linux - System32 folder is completely empty

07
2014-07
  • arielnmz

    This laptop has a virus and it replaces the windows explorer shell for a frame that displays a spooky interpol message about having to pay a fine and things like that.

    I've found that in order to delete it I have to edit the registry and fix some entries it changed so I can boot and delete the virus' files. The thing is that I can't access the registry nor the task manager (if I try to start the computer in secure mode it restarts as soon as I am prompted for a password), so I decided to use a linux live image. I can mount the windows partition but the System 32 directory is completely empty, I've tried to list files inside it (with ls) and even trying to find any exe's or dll's with find without luck. The system directory, however, only has a few .sys files inside, but nothing else.

    How can I see those files? Were they really removed? Is it a problem in the filesystem?

    The computer is not mine and I can only format it as a last resource (it has many many files).

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    linux - Empty folder and kernel panic when trying to get SELinux working
  • Rodnower

    I have very strange things with SELinux.
    My post may be will bit disordered, because I'm not completely understand what is going on.

    Before all the story, I had good and very stable Linux installation: 

    CentOS 5.5  
uname -a:  
    Linux andreys-comp 2.6.18-194.8.1.el5xen #1 SMP
    Thu Jul 1 19:41:05 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux  

getenforce  
echo $? 
0

    But one day (yesterday) I decided to do yum update and in parallel:
    cvs -d:pserver:[email protected]:/cvsroot/SELinux -z3 co nsa
    (cvs downloaded all files to /SELinux directory that created itself)

    After downloading I read README where it says that for completely install self compiled SELinux I need do:

    make menuconfig  
make  
make install

    I did only make (!), but directly after that my computer become crazy.
    I don't know whether all this because of system update, or SELinux compilation or both, but Firefox stopped display pages and when I try to run system-config-SELinux that I recently installed, I get:

    /usr/lib64/Python2.4/site-packages/SELinux/_SELinux.so: undefined symbol: SELinux_check_securetty_context

    and not run.
    After that I rebooted the system, during system up I get kernel panic and some thing like: "failed to apply SELinux policy" (I don't remember exactly, the message don't stay on screen enough time because computer go down)
    So what I did, is to run from LiveCD for disable SELinux in /etc/SELinux/config file, but (!) (here comes culmination moment) when I run ls on / of LiveCD file system, I see: 

    [root@livecd /]# ls -la  
total 180  

drwxr-xr-x   4 root root     0 Aug  9 18:23 SELinux

    But it is virtual filesystem! I remember that cvs downloaded all source to /SELinux.
    This is context of this directory: system_u:object_r:security_t
    More of this, /SELinux directory even had files inside of it. One of them was null character device.
    Is this regular directory of LiveCD's file system? Or this is my recently created by cvs directory in some mysterious storage and insidiously mounted to root file system of LiveCD?

    After that I mounted my hard disk's root file system, I did ls and found my SELinux directory that stay there completely competently: 

    [root@livecd VolGroup00-LogVol01]# ls -la  
total 240  

drwxr-xr-x   2 root   root    4096 Jun  5 07:01 SELinux

    but (!) this directory now was empty inside! This is context of the directory: system_u:object_r:file_t

    This is mountings that were in LiveCD mode:

    /dev/mapper/live-rw on / type ext3 (rw,noatime) 
proc on /proc type proc (rw)  
sysfs on /sys type sysfs (rw)  
devpts on /dev/pts type devpts (rw,gid=5,mode=620)  
tmpfs on /dev/shm type tmpfs (rw)  
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)  
/dev/hdc on /mnt/live type iso9660 (ro)  
/dev/sda2 on /mnt/disc/sda2 type ext3 (ro)  
/dev/sda6 on /mnt/disc/sda6 type vfat (ro,uid=500)  
/dev/mapper/VolGroup00-LogVol01 on /mnt/lvm/VolGroup00-LogVol01 type ext3 (rw)  
/dev/mapper/VolGroup00-LogVol00 on /mnt/lvm/VolGroup00-LogVol00 type ext3 (ro)

    After all this I disabled SELinux in appropriate file: 

    SELinux=disabled  
SELinuxTYPE=targeted  
SETLOCALDEFS=0

    And I have restarted my computer. After booting up, I do ls on root again and see that again I have SELinux directory, but it again empty! 

    [root@andreys-comp SELinux]# pwd  
/SELinux  
[root@andreys-comp SELinux]# ls  
[root@andreys-comp SELinux]#

    More of this. When I booted from hard disk, I mounted the squashfs.img on LiveCD and ext3fs.img on it, that contains all root file system, and this what I see: 

    [root@andreys-comp isotemp2]# mount  

/isotemp/LiveOS/ext3fs.img on /isotemp2 type ext3 (ro,loop=/dev/loop1)  

[root@andreys-comp isotemp2]# ls -l  
total 180  

drwxr-xr-x  2 root root  4096 Oct  2  2009 SELinux  

[root@andreys-comp isotemp2]# cd SELinux/  
[root@andreys-comp SELinux]# ls  
[root@andreys-comp SELinux]#

    It is also empty! Where all SELinux code?

    Now, may be I tell much about SELinux folders, but the question about my general trouble with SELinux is not less important for me.
    So, if I enable SELinux I get kernel panic (even if I up in runlevel 1).
    After booting with LiveCD and disabling it, all work again.

    So I have two questions:

    1. Where are all compiled SELinux objects?

    2. How I give back harmony and peace to my computer's world?


    • Related Answers
  • Nathan Adams

    You could try to boot the live CD, chroot to your disk, mount all the proper mount points (dev ect) and try something like (this may be wrong but I think you get the idea)

    yum remove selinux
yum install selinux