List of valid system files for Win2K

I had one of those BOT IRC trojans and thanks to the software I found through these sites, I was able to get rid of it. So thanks!

I decided to take back control of this box, by figuring out what each system file does for a living, and how.

For starters what is the proper size of SVCHOST.exe for Win2k SP 4. Can't find it on any MSFT site.

Then, where CAN I find a baseline or benchmark list of all the system files I should have for my system?

 

Instead of trying to do it manually I think you would have better luck with some utilities:

The utility SFC.EXE allows you to check all your system files and make sure they match the signature of the original files.

Though SFC will not help against vira which places files named as system files (Like SVCHOST.EXE) in non-standard locations on your HDD.
To handle this scenario then you need to get hold of some AntiVira software. There are plenty to choose from, just need to find your own favorite.

 

SFC.EXE... how

Finally got them all (AV, anti-pest, anti-bot, anti-ad, anti-spy, anti-spam, reg cleaner) - I removed Troj/Zcrew and variants. Am sure I happily wiped out a few Win2K system files as well.

I found SFC.exe in Winnt/system32 but cannot find a place to run it from (e.g., from win administrative tools?). Course it doesn't run from Start>Run.

PS How do I get back good copies of these puppies (MSFT?) which I undestand are necessary system files:

libparse.exe
psexec.exe
rcfg.ini
rconnect.conf
rconnect.exe

 

SFC.EXE is a command line utility, press Start and Run.. the command cmd and a prompt is started. In this prompt you can write sfc and press enter and you will see it's options.
If you think it is too much trouble you can just execute this command from Start -> Run..:

None of the files you have listed exists on my Win2k Sp4 install.
libparse.exe : Seems to be a virus
psexec.exe : Seems to be a telnet client (though not needed)
rconnect.exe : Seems to be a virus.

 

SFC says it needs my original win2K CD...

... to start its checking, and of course, those CD's are from 2001, and somewhere in the rubble down here.

Is there any other way/place/means/literature available where I'd be able to review a list of Win2K SP4 file specs that define this OS product?

I can put my filespecs in a spreadsheet and compare against a benchmark list if necessary; I'd not mind at all doing this semi-manually at this point.

 

You must have an awful lot of time , and this comes from one who is already wasting too much time on stupid things

I guess you could do the following:

1. Copy the files on your Win2k Install CD to your HDD.
2. Slipstream SP4 on top of the install files on your HDD
3. Make a batch file which extract all the .??_ files to another location on your HDD
4. Find a binary file compare utility and compare your the files in your system directories with the extracted install files.

But if you don't have the Win2k install CD, then I guess you crusade must stop here. And if you did have the Win2k install CD then I would rather recommend you to trust SFC than going through the above operation as it is pretty anal.

 

I don't have the Win2K install disk ...

... can I be the only person who has lost original disks in the downtown rubble and come back to it two years later. I don't think this means I should stop doing what I need to do to take control of this box even at this late date.

Now where else would I find a list of the Win2K SP4 files that define what Win2K does for a living?

Someone - somewhere - has to know where and what these little puppies do for a living and how many of them are in the Win2K litter!!

 

... need to grok my Win2K system b/c

... despite all the AV, bot, registry cleaning, etc. system scrubbing and cleaning activities... I still can't load .NET framework 1.1.

Tried 9-10 times, and it takes hours to get to the end of the install progress bar, then it hangs. Here's the log. When I force a reboot, it says the install failed.

[12/06/03,19:42:22] Starting Install.exe
[12/06/03,19:42:22] Parsing switches from commandline: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\Install.exe
[12/06/03,19:42:22] SourceDir: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
[12/06/03,19:42:22] Install started
[12/06/03,19:42:22] Checking system requirements
[12/06/03,19:42:22] OS: Win 2k
[12/06/03,19:42:22] Ver:
[12/06/03,19:42:22] SP: Service Pack 4
[12/06/03,19:42:22] Checking Internet Explorer Version
[12/06/03,19:42:22] Looking for 5.0.2919.6307
[12/06/03,19:42:22] Found Internet Explorer Version: 6.0.2800.1106
[12/06/03,19:42:22] Internet Explorer Version is OK...
[12/06/03,19:42:22] System meets minimum requirements
[12/06/03,19:42:22] Checking Windows Installer version...
[12/06/03,19:42:22] Trying to load msi.dll
[12/06/03,19:42:22] Loading: C:\WINNT\System32\msi.dll
[12/06/03,19:42:22] msi.dll loaded ok
[12/06/03,19:42:22] Looking for: 2.0.2600
[12/06/03,19:42:22] Found: 2.0.2600
[12/06/03,19:42:22] Windows Installer version ok
[12/06/03,19:42:22] Finished Checking Windows Installer version.
[12/06/03,19:42:22] Trying to load msi.dll
[12/06/03,19:42:22] Loading: C:\WINNT\System32\msi.dll
[12/06/03,19:42:22] Looking for mscoree.dll from PDC
[12/06/03,19:42:22] mscoree.dll from PDC is not installed local
[12/06/03,19:42:22] Looking for mscoree.dll from Beta
[12/06/03,19:42:22] mscoree.dll is not installed local
[12/06/03,19:42:22] Trying to load msi.dll
[12/06/03,19:42:22] Loading: C:\WINNT\System32\msi.dll
[12/06/03,19:42:22] Installing: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\netfx.msi
[12/06/03,19:42:22] Checking IIS...
[12/06/03,19:42:22] Checking MDAC Version
[12/06/03,19:42:22] Looking for 2.70.7713.0
[12/06/03,19:42:22] Found MDAC Version: 2.80.1022.3
[12/06/03,19:42:22] MDAC Version OK
[12/06/03,19:42:22] StopDarwinService(): Darwin Service was already stopped
[12/06/03,19:42:22] Trying to load msi.dll
[12/06/03,19:42:22] Loading: C:\WINNT\System32\msi.dll
[12/06/03,19:42:22] Full UI
[12/06/03,19:42:22] Calling MsiInstallProduct() with commandline: REBOOT=ReallySuppress

So I have to think there's some file missing from my Win2K SP4 system files. I don't mind sloggin through it.