linux - System32 folder is completely empty
2014-07
This laptop has a virus and it replaces the windows explorer shell for a frame that displays a spooky interpol message about having to pay a fine and things like that.
I've found that in order to delete it I have to edit the registry and fix some entries it changed so I can boot and delete the virus' files. The thing is that I can't access the registry nor the task manager (if I try to start the computer in secure mode it restarts as soon as I am prompted for a password), so I decided to use a linux live image. I can mount the windows partition but the System 32
directory is completely empty, I've tried to list files inside it (with ls
) and even trying to find any exe's or dll's with find
without luck. The system
directory, however, only has a few .sys
files inside, but nothing else.
How can I see those files? Were they really removed? Is it a problem in the filesystem?
The computer is not mine and I can only format it as a last resource (it has many many files).
I have very strange things with SELinux.
My post may be will bit disordered, because I'm not completely understand what is going on.
Before all the story, I had good and very stable Linux installation:
CentOS 5.5
uname -a:
Linux andreys-comp 2.6.18-194.8.1.el5xen #1 SMP
Thu Jul 1 19:41:05 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
getenforce
echo $?
0
But one day (yesterday) I decided to do yum update
and in parallel:
cvs -d:pserver:[email protected]:/cvsroot/SELinux -z3 co nsa
(cvs downloaded all files to /SELinux directory that created itself)
After downloading I read README where it says that for completely install self compiled SELinux I need do:
make menuconfig
make
make install
I did only make (!), but directly after that my computer become crazy.
I don't know whether all this because of system update, or SELinux compilation or both, but Firefox stopped display pages and when I try to run system-config-SELinux that I recently installed, I get:
/usr/lib64/Python2.4/site-packages/SELinux/_SELinux.so: undefined symbol: SELinux_check_securetty_context
and not run.
After that I rebooted the system, during system up I get kernel panic and some thing like: "failed to apply SELinux policy" (I don't remember exactly, the message don't stay on screen enough time because computer go down)
So what I did, is to run from LiveCD for disable SELinux in /etc/SELinux/config file, but (!) (here comes culmination moment) when I run ls on / of LiveCD file system, I see:
[root@livecd /]# ls -la
total 180
drwxr-xr-x 4 root root 0 Aug 9 18:23 SELinux
But it is virtual filesystem! I remember that cvs downloaded all source to /SELinux
.
This is context of this directory: system_u:object_r:security_t
More of this, /SELinux
directory even had files inside of it. One of them was null character device.
Is this regular directory of LiveCD's file system? Or this is my recently created by cvs
directory in some mysterious storage and insidiously mounted to root file system of LiveCD?
After that I mounted my hard disk's root file system, I did ls
and found my SELinux directory that stay there completely competently:
[root@livecd VolGroup00-LogVol01]# ls -la
total 240
drwxr-xr-x 2 root root 4096 Jun 5 07:01 SELinux
but (!) this directory now was empty inside!
This is context of the directory: system_u:object_r:file_t
This is mountings that were in LiveCD mode:
/dev/mapper/live-rw on / type ext3 (rw,noatime)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/hdc on /mnt/live type iso9660 (ro)
/dev/sda2 on /mnt/disc/sda2 type ext3 (ro)
/dev/sda6 on /mnt/disc/sda6 type vfat (ro,uid=500)
/dev/mapper/VolGroup00-LogVol01 on /mnt/lvm/VolGroup00-LogVol01 type ext3 (rw)
/dev/mapper/VolGroup00-LogVol00 on /mnt/lvm/VolGroup00-LogVol00 type ext3 (ro)
After all this I disabled SELinux in appropriate file:
SELinux=disabled
SELinuxTYPE=targeted
SETLOCALDEFS=0
And I have restarted my computer. After booting up, I do ls on root again and see that again I have SELinux directory, but it again empty!
[root@andreys-comp SELinux]# pwd
/SELinux
[root@andreys-comp SELinux]# ls
[root@andreys-comp SELinux]#
More of this. When I booted from hard disk, I mounted the squashfs.img
on LiveCD and ext3fs.img
on it, that contains all root file system, and this what I see:
[root@andreys-comp isotemp2]# mount
/isotemp/LiveOS/ext3fs.img on /isotemp2 type ext3 (ro,loop=/dev/loop1)
[root@andreys-comp isotemp2]# ls -l
total 180
drwxr-xr-x 2 root root 4096 Oct 2 2009 SELinux
[root@andreys-comp isotemp2]# cd SELinux/
[root@andreys-comp SELinux]# ls
[root@andreys-comp SELinux]#
It is also empty! Where all SELinux code?
Now, may be I tell much about SELinux folders, but the question about my general trouble with SELinux is not less important for me.
So, if I enable SELinux I get kernel panic (even if I up in runlevel 1).
After booting with LiveCD and disabling it, all work again.
So I have two questions:
Where are all compiled SELinux objects?
How I give back harmony and peace to my computer's world?
You could try to boot the live CD, chroot to your disk, mount all the proper mount points (dev ect) and try something like (this may be wrong but I think you get the idea)
yum remove selinux
yum install selinux