Missing System Files

  • Thread starter Thread starter Karl
  • Start date Start date
K

Karl

Can anyone tell me what could make system files mysteriously get deleted? I
am running Windows 2000 Server w/SP4 and Symantec Antivirus client with
updated defs. Something is deleting system files in the winnt and system32
directories. Whatever it is it must have system privlages because even an
Administrator is not able to delete system files. In addition, most of the
other files on the C: drive are being deleted with only the directory
structure left in tact. Nothing is being detected by the virus software.
After this happens, I have to rebuild the OS partition from scratch. Has
anyone heard of this?
 
If you think it is a really hidden Trojan, can you get your data off and then install fresh?

If I think my machine is infected and something like this is happening, I'd shutdown immediately and then reinstall.

Or can you post more information about when, how often, which ones, etc?

--
Mark-Allen Perry
ALPHA Systems, Switzerland
mark-allen AT mvps DOT org

Can anyone tell me what could make system files mysteriously get deleted? I
am running Windows 2000 Server w/SP4 and Symantec Antivirus client with
updated defs. Something is deleting system files in the winnt and system32
directories. Whatever it is it must have system privlages because even an
Administrator is not able to delete system files. In addition, most of the
other files on the C: drive are being deleted with only the directory
structure left in tact. Nothing is being detected by the virus software.
After this happens, I have to rebuild the OS partition from scratch. Has
anyone heard of this?
 
So far this has happened twice. The first time this happened I restored the system files from tape. The second time it happened (about a month later), I started from scratch and erased the system partition and reinstalled Windows 2000 server. I then restored the data from a backup tape.

I'm just worried that whatever it was might strike again. My other servers are not affected at all so it seems to be isolated to this one server. Have you heard of any trojans that delete files on the system partition? I called up Symantec tech support and they had no idea what virus might be causing this.

If you think it is a really hidden Trojan, can you get your data off and then install fresh?

If I think my machine is infected and something like this is happening, I'd shutdown immediately and then reinstall.

Or can you post more information about when, how often, which ones, etc?

--
Mark-Allen Perry
ALPHA Systems, Switzerland
mark-allen AT mvps DOT org

Can anyone tell me what could make system files mysteriously get deleted? I
am running Windows 2000 Server w/SP4 and Symantec Antivirus client with
updated defs. Something is deleting system files in the winnt and system32
directories. Whatever it is it must have system privlages because even an
Administrator is not able to delete system files. In addition, most of the
other files on the C: drive are being deleted with only the directory
structure left in tact. Nothing is being detected by the virus software.
After this happens, I have to rebuild the OS partition from scratch. Has
anyone heard of this?
 
I've heard nothing about something targeting system files but I'll keep a lookout.

--
Mark-Allen Perry
ALPHA Systems, Switzerland
mark-allen AT mvps DOT org

So far this has happened twice. The first time this happened I restored the system files from tape. The second time it happened (about a month later), I started from scratch and erased the system partition and reinstalled Windows 2000 server. I then restored the data from a backup tape.

I'm just worried that whatever it was might strike again. My other servers are not affected at all so it seems to be isolated to this one server. Have you heard of any trojans that delete files on the system partition? I called up Symantec tech support and they had no idea what virus might be causing this.

If you think it is a really hidden Trojan, can you get your data off and then install fresh?

If I think my machine is infected and something like this is happening, I'd shutdown immediately and then reinstall.

Or can you post more information about when, how often, which ones, etc?

--
Mark-Allen Perry
ALPHA Systems, Switzerland
mark-allen AT mvps DOT org

Can anyone tell me what could make system files mysteriously get deleted? I
am running Windows 2000 Server w/SP4 and Symantec Antivirus client with
updated defs. Something is deleting system files in the winnt and system32
directories. Whatever it is it must have system privlages because even an
Administrator is not able to delete system files. In addition, most of the
other files on the C: drive are being deleted with only the directory
structure left in tact. Nothing is being detected by the virus software.
After this happens, I have to rebuild the OS partition from scratch. Has
anyone heard of this?
 
I've heard nothing about something targeting system files but I'll keep a lookout.

--
Mark-Allen Perry
ALPHA Systems, Switzerland
mark-allen AT mvps DOT org

So far this has happened twice. The first time this happened I restored the system files from tape. The second time it happened (about a month later), I started from scratch and erased the system partition and reinstalled Windows 2000 server. I then restored the data from a backup tape.

I'm just worried that whatever it was might strike again. My other servers are not affected at all so it seems to be isolated to this one server. Have you heard of any trojans that delete files on the system partition? I called up Symantec tech support and they had no idea what virus might be causing this.

If you think it is a really hidden Trojan, can you get your data off and then install fresh?

If I think my machine is infected and something like this is happening, I'd shutdown immediately and then reinstall.

Or can you post more information about when, how often, which ones, etc?

--
Mark-Allen Perry
ALPHA Systems, Switzerland
mark-allen AT mvps DOT org

Can anyone tell me what could make system files mysteriously get deleted? I
am running Windows 2000 Server w/SP4 and Symantec Antivirus client with
updated defs. Something is deleting system files in the winnt and system32
directories. Whatever it is it must have system privlages because even an
Administrator is not able to delete system files. In addition, most of the
other files on the C: drive are being deleted with only the directory
structure left in tact. Nothing is being detected by the virus software.
After this happens, I have to rebuild the OS partition from scratch. Has
anyone heard of this?
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

\winnt\system32\config\system corrupt or missing 4
Show contents of system folders 3
Windows 2000 System Hive Too Large? 3
system32 file clean up? 3
Deleting SPL Files 4
corrupt files in W2K system 4
Missing Files in WINNT or System32 Directories 1
Botched W2k and SP4 Installation 4

Back
Top