Guest Santander Posted September 18, 2008 Posted September 18, 2008 Someone run untested self-extracting archive (executable) on work PC. I checked Event Viewer tasks and find there: System -> Source: Windows File Protection Event Type: Information Event Source: Windows File Protection Event Category: None Event ID: 64002 Date: 2008.09.17. Time: 9:59:49 User: N/A Computer: UserName Description: File replacement was attempted on the protected system file setup.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Has been replaced this system file or not?(is if was restored). What is this file and where? Thanks.
Guest Pegasus \(MVP\) Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? "Santander" <santander@microsoft.news> wrote in message news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl... > Someone run untested self-extracting archive (executable) on work PC. I > checked Event Viewer tasks and find there: > > System -> Source: Windows File Protection > > Event Type: Information > Event Source: Windows File Protection > Event Category: None > Event ID: 64002 > Date: 2008.09.17. > Time: 9:59:49 > User: N/A > Computer: UserName > Description: > File replacement was attempted on the protected system file setup.exe. > This > file was restored to the original version to maintain system stability. > The > file version of the system file is 5.1.2600.5512. > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > Has been replaced this system file or not?(is if was restored). What is > this file and where? > > Thanks. > It appears that you tried to replace the system file setup.exe with a different file. The Windows File Protection mechanism subsequently restored the file to its original version.
Guest ju.c Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'. > "file version of the system file is 5.1.2600.5512" That is correct for WinXP SP3. 'Windows File Protection' has done its job. Everything looks fine. ju.c "Santander" <santander@microsoft.news> wrote in message news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl... > Someone run untested self-extracting archive (executable) on work PC. I checked Event > Viewer tasks and find there: > > System -> Source: Windows File Protection > > Event Type: Information > Event Source: Windows File Protection > Event Category: None > Event ID: 64002 > Date: 2008.09.17. > Time: 9:59:49 > User: N/A > Computer: UserName > Description: > File replacement was attempted on the protected system file setup.exe. This > file was restored to the original version to maintain system stability. The > file version of the system file is 5.1.2600.5512. > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > Has been replaced this system file or not?(is if was restored). What is this file and > where? > > Thanks. > >
Guest Santander Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? I find no setup.exe in windows system32 folder, there is setupapi.dll v. 5.1.2600.5512 setupdll.dll v. 5.1.2600.0 The application is old HHD Sector Scan utility (Floppy Version) 3.0 from SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR archive. Not clear why this utility tried to replace setup. Probably virus?? I checked file on online scanner, http://www.virustotal.com, and few antiviruses show that there is a virus: Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen eSafe 7.0.17.0 2008.09.17 Suspicious File Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware eSafe 7.0.17.0 2008.09.17 Suspicious File NOD32 and Kaspersky does not detected anything. Is this false positive? But we know new viruses appears every day. Please give the advice. ------------- "ju.c" <bibidybubidyboop@mailnator.com> wrote in message news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl... > The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'. > > >> "file version of the system file is 5.1.2600.5512" > > That is correct for WinXP SP3. 'Windows File Protection' has done its job. > Everything looks fine. > > > ju.c > > > "Santander" <santander@microsoft.news> wrote in message > news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl... >> Someone run untested self-extracting archive (executable) on work PC. I >> checked Event Viewer tasks and find there: >> >> System -> Source: Windows File Protection >> >> Event Type: Information >> Event Source: Windows File Protection >> Event Category: None >> Event ID: 64002 >> Date: 2008.09.17. >> Time: 9:59:49 >> User: N/A >> Computer: UserName >> Description: >> File replacement was attempted on the protected system file setup.exe. >> This >> file was restored to the original version to maintain system stability. >> The >> file version of the system file is 5.1.2600.5512. >> For more information, see Help and Support Center at >> http://go.microsoft.com/fwlink/events.asp. >> >> Has been replaced this system file or not?(is if was restored). What is >> this file and where? >> >> Thanks. >> >>
