WingNews logo WingNews
top | item 46882245

(no title)

kijin | 26 days ago

Malware can't modify files in System32, but it can drop extra files in there no problem. The only way to find and clean them up is a clean install.

In Linux, one could write a script that reinstalls all packages, cleans up anything that doesn't belong to an installed package, and asks you about files it's not sure about. It's easy to modify a Linux system, but just as easy to restore it to a known state.

discuss

order

tonymet|26 days ago

False . Even escalated sustem32 is blocked by protected folders. The write silently fails and logs to MS Defender

kijin|26 days ago

Well, try again. I just managed to copy a random .exe to C:\Windows\System32 using an administrator account. I got a typical UAC dialog that most people would blindly click "Continue" on, and the copy succeeded. :)