Jump to content

Has been file replaced?

Guest Santander

By Guest Santander
September 18, 2008 in Windows XP

Share

https://extremetechsupport.com/topic/115720-has-been-file-replaced/

Recommended Posts

Guest Santander

Guest Santander

Posted September 18, 2008

Posted September 18, 2008

Someone run untested self-extracting archive (executable) on work PC. I

checked Event Viewer tasks and find there:

System -> Source: Windows File Protection

Event Type: Information

Event Source: Windows File Protection

Event Category: None

Event ID: 64002

Date: 2008.09.17.

Time: 9:59:49

User: N/A

Computer: UserName

Description:

File replacement was attempted on the protected system file setup.exe. This

file was restored to the original version to maintain system stability. The

file version of the system file is 5.1.2600.5512.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Has been replaced this system file or not?(is if was restored). What is this

file and where?

Thanks.

Popular Days

Sep 18

11

Popular Days

Sep 18 2008

11 posts

$Guest Pegasus \(MVP\)$

Guest Pegasus \(MVP\)

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

"Santander" <santander@microsoft.news> wrote in message

news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl...

> Someone run untested self-extracting archive (executable) on work PC. I

> checked Event Viewer tasks and find there:

>

> System -> Source: Windows File Protection

>

> Event Type: Information

> Event Source: Windows File Protection

> Event Category: None

> Event ID: 64002

> Date: 2008.09.17.

> Time: 9:59:49

> User: N/A

> Computer: UserName

> Description:

> File replacement was attempted on the protected system file setup.exe.

> This

> file was restored to the original version to maintain system stability.

> The

> file version of the system file is 5.1.2600.5512.

> For more information, see Help and Support Center at

> http://go.microsoft.com/fwlink/events.asp.

>

> Has been replaced this system file or not?(is if was restored). What is

> this file and where?

>

> Thanks.

>

It appears that you tried to replace the system file setup.exe with a

different file. The Windows File Protection mechanism subsequently restored

the file to its original version.

Guest ju.c

Guest ju.c

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'.

> "file version of the system file is 5.1.2600.5512"

That is correct for WinXP SP3. 'Windows File Protection' has done its job. Everything

looks fine.

ju.c

"Santander" <santander@microsoft.news> wrote in message

news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl...

> Someone run untested self-extracting archive (executable) on work PC. I checked Event

> Viewer tasks and find there:

>

> System -> Source: Windows File Protection

>

> Event Type: Information

> Event Source: Windows File Protection

> Event Category: None

> Event ID: 64002

> Date: 2008.09.17.

> Time: 9:59:49

> User: N/A

> Computer: UserName

> Description:

> File replacement was attempted on the protected system file setup.exe. This

> file was restored to the original version to maintain system stability. The

> file version of the system file is 5.1.2600.5512.

> For more information, see Help and Support Center at

> http://go.microsoft.com/fwlink/events.asp.

>

> Has been replaced this system file or not?(is if was restored). What is this file and

> where?

>

> Thanks.

>

>

Guest Santander

Guest Santander

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

I find no setup.exe in windows system32 folder, there is setupapi.dll v.

5.1.2600.5512 setupdll.dll v. 5.1.2600.0

The application is old HHD Sector Scan utility (Floppy Version) 3.0 from

SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR

archive.

Not clear why this utility tried to replace setup. Probably virus??

I checked file on online scanner, http://www.virustotal.com, and few

antiviruses show that there is a virus:

Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen

eSafe 7.0.17.0 2008.09.17 Suspicious File

Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware

eSafe 7.0.17.0 2008.09.17 Suspicious File

NOD32 and Kaspersky does not detected anything. Is this false positive? But

we know new viruses appears every day. Please give the advice.

-------------

"ju.c" <bibidybubidyboop@mailnator.com> wrote in message

news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl...

> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'.

>

>

>> "file version of the system file is 5.1.2600.5512"

>

> That is correct for WinXP SP3. 'Windows File Protection' has done its job.

> Everything looks fine.

>

>

> ju.c

>

>

> "Santander" <santander@microsoft.news> wrote in message

> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl...

>> Someone run untested self-extracting archive (executable) on work PC. I

>> checked Event Viewer tasks and find there:

>>

>> System -> Source: Windows File Protection

>>

>> Event Type: Information

>> Event Source: Windows File Protection

>> Event Category: None

>> Event ID: 64002

>> Date: 2008.09.17.

>> Time: 9:59:49

>> User: N/A

>> Computer: UserName

>> Description:

>> File replacement was attempted on the protected system file setup.exe.