Guest ju.c Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? It could be infected, or it could be a false positive. Hard to say. If you don't need it, delete it. To restore setup.exe, insert the Windows CD, if it auto starts select exit, and open the Run box and enter: sfc /scannow ju.c "Santander" <santander@microsoft.news> wrote in message news:#Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl... > I find no setup.exe in windows system32 folder, there is setupapi.dll v. 5.1.2600.5512 > setupdll.dll v. 5.1.2600.0 > The application is old HHD Sector Scan utility (Floppy Version) 3.0 from SalvationDATA > Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR archive. > > Not clear why this utility tried to replace setup. Probably virus?? > I checked file on online scanner, http://www.virustotal.com, and few antiviruses show > that there is a virus: > > Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen > eSafe 7.0.17.0 2008.09.17 Suspicious File > Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware > eSafe 7.0.17.0 2008.09.17 Suspicious File > > NOD32 and Kaspersky does not detected anything. Is this false positive? But we know new > viruses appears every day. Please give the advice. > > ------------- > > > > > "ju.c" <bibidybubidyboop@mailnator.com> wrote in message > news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl... >> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'. >> >> >>> "file version of the system file is 5.1.2600.5512" >> >> That is correct for WinXP SP3. 'Windows File Protection' has done its job. Everything >> looks fine. >> >> >> ju.c >> >> >> "Santander" <santander@microsoft.news> wrote in message >> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl... >>> Someone run untested self-extracting archive (executable) on work PC. I checked Event >>> Viewer tasks and find there: >>> >>> System -> Source: Windows File Protection >>> >>> Event Type: Information >>> Event Source: Windows File Protection >>> Event Category: None >>> Event ID: 64002 >>> Date: 2008.09.17. >>> Time: 9:59:49 >>> User: N/A >>> Computer: UserName >>> Description: >>> File replacement was attempted on the protected system file setup.exe. This >>> file was restored to the original version to maintain system stability. The >>> file version of the system file is 5.1.2600.5512. >>> For more information, see Help and Support Center at >>> http://go.microsoft.com/fwlink/events.asp. >>> >>> Has been replaced this system file or not?(is if was restored). What is this file and >>> where? >>> >>> Thanks. >>> >>> >
Guest Pegasus \(MVP\) Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? Here are the details for c:\windows\system32\setup.exe on my WinXP Pro machine: --a-- W32i APP ENU 5.1.2600.5512 shp 23,040 04-14-2008 setup.exe Perhaps your file is hidden. If it is really missing then you can restore it from the i386 folder of your WinXP installation CD. In this case the Windows File Protection mechanism won't interfere. "Santander" <santander@microsoft.news> wrote in message news:%23Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl... >I find no setup.exe in windows system32 folder, there is setupapi.dll v. >5.1.2600.5512 setupdll.dll v. 5.1.2600.0 > The application is old HHD Sector Scan utility (Floppy Version) 3.0 from > SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR > archive. > > Not clear why this utility tried to replace setup. Probably virus?? > I checked file on online scanner, http://www.virustotal.com, and few > antiviruses show that there is a virus: > > Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen > eSafe 7.0.17.0 2008.09.17 Suspicious File > Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware > eSafe 7.0.17.0 2008.09.17 Suspicious File > > NOD32 and Kaspersky does not detected anything. Is this false positive? > But we know new viruses appears every day. Please give the advice. > > ------------- > > > > > "ju.c" <bibidybubidyboop@mailnator.com> wrote in message > news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl... >> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'. >> >> >>> "file version of the system file is 5.1.2600.5512" >> >> That is correct for WinXP SP3. 'Windows File Protection' has done its >> job. Everything looks fine. >> >> >> ju.c >> >> >> "Santander" <santander@microsoft.news> wrote in message >> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl... >>> Someone run untested self-extracting archive (executable) on work PC. I >>> checked Event Viewer tasks and find there: >>> >>> System -> Source: Windows File Protection >>> >>> Event Type: Information >>> Event Source: Windows File Protection >>> Event Category: None >>> Event ID: 64002 >>> Date: 2008.09.17. >>> Time: 9:59:49 >>> User: N/A >>> Computer: UserName >>> Description: >>> File replacement was attempted on the protected system file setup.exe. >>> This >>> file was restored to the original version to maintain system stability. >>> The >>> file version of the system file is 5.1.2600.5512. >>> For more information, see Help and Support Center at >>> http://go.microsoft.com/fwlink/events.asp. >>> >>> Has been replaced this system file or not?(is if was restored). What is >>> this file and where? >>> >>> Thanks. >>> >>> >
Guest Santander Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? I enabled to show hidden files, but there are no setup.exe If this protected system file exist and the file "file was restored to the original version to maintain system stability" as show th EventViewer, where is this file? Or it can be lost during SP3 update process? How to search for this file with Search tool with advanced command to show hidden files? To restore setup.exe from CD, how long this can take? sfc /scannow ------------------ "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message news:uC0hT0XGJHA.4056@TK2MSFTNGP05.phx.gbl... > Here are the details for c:\windows\system32\setup.exe on my WinXP Pro > machine: > --a-- W32i APP ENU 5.1.2600.5512 shp 23,040 04-14-2008 setup.exe > > Perhaps your file is hidden. If it is really missing then you can restore > it from the i386 folder of your WinXP installation CD. In this case the > Windows File Protection mechanism won't interfere. > > > "Santander" <santander@microsoft.news> wrote in message > news:%23Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl... >>I find no setup.exe in windows system32 folder, there is setupapi.dll v. >>5.1.2600.5512 setupdll.dll v. 5.1.2600.0 >> The application is old HHD Sector Scan utility (Floppy Version) 3.0 from >> SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR >> archive. >> >> Not clear why this utility tried to replace setup. Probably virus?? >> I checked file on online scanner, http://www.virustotal.com, and few >> antiviruses show that there is a virus: >> >> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen >> eSafe 7.0.17.0 2008.09.17 Suspicious File >> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware >> eSafe 7.0.17.0 2008.09.17 Suspicious File >> >> NOD32 and Kaspersky does not detected anything. Is this false positive? >> But we know new viruses appears every day. Please give the advice. >> >> ------------- >> >> >> >> >> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message >> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl... >>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'. >>> >>> >>>> "file version of the system file is 5.1.2600.5512" >>> >>> That is correct for WinXP SP3. 'Windows File Protection' has done its >>> job. Everything looks fine. >>> >>> >>> ju.c >>> >>> >>> "Santander" <santander@microsoft.news> wrote in message >>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl... >>>> Someone run untested self-extracting archive (executable) on work PC. I >>>> checked Event Viewer tasks and find there: >>>> >>>> System -> Source: Windows File Protection >>>> >>>> Event Type: Information >>>> Event Source: Windows File Protection >>>> Event Category: None >>>> Event ID: 64002 >>>> Date: 2008.09.17. >>>> Time: 9:59:49 >>>> User: N/A >>>> Computer: UserName >>>> Description: >>>> File replacement was attempted on the protected system file setup.exe. >>>> This >>>> file was restored to the original version to maintain system stability. >>>> The >>>> file version of the system file is 5.1.2600.5512. >>>> For more information, see Help and Support Center at >>>> http://go.microsoft.com/fwlink/events.asp. >>>> >>>> Has been replaced this system file or not?(is if was restored). What is >>>> this file and where? >>>> >>>> Thanks. >>>> >>>> >> > >
Guest Santander Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? I deleted it, but since other person launched that file on my PC, I have no idea what modification it done. Can EventViewer show wrong report? ------------- "ju.c" <bibidybubidyboop@mailnator.com> wrote in message news:OIP2WxXGJHA.4760@TK2MSFTNGP05.phx.gbl... > It could be infected, or it could be a false positive. Hard to say. > If you don't need it, delete it. > > To restore setup.exe, insert the Windows CD, if it auto starts select > exit, and open the Run box and enter: > > sfc /scannow > > > ju.c > > > "Santander" <santander@microsoft.news> wrote in message > news:#Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl... >> I find no setup.exe in windows system32 folder, there is setupapi.dll v. >> 5.1.2600.5512 setupdll.dll v. 5.1.2600.0 >> The application is old HHD Sector Scan utility (Floppy Version) 3.0 from >> SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR >> archive. >> >> Not clear why this utility tried to replace setup. Probably virus?? >> I checked file on online scanner, http://www.virustotal.com, and few >> antiviruses show that there is a virus: >> >> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen >> eSafe 7.0.17.0 2008.09.17 Suspicious File >> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware >> eSafe 7.0.17.0 2008.09.17 Suspicious File >> >> NOD32 and Kaspersky does not detected anything. Is this false positive? >> But we know new viruses appears every day. Please give the advice. >> >> ------------- >> >> >> >> >> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message >> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl... >>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'. >>> >>> >>>> "file version of the system file is 5.1.2600.5512" >>> >>> That is correct for WinXP SP3. 'Windows File Protection' has done its >>> job. Everything looks fine. >>> >>> >>> ju.c >>> >>> >>> "Santander" <santander@microsoft.news> wrote in message >>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl... >>>> Someone run untested self-extracting archive (executable) on work PC. I >>>> checked Event Viewer tasks and find there: >>>> >>>> System -> Source: Windows File Protection >>>> >>>> Event Type: Information >>>> Event Source: Windows File Protection >>>> Event Category: None >>>> Event ID: 64002 >>>> Date: 2008.09.17. >>>> Time: 9:59:49 >>>> User: N/A >>>> Computer: UserName >>>> Description: >>>> File replacement was attempted on the protected system file setup.exe. >>>> This >>>> file was restored to the original version to maintain system stability. >>>> The >>>> file version of the system file is 5.1.2600.5512. >>>> For more information, see Help and Support Center at >>>> http://go.microsoft.com/fwlink/events.asp. >>>> >>>> Has been replaced this system file or not?(is if was restored). What is >>>> this file and where? >>>> >>>> Thanks. >>>> >>>> >>
Guest Pegasus \(MVP\) Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? There are two ways in which this file can get lost: 1. You delete it by mistake. 2. It gets deleted by malware or by a virus. The SP3 installation will NOT delete this file. You can restore it like so: 1. Click Start/Run/cmd{OK} 2. Type this command: expand X:\i386\setup.ex_ c:\windows\system32\setup.exe{Enter} (Replace X: with the drive letter of your CD drive) "Santander" <santander@microsoft.news> wrote in message news:eQbq$SYGJHA.5244@TK2MSFTNGP04.phx.gbl... >I enabled to show hidden files, but there are no setup.exe > If this protected system file exist and the file "file was restored to > the original version to maintain system stability" as show th EventViewer, > where is this file? > Or it can be lost during SP3 update process? How to search for this file > with Search tool with advanced command to show hidden files? > > To restore setup.exe from CD, how long this can take? > sfc /scannow > > ------------------ > > > > "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message > news:uC0hT0XGJHA.4056@TK2MSFTNGP05.phx.gbl... >> Here are the details for c:\windows\system32\setup.exe on my WinXP Pro >> machine: >> --a-- W32i APP ENU 5.1.2600.5512 shp 23,040 04-14-2008 setup.exe >> >> Perhaps your file is hidden. If it is really missing then you can restore >> it from the i386 folder of your WinXP installation CD. In this case the >> Windows File Protection mechanism won't interfere. >> >> >> "Santander" <santander@microsoft.news> wrote in message >> news:%23Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl... >>>I find no setup.exe in windows system32 folder, there is setupapi.dll v. >>>5.1.2600.5512 setupdll.dll v. 5.1.2600.0 >>> The application is old HHD Sector Scan utility (Floppy Version) 3.0 from >>> SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX >>> RAR archive. >>> >>> Not clear why this utility tried to replace setup. Probably virus?? >>> I checked file on online scanner, http://www.virustotal.com, and few >>> antiviruses show that there is a virus: >>> >>> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen >>> eSafe 7.0.17.0 2008.09.17 Suspicious File >>> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware >>> eSafe 7.0.17.0 2008.09.17 Suspicious File >>> >>> NOD32 and Kaspersky does not detected anything. Is this false positive? >>> But we know new viruses appears every day. Please give the advice. >>> >>> ------------- >>> >>> >>> >>> >>> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message >>> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl... >>>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'. >>>> >>>> >>>>> "file version of the system file is 5.1.2600.5512" >>>> >>>> That is correct for WinXP SP3. 'Windows File Protection' has done its >>>> job. Everything looks fine. >>>> >>>> >>>> ju.c >>>> >>>> >>>> "Santander" <santander@microsoft.news> wrote in message >>>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl... >>>>> Someone run untested self-extracting archive (executable) on work PC. >>>>> I checked Event Viewer tasks and find there: >>>>> >>>>> System -> Source: Windows File Protection >>>>> >>>>> Event Type: Information >>>>> Event Source: Windows File Protection >>>>> Event Category: None >>>>> Event ID: 64002 >>>>> Date: 2008.09.17. >>>>> Time: 9:59:49 >>>>> User: N/A >>>>> Computer: UserName >>>>> Description: >>>>> File replacement was attempted on the protected system file setup.exe. >>>>> This >>>>> file was restored to the original version to maintain system >>>>> stability. The >>>>> file version of the system file is 5.1.2600.5512. >>>>> For more information, see Help and Support Center at >>>>> http://go.microsoft.com/fwlink/events.asp. >>>>> >>>>> Has been replaced this system file or not?(is if was restored). What >>>>> is this file and where? >>>>> >>>>> Thanks. >>>>> >>>>> >>> >> >> >
