Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win 7 system32 files missing


  • Please log in to reply
3 replies to this topic

#1 unfknblvbabl

unfknblvbabl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 21 January 2012 - 02:30 AM

Running Hijackthis, I noticed Multiple system32 files missing and (unknown owner). Some of these are important files. I just loaded windows 7 on this new Giadia N20 pc and then updated 7 online frome windows and ran hijack this again; same problem. Does anyone know how to fix this? Thank you


Mod Edit: Removed HJT log data ~ Hamluis.

Edited by hamluis, 21 January 2012 - 07:55 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:33 AM

Posted 21 January 2012 - 07:54 AM

I removed your posted HJT log, since HJT is a malware tool and the forum expressly prohibits posting malware logs here. You will see this if you visit the main page for this forum.

No DDS, HijackThis, or ComboFix logs should be posted in this forum. - BleepingComputer.com - http://www.bleepingcomputer.com/forums/forum-56/announcement-45-no-dds-hijackthis-or-combofix-logs-should-be-posted-in-this-forum/

From what I see..."unknown owner" doesn't mean much. From http://blog.freeantivirushelp.com/post/2010/04/06/How-to-Use-HijackThis-Version-202-Review-and-Download.aspx:

"I then check to see if there is an owner for the file. If there is an owner I will simply Google the owner and if there is an unknown owner, I will Google the corresponding .exe file. For example, the FBAgent.exe has an Unknown Owner so I will simply Google “FBAgent.exe”. The first result from SystemLookup.com states that FBAgent.exe is Asus FastBootAgent and since I have an ASUS laptop I can safely assume that this file is trusted. I didn’t even have to click on the link as everything I needed was located in the results."

As for files denoted as "missing"...I would think that the source of the install must be questioned...or the hard drive...but that's just the path that I would take.

In any case, someone more knowledgeable will be along to try to assist you.

It would help if you tell us why you chose to do what appears to be a clean install...and why you ran HJT on a clean install.

Louis

Edited by hamluis, 21 January 2012 - 07:57 AM.


#3 Artrooks

Artrooks

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:33 AM

Posted 21 January 2012 - 01:17 PM

HiJackThis has not been updated for some time and even thought the Trend site says that it works on Windows 7, it doesn't discuss 32 vs 64 bit OS.

As an example, I am running windows 7 x64. I have no issues with my computer. I ran a HJT version 2.04 and under "services" (023) most of these enties appear "unknown owner" and "files missing."

Here is an example from my system:
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

This is no doubt due to HJT being outdated and not X64 aware as lsass.exe surely isn't missing. There can be other reasons that a file might be reported missing as well.

If you have performed a clean install of Windows 7, your computer should be running fine. I wouldn't bother with HJT.

If you feel that you're new installation of windows 7 might be infected, I'd post in Bleeping Computer's, Am I infected forum. There are more sophisticated malware scanning tools available.

Regards,
Brooks



 


#4 LucheLibre

LucheLibre

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:07:33 AM

Posted 21 January 2012 - 01:26 PM

If you're running a 32-bit tool on an 64-bit system, don't forget that there is a huge amount of file call redirection going on. 32-bit tools aren't ever going to see the System32 folder. It will get transparently redirected to the SysWOW folder. What you see in the report is not the actual state of things, even in good times.

If it looks like I know what I'm doing, there's a pretty good chance the only reason for that is because
I once asked someone to run chkdsk /r and a BC Advisor smacked me in the back of the head.

~ LL ~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users