>> This

>> file was restored to the original version to maintain system stability.

>> The

>> file version of the system file is 5.1.2600.5512.

>> For more information, see Help and Support Center at

>> http://go.microsoft.com/fwlink/events.asp.

>>

>> Has been replaced this system file or not?(is if was restored). What is

>> this file and where?

>>

>> Thanks.

>>

>>

Guest ju.c

Guest ju.c

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

It could be infected, or it could be a false positive. Hard to say.

If you don't need it, delete it.

To restore setup.exe, insert the Windows CD, if it auto starts select exit, and open the

Run box and enter:

sfc /scannow

ju.c

"Santander" <santander@microsoft.news> wrote in message

news:#Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl...

> I find no setup.exe in windows system32 folder, there is setupapi.dll v. 5.1.2600.5512

> setupdll.dll v. 5.1.2600.0

> The application is old HHD Sector Scan utility (Floppy Version) 3.0 from SalvationDATA

> Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR archive.

>

> Not clear why this utility tried to replace setup. Probably virus??

> I checked file on online scanner, http://www.virustotal.com, and few antiviruses show

> that there is a virus:

>

> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen

> eSafe 7.0.17.0 2008.09.17 Suspicious File

> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware

> eSafe 7.0.17.0 2008.09.17 Suspicious File

>

> NOD32 and Kaspersky does not detected anything. Is this false positive? But we know new

> viruses appears every day. Please give the advice.

>

> -------------

>

>

>

>

> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message

> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl...

>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'.

>>

>>

>>> "file version of the system file is 5.1.2600.5512"

>>

>> That is correct for WinXP SP3. 'Windows File Protection' has done its job. Everything

>> looks fine.

>>

>>

>> ju.c

>>

>>

>> "Santander" <santander@microsoft.news> wrote in message

>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl...

>>> Someone run untested self-extracting archive (executable) on work PC. I checked Event

>>> Viewer tasks and find there:

>>>

>>> System -> Source: Windows File Protection

>>>

>>> Event Type: Information

>>> Event Source: Windows File Protection

>>> Event Category: None

>>> Event ID: 64002

>>> Date: 2008.09.17.

>>> Time: 9:59:49

>>> User: N/A

>>> Computer: UserName

>>> Description:

>>> File replacement was attempted on the protected system file setup.exe. This

>>> file was restored to the original version to maintain system stability. The

>>> file version of the system file is 5.1.2600.5512.

>>> For more information, see Help and Support Center at

>>> http://go.microsoft.com/fwlink/events.asp.

>>>

>>> Has been replaced this system file or not?(is if was restored). What is this file and

>>> where?

>>>

>>> Thanks.

>>>

>>>

>

$Guest Pegasus \(MVP\)$

Guest Pegasus \(MVP\)

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

Here are the details for c:\windows\system32\setup.exe on my WinXP Pro

machine:

--a-- W32i APP ENU 5.1.2600.5512 shp 23,040 04-14-2008 setup.exe

Perhaps your file is hidden. If it is really missing then you can restore it

from the i386 folder of your WinXP installation CD. In this case the Windows

File Protection mechanism won't interfere.

"Santander" <santander@microsoft.news> wrote in message

news:%23Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl...

>I find no setup.exe in windows system32 folder, there is setupapi.dll v.

>5.1.2600.5512 setupdll.dll v. 5.1.2600.0

> The application is old HHD Sector Scan utility (Floppy Version) 3.0 from

> SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR

> archive.

>

> Not clear why this utility tried to replace setup. Probably virus??

> I checked file on online scanner, http://www.virustotal.com, and few

> antiviruses show that there is a virus:

>

> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen

> eSafe 7.0.17.0 2008.09.17 Suspicious File

> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware

> eSafe 7.0.17.0 2008.09.17 Suspicious File

>

> NOD32 and Kaspersky does not detected anything. Is this false positive?

> But we know new viruses appears every day. Please give the advice.

>

> -------------

>

>

>

>

> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message

> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl...

>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'.

>>

>>

>>> "file version of the system file is 5.1.2600.5512"

>>

>> That is correct for WinXP SP3. 'Windows File Protection' has done its

>> job. Everything looks fine.

>>

>>

>> ju.c

>>

>>

>> "Santander" <santander@microsoft.news> wrote in message

>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl...

>>> Someone run untested self-extracting archive (executable) on work PC. I

>>> checked Event Viewer tasks and find there:

>>>

>>> System -> Source: Windows File Protection

>>>

>>> Event Type: Information

>>> Event Source: Windows File Protection

>>> Event Category: None

>>> Event ID: 64002

>>> Date: 2008.09.17.

