0

This computer got infected by some malware and Windows boots completely fine. I get to the login screen, enter the password and I can access, but them I'm greeted by the virus and I'm unable to do anything. Here's what I've tried:

  • Booting into secure mode: Windows restarts itself as soon as it reaches the login screen.
  • Open task manager: The application is locked, I don't get any error and it simply doesn't run.
  • Win+R to taskkill. Nothing happens when I press the Run, shortcut, much like the before mentioned case.

So I proceeded to remove it by booting into a Linux Live USB to remove its necessary files and I did, they were inside %APPDATA%. But it turns out that it also modifies a special entry on the registry so I tried to use the chntpw utility to remove it, but here's the thing: When I mounted the drive and navitaged to Windows/System32 I discovered that the directory was completely empty. Here's what I tried:

  • ls Windows/System32: An empty list.
  • Directory properties: 0 files, 0 folders, 0 bytes total.
  • find Windows/System32/ -iname '*': Nothing was found inside.

I've also tried this:

  • find /run/media/<drive's-GUID>/ -iname '*<any-file-known-to-be-in-system32>*': Nothing was found.
  • Turn on see hidden files and directories to reveal any files that start with dot .: There's nothing, anywhere.

How come I was unable to find nothing inside System32 but Windows could boot fine?

Update:

I proceeded to format it and reinstall Windows, so the problem is somehow solved. It's just that I can't find any logic behind this behaviour.

Improve this question
8
  • you could tell them to get another hard drive to save them from having to copy the data off. you could make an image of the current one then wipe it. If they have space you could resize the current partition making it just big enough for what's on it. And create a new partition and install windows to that. i.e. It does look like you'll have to reinstall windows and in win7's case that means fresh as you can't boot and install over an existing one in Win7.
    – barlop
    Commented May 29, 2014 at 1:00
  • Are they hidden? One of the viruses I battled once simply set the hidden flag on every file in the filesystem. Also, what's the size of the system32 folder? do a du -h system32
    – Robotnik
    Commented May 29, 2014 at 1:08
  • Well, I think I'd have to format and afaik the linux driver for NTSC ignores those flags (I'm able to see other hidden and system files as well). And the command says the directory is 640K
    – arielnmz
    Commented May 29, 2014 at 1:24
  • The virus in question does not replace the windows explorer shell.... I have personally removed it from a system before also of the directory was empty the system would not boot at all use malware bytes and SpinRite
    – Ramhound
    Commented May 29, 2014 at 2:25
  • How am I supposed to run those apps if I am not even able to open the task manager??? Also, I know the files must be somewhere but why don't they appear in the file explorer??
    – arielnmz
    Commented May 29, 2014 at 2:39

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .