Comment by kijin

23 days ago

Malware can't modify files in System32, but it can drop extra files in there no problem. The only way to find and clean them up is a clean install.

In Linux, one could write a script that reinstalls all packages, cleans up anything that doesn't belong to an installed package, and asks you about files it's not sure about. It's easy to modify a Linux system, but just as easy to restore it to a known state.

6 comments

kijin

tonymet 23 days ago

False . Even escalated sustem32 is blocked by protected folders. The write silently fails and logs to MS Defender

kijin 23 days ago
Well, try again. I just managed to copy a random .exe to C:\Windows\System32 using an administrator account. I got a typical UAC dialog that most people would blindly click "Continue" on, and the copy succeeded. :)
- tonymet 22 days ago
  
  And you likely have protected folders and certainly s mode disabled
  
  2 replies →
- tonymet 22 days ago
  
  That’s via explorer not an installer