>>> Time: 9:59:49

>>> User: N/A

>>> Computer: UserName

>>> Description:

>>> File replacement was attempted on the protected system file setup.exe.

>>> This

>>> file was restored to the original version to maintain system stability.

>>> The

>>> file version of the system file is 5.1.2600.5512.

>>> For more information, see Help and Support Center at

>>> http://go.microsoft.com/fwlink/events.asp.

>>>

>>> Has been replaced this system file or not?(is if was restored). What is

>>> this file and where?

>>>

>>> Thanks.

>>>

>>>

>

Guest Santander

Guest Santander

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

I enabled to show hidden files, but there are no setup.exe

If this protected system file exist and the file "file was restored to the

original version to maintain system stability" as show th EventViewer, where

is this file?

Or it can be lost during SP3 update process? How to search for this file

with Search tool with advanced command to show hidden files?

To restore setup.exe from CD, how long this can take?

sfc /scannow

------------------

"Pegasus (MVP)" <I.can@fly.com.oz> wrote in message

news:uC0hT0XGJHA.4056@TK2MSFTNGP05.phx.gbl...

> Here are the details for c:\windows\system32\setup.exe on my WinXP Pro

> machine:

> --a-- W32i APP ENU 5.1.2600.5512 shp 23,040 04-14-2008 setup.exe

>

> Perhaps your file is hidden. If it is really missing then you can restore

> it from the i386 folder of your WinXP installation CD. In this case the

> Windows File Protection mechanism won't interfere.

>

>

> "Santander" <santander@microsoft.news> wrote in message

> news:%23Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl...

>>I find no setup.exe in windows system32 folder, there is setupapi.dll v.

>>5.1.2600.5512 setupdll.dll v. 5.1.2600.0

>> The application is old HHD Sector Scan utility (Floppy Version) 3.0 from

>> SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR

>> archive.

>>

>> Not clear why this utility tried to replace setup. Probably virus??

>> I checked file on online scanner, http://www.virustotal.com, and few

>> antiviruses show that there is a virus:

>>

>> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen

>> eSafe 7.0.17.0 2008.09.17 Suspicious File

>> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware

>> eSafe 7.0.17.0 2008.09.17 Suspicious File

>>

>> NOD32 and Kaspersky does not detected anything. Is this false positive?

>> But we know new viruses appears every day. Please give the advice.

>>

>> -------------

>>

>>

>>

>>

>> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message

>> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl...

>>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'.

>>>

>>>

>>>> "file version of the system file is 5.1.2600.5512"

>>>

>>> That is correct for WinXP SP3. 'Windows File Protection' has done its

>>> job. Everything looks fine.

>>>

>>>

>>> ju.c

>>>

>>>

>>> "Santander" <santander@microsoft.news> wrote in message

>>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl...

>>>> Someone run untested self-extracting archive (executable) on work PC. I

>>>> checked Event Viewer tasks and find there:

>>>>

>>>> System -> Source: Windows File Protection

>>>>

>>>> Event Type: Information

>>>> Event Source: Windows File Protection

>>>> Event Category: None

>>>> Event ID: 64002

>>>> Date: 2008.09.17.

>>>> Time: 9:59:49

>>>> User: N/A

>>>> Computer: UserName

>>>> Description:

>>>> File replacement was attempted on the protected system file setup.exe.

>>>> This

>>>> file was restored to the original version to maintain system stability.

>>>> The

>>>> file version of the system file is 5.1.2600.5512.

>>>> For more information, see Help and Support Center at

>>>> http://go.microsoft.com/fwlink/events.asp.

>>>>

>>>> Has been replaced this system file or not?(is if was restored). What is

>>>> this file and where?

>>>>

>>>> Thanks.

>>>>

>>>>

>>

>

>

Guest Santander

Guest Santander

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

I deleted it, but since other person launched that file on my PC, I have no

idea what modification it done.

Can EventViewer show wrong report?

-------------

"ju.c" <bibidybubidyboop@mailnator.com> wrote in message

news:OIP2WxXGJHA.4760@TK2MSFTNGP05.phx.gbl...

> It could be infected, or it could be a false positive. Hard to say.

> If you don't need it, delete it.

>

> To restore setup.exe, insert the Windows CD, if it auto starts select

> exit, and open the Run box and enter:

>

> sfc /scannow

>

>

> ju.c

>

>

> "Santander" <santander@microsoft.news> wrote in message

> news:#Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl...

>> I find no setup.exe in windows system32 folder, there is setupapi.dll v.