Guest Santander Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? I am sure I did not deleted this file. I copied this file from CD, though I typed this command not in DOS box, but directly in Run window (by mistake), so this also works. File version. is 5.1.2600.5512 So the thing is what deleted it from system32 folder. ------------ "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message news:u1tA9yYGJHA.4992@TK2MSFTNGP04.phx.gbl... > There are two ways in which this file can get lost: > 1. You delete it by mistake. > 2. It gets deleted by malware or by a virus. > > The SP3 installation will NOT delete this file. You can restore it like > so: > 1. Click Start/Run/cmd{OK} > 2. Type this command: > expand X:\i386\setup.ex_ c:\windows\system32\setup.exe{Enter} > (Replace X: with the drive letter of your CD drive) > > "Santander" <santander@microsoft.news> wrote in message > news:eQbq$SYGJHA.5244@TK2MSFTNGP04.phx.gbl... >>I enabled to show hidden files, but there are no setup.exe >> If this protected system file exist and the file "file was restored to >> the original version to maintain system stability" as show th >> EventViewer, >> where is this file? >> Or it can be lost during SP3 update process? How to search for this file >> with Search tool with advanced command to show hidden files? >> >> To restore setup.exe from CD, how long this can take? >> sfc /scannow >> >> ------------------ >> >> >> >> "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message >> news:uC0hT0XGJHA.4056@TK2MSFTNGP05.phx.gbl... >>> Here are the details for c:\windows\system32\setup.exe on my WinXP Pro >>> machine: >>> --a-- W32i APP ENU 5.1.2600.5512 shp 23,040 04-14-2008 setup.exe >>> >>> Perhaps your file is hidden. If it is really missing then you can >>> restore >>> it from the i386 folder of your WinXP installation CD. In this case the >>> Windows File Protection mechanism won't interfere. >>> >>> >>> "Santander" <santander@microsoft.news> wrote in message >>> news:%23Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl... >>>>I find no setup.exe in windows system32 folder, there is setupapi.dll >>>>v. >>>>5.1.2600.5512 setupdll.dll v. 5.1.2600.0 >>>> The application is old HHD Sector Scan utility (Floppy Version) 3.0 >>>> from >>>> SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX >>>> RAR archive. >>>> >>>> Not clear why this utility tried to replace setup. Probably virus?? >>>> I checked file on online scanner, http://www.virustotal.com, and few >>>> antiviruses show that there is a virus: >>>> >>>> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen >>>> eSafe 7.0.17.0 2008.09.17 Suspicious File >>>> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware >>>> eSafe 7.0.17.0 2008.09.17 Suspicious File >>>> >>>> NOD32 and Kaspersky does not detected anything. Is this false positive? >>>> But we know new viruses appears every day. Please give the advice. >>>> >>>> ------------- >>>> >>>> >>>> >>>> >>>> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message >>>> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl... >>>>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'. >>>>> >>>>> >>>>>> "file version of the system file is 5.1.2600.5512" >>>>> >>>>> That is correct for WinXP SP3. 'Windows File Protection' has done its >>>>> job. Everything looks fine. >>>>> >>>>> >>>>> ju.c >>>>> >>>>> >>>>> "Santander" <santander@microsoft.news> wrote in message >>>>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl... >>>>>> Someone run untested self-extracting archive (executable) on work PC. >>>>>> I checked Event Viewer tasks and find there: >>>>>> >>>>>> System -> Source: Windows File Protection >>>>>> >>>>>> Event Type: Information >>>>>> Event Source: Windows File Protection >>>>>> Event Category: None >>>>>> Event ID: 64002 >>>>>> Date: 2008.09.17. >>>>>> Time: 9:59:49 >>>>>> User: N/A >>>>>> Computer: UserName >>>>>> Description: >>>>>> File replacement was attempted on the protected system file >>>>>> setup.exe. >>>>>> This >>>>>> file was restored to the original version to maintain system >>>>>> stability. The >>>>>> file version of the system file is 5.1.2600.5512. >>>>>> For more information, see Help and Support Center at >>>>>> http://go.microsoft.com/fwlink/events.asp. >>>>>> >>>>>> Has been replaced this system file or not?(is if was restored). What >>>>>> is this file and where? >>>>>> >>>>>> Thanks. >>>>>> >>>>>> >>>> >>> >>> >> > > >
Guest Pegasus \(MVP\) Posted September 18, 2008 Posted September 18, 2008 Re: Has been file replaced? "Santander" <santander@microsoft.news> wrote in message news:eNtEZKZGJHA.5084@TK2MSFTNGP02.phx.gbl... >I am sure I did not deleted this file. I copied this file from CD, though I >typed this command not in DOS box, but directly in Run window (by mistake), >so this also works. > File version. is 5.1.2600.5512 > So the thing is what deleted it from system32 folder. I gave you the two possible reasons in my previous reply. Since this is your machine and not mine, you're the best judge to pick the most likely one.
Recommended Posts