Guide to spotting virus in System32 dir!

Welcome everybody to this guide on spotting viruses in your System32 directory!

Recently I got a rootkit set into my C:\WINDOWS\System32\Drivers directory. This is a very big problem, as it is not easy to delete these files (please see my deleting any files on your computer for further details on how to deal with these).
These programs are dangerous, because they make your windows believe that it's an important driver or a sys32 file. The only way to shut these down and delete them is by deleting it in recovery mode with cmd, where not all elements (only the most important ones) of Windows start up.

But how do I spot a virus in my System32?
Simple!

Open 'My Computer' and type in: C:\WINDOWS\System32
This is the general path to your System32 directory.

Usually now you will see all types of files, most of them being .sys, but how do I open them?
This time I'll use Sys32\Drivers directory for an example!
Step #1:


Once you have opened it with a Notepad, you should see something like this:


If you cannot acces the .sys file with notepad, you should be very aware, that it is either a virus, or something that you do NOT want in that directory!

Hope you enjoyed my guide and found it useful,
thank you for reading!

 

Nice guide! Good luck on UE

 

great guide, thanks mate!!

 

great guide, thanks mate!!