missing system32 folder

Discussion in 'other software & services' started by Webnetjogger, Jun 22, 2005.

Thread Status:
Not open for further replies.
  1. Webnetjogger

    Webnetjogger Registered Member

    Joined:
    Jun 20, 2005
    Posts:
    7
    while installing an undelete program I inadvertanly installed the following virus. " C:\WINDOWS\system32\p2pnetwork.exe ". As you can see it put it in my system32 folder. When norton found it, it removed it and since then i have not been able to find my system32 folder. Is there anyway to restore the folder and its contents without putting this virus back on my machine?
    I dont know if you can restore the folder off the windows cd or through recovery console ( which i have not figured out how to use):)

    Any help is greatly appreciated.
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    you might try a system restore back before the infection.
     
  3. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  4. ravin

    ravin Registered Member

    Joined:
    May 2, 2003
    Posts:
    241
    Location:
    South Carolina
    if you are running xp or win2k you can go to command prompt and type the follwing sfc /scannow and put in your os cd. the command checks and restores the system files from the cd. the command sfc stands for system file checker. :rolleyes:
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    The invisible system32 folder is sometimes caused as a side-effect of the Alcan-worm

    *Click Here to download Killbox by Option^Explicit.
    *Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
    *In the killbox program, select the Delete on Reboot option.
    *Copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\Program Files\MsConfigs\MsConfigs.exe
    C:\WINDOWS\system32\p2pnetwork.exe
    C:\WINDOWS\system32\CMD.COM
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\regedit.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\taskmgr.com
    C:\WINDOWS\system32\tracert.com


    *Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
    *Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    After the reboot check if it worked.

    Regards,

    Pieter
     
  6. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    Ravin,

    Does that still work, if you have an OEM cd and already have SP2?
    What about that Windoz File Protector?

    Thanks!

    Marjaj:cool:
     
  7. ravin

    ravin Registered Member

    Joined:
    May 2, 2003
    Posts:
    241
    Location:
    South Carolina
    according to the status dialog that appears when this command is run it checks and verify's that the system files are intact and in there original version. I have used this command tool on machines with SP4 and have not encountered any problems with older versus updated system files. as for xp and file protection i am sure you would have to stop monitoring to run this command. Also you can do a search at microsoft for sfc and the other options you can use at the command line. Hope this helps. :cool:
     
  8. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    Thanks much, Ravin!!

    Appreciate your time!

    Marja:cool:
     
  9. Webnetjogger

    Webnetjogger Registered Member

    Joined:
    Jun 20, 2005
    Posts:
    7
    I have used SFC and not only did it not find anything it did not restore my system32 folder. I have also tried to restore the system to an earlier point but it always says it cant do that. The virus is gone and so is the system32 folder. Is it possible that it is still being referenced from another location?

    When i scan my computer with webroot spysweeper it says its scanning my system32 folder, but when i look for it, its not there.o_Oo_O??

    Is it possible that Norton Antivirus has quarentined the whole file, but is still letting me use it in some way. Dont you need that file for windows to operate? guess not if i dont have it anymore.
     
  10. ravin

    ravin Registered Member

    Joined:
    May 2, 2003
    Posts:
    241
    Location:
    South Carolina
    I found this answer at another thread and hope it will fix your prob. (
    go to run, type system32 in the box.. after you open it look for command.exe (usually the string that exe is not included) so just look for command....after opening that type this...

    attrib -a -h -r -s c:\windows\sytem32 (and hit enter)

    or

    attrib -a -h -r -s c:/windows/sytem32

    thats it, look to your windows folder and you can access it again there!
    hope this works to all of you!
     
  11. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Webnetjogger,

    Pieter is both a spyware veteran and a Windows MVP. I would try his suggestion in post # 5 before you try anything else ;) ...
     
  12. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    Webnetjogger,

    It would probably save you TONS of time and aspirin to listen Pieter! [​IMG]



    Good Luck!


    Marja[​IMG]
     
  13. Webnetjogger

    Webnetjogger Registered Member

    Joined:
    Jun 20, 2005
    Posts:
    7
    Well Ravin, you are awesome!!!!! I thank everyone for thier help but Ravin nailed it right on the head!!!!. I had tried everyones suggestions but Ravins worked first time out. I thank you again Ravin this one was literally driving me insane.
    It worked because the command reset the attributes for the folder. Brilliant!!
    (wish i had thought of that)
    Thanks again.
     
  14. VowNix

    VowNix Guest

    Thank you. i had the same problem as the other guy and this made it work.
    one other problem i'm having however is that ctrl alt delete won't open task manager. Now that i found how to open system32 again i tried to open it from there, but a message says "another program is currently using this file". If you can't help me, or if this isn't the place, can someone direct me to somewhere that can.

    thanks
     
Loading...
Thread Status:
Not open for further replies.