity so if like me your PC has measly processing power its performance will be even more heavily affected; it will be noticeably slow to do even simple tasks like play a video. If you're still uncertain it's the virus you can check using either of two ways. The first is you can open the task manager and under the list of background processes check for syswinx.exe (32 bit), you won't miss it, it should be the one hogging a sizeable amount of CPU capacity. To open the task manager just go to your desktop and in the windows search bar on the taskbar type in "Task Manager" when it pops up in the search results just double click it to open.
 |
SMADAV full scan results
|
The second way is to run a search for “syswinx.exe” in the root folder of drive c: to do this, open file explorer then go to drive c and in the search bar in the top right corner of the window type in "syswin.exe" the results should pop up with exactly that result. Also depending on what antivirus you have and whether it's updated or not, performing a deep scan should reveal the presence of the virus.
How can you get infected?
You can get the syswin.exe virus by simply plugging infected flash drives or micro SD cards into your PC. With the exception of a few antiviruses it largely goes unnoticed as it sneaks into your PC, embeds itself in your OS, indiscriminately obliterates all your .exe programs and patiently lies in wait to see the look on your face as you try to open or install a corrupted program.
What can you do when you get rid of it?
You have at least three options
Antivirus
If you already have an antivirus on your PC run a full scan, a quick scan here is about as useful as an appendix. If your antivirus doesn't flag the virus it probably needs updating or you can try a different antivirus. The latest versions of SmaDav and in some cases I hear Avast, have proved more than useful in purging the virus. To the best of my knowledge Microsoft Essentials and Windows defender aren't much good in detecting let alone getting rid of the virus.
 |
| SMADAV full scan results |
System Restore
System restore is a windows program designed to restore the computer to a previous functioning state in the event of a more or less 'major' system change. The goal here is to restore the computer to a time before in was infected by the virus. To do this, go to the control panel by simply searching for it in the windows search bar. In the search bar in the top right corner of the control panel type in recovery, then select recovery in the search results, it should bring three options among which should be “open system restore, selecting this option will take you to the system restore program. In the program there should be a list of Restore points, to get older options for restoration click the checkbox saying "show more restore points" in the bottom left corner of the window. Select a restore point dated before the PC got infected and follow the instructions. The restoration will take a few minutes but when it's done your PC will be virus-free. The advantage of using this method is that the programs that were installed and stopped working because of the virus will start working again but only if they were installed and working at the restore point date that you chose to restore to.
Manually disinfect
The third and perhaps simplest option is to delete the virus manually. This involves finding the actual Syswin.exe virus file and deleting it. To do this run the search for syswin.exe in drive c: as discussed earlier. When the search results show, move the cursor to the Syswin.exe file in the search results, left click it, delete and that's it.
 |
| Syswin.exe search in drive c: |
The sad part however, is that none of these methods can recover the corrupted executable (.exe) files that were not installed at the time of infection. Programs on the other hand that were already installed when the PC was infected have some hope of being restored with the system restore program.
How can you avoid getting infected?
Your first line of defense are the USB ports on your PC. Be mindful of the drives you plug into your PC. As a rule of thumb (and I cannot stress this enough) always assume a flash drive is infected until proven otherwise. Also always ensure you have an antivirus installed on your PC and make certain to constantly update it. If for some reason you feel you need even more security from losing your uninstalled executable files to syswin.exe, you could move all your executable files to a zip folder using programs like WinRAR, WinZip or 7zip. When you need to install a program you could just simply unzip the zip folder and install your program then zip it up again when done. This way, even if your PC is infected the programs in the zipped folders will remain untouched. The other option is you could just remove the .exe file name extension from the files you want to keep for use later to avoid them from being affected if perchance your PC gets infected. When you need to install a program you could just add back the .exe extension and install the program you want.
EmoticonEmoticon