This computer got infected by some malware and Windows boots completely fine. I get to the login screen, enter the password and I can access, but them I'm greeted by the virus and I'm unable to do anything. Here's what I've tried:
- Booting into secure mode: Windows restarts itself as soon as it reaches the login screen.
- Open task manager: The application is locked, I don't get any error and it simply doesn't run.
- Win+R to
taskkill
. Nothing happens when I press the Run, shortcut, much like the before mentioned case.
So I proceeded to remove it by booting into a Linux Live USB to remove its necessary files and I did, they were inside %APPDATA%
. But it turns out that it also modifies a special entry on the registry so I tried to use the chntpw
utility to remove it, but here's the thing: When I mounted the drive and navitaged to Windows/System32
I discovered that the directory was completely empty. Here's what I tried:
ls Windows/System32
: An empty list.- Directory properties: 0 files, 0 folders, 0 bytes total.
find Windows/System32/ -iname '*'
: Nothing was found inside.
I've also tried this:
find /run/media/<drive's-GUID>/ -iname '*<any-file-known-to-be-in-system32>*'
: Nothing was found.- Turn on see hidden files and directories to reveal any files that start with dot
.
: There's nothing, anywhere.
How come I was unable to find nothing inside System32 but Windows could boot fine?
Update:
I proceeded to format it and reinstall Windows, so the problem is somehow solved. It's just that I can't find any logic behind this behaviour.
du -h system32