>> 5.1.2600.5512 setupdll.dll v. 5.1.2600.0

>> The application is old HHD Sector Scan utility (Floppy Version) 3.0 from

>> SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX RAR

>> archive.

>>

>> Not clear why this utility tried to replace setup. Probably virus??

>> I checked file on online scanner, http://www.virustotal.com, and few

>> antiviruses show that there is a virus:

>>

>> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen

>> eSafe 7.0.17.0 2008.09.17 Suspicious File

>> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware

>> eSafe 7.0.17.0 2008.09.17 Suspicious File

>>

>> NOD32 and Kaspersky does not detected anything. Is this false positive?

>> But we know new viruses appears every day. Please give the advice.

>>

>> -------------

>>

>>

>>

>>

>> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message

>> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl...

>>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'.

>>>

>>>

>>>> "file version of the system file is 5.1.2600.5512"

>>>

>>> That is correct for WinXP SP3. 'Windows File Protection' has done its

>>> job. Everything looks fine.

>>>

>>>

>>> ju.c

>>>

>>>

>>> "Santander" <santander@microsoft.news> wrote in message

>>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl...

>>>> Someone run untested self-extracting archive (executable) on work PC. I

>>>> checked Event Viewer tasks and find there:

>>>>

>>>> System -> Source: Windows File Protection

>>>>

>>>> Event Type: Information

>>>> Event Source: Windows File Protection

>>>> Event Category: None

>>>> Event ID: 64002

>>>> Date: 2008.09.17.

>>>> Time: 9:59:49

>>>> User: N/A

>>>> Computer: UserName

>>>> Description:

>>>> File replacement was attempted on the protected system file setup.exe.

>>>> This

>>>> file was restored to the original version to maintain system stability.

>>>> The

>>>> file version of the system file is 5.1.2600.5512.

>>>> For more information, see Help and Support Center at

>>>> http://go.microsoft.com/fwlink/events.asp.

>>>>

>>>> Has been replaced this system file or not?(is if was restored). What is

>>>> this file and where?

>>>>

>>>> Thanks.

>>>>

>>>>

>>

$Guest Pegasus \(MVP\)$

Guest Pegasus \(MVP\)

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

There are two ways in which this file can get lost:

1. You delete it by mistake.

2. It gets deleted by malware or by a virus.

The SP3 installation will NOT delete this file. You can restore it like so:

1. Click Start/Run/cmd{OK}

2. Type this command:

expand X:\i386\setup.ex_ c:\windows\system32\setup.exe{Enter}

(Replace X: with the drive letter of your CD drive)

"Santander" <santander@microsoft.news> wrote in message

news:eQbq$SYGJHA.5244@TK2MSFTNGP04.phx.gbl...

>I enabled to show hidden files, but there are no setup.exe

> If this protected system file exist and the file "file was restored to

> the original version to maintain system stability" as show th EventViewer,

> where is this file?

> Or it can be lost during SP3 update process? How to search for this file

> with Search tool with advanced command to show hidden files?

>

> To restore setup.exe from CD, how long this can take?

> sfc /scannow

>

> ------------------

>

>

>

> "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message

> news:uC0hT0XGJHA.4056@TK2MSFTNGP05.phx.gbl...

>> Here are the details for c:\windows\system32\setup.exe on my WinXP Pro

>> machine:

>> --a-- W32i APP ENU 5.1.2600.5512 shp 23,040 04-14-2008 setup.exe

>>

>> Perhaps your file is hidden. If it is really missing then you can restore

>> it from the i386 folder of your WinXP installation CD. In this case the

>> Windows File Protection mechanism won't interfere.

>>

>>

>> "Santander" <santander@microsoft.news> wrote in message

>> news:%23Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl...

>>>I find no setup.exe in windows system32 folder, there is setupapi.dll v.

>>>5.1.2600.5512 setupdll.dll v. 5.1.2600.0

>>> The application is old HHD Sector Scan utility (Floppy Version) 3.0 from

>>> SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX

>>> RAR archive.

>>>

>>> Not clear why this utility tried to replace setup. Probably virus??

>>> I checked file on online scanner, http://www.virustotal.com, and few

>>> antiviruses show that there is a virus:

>>>

>>> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen

>>> eSafe 7.0.17.0 2008.09.17 Suspicious File

>>> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware

>>> eSafe 7.0.17.0 2008.09.17 Suspicious File

>>>

>>> NOD32 and Kaspersky does not detected anything. Is this false positive?

>>> But we know new viruses appears every day. Please give the advice.

>>>

>>> -------------

>>>

>>>

>>>

>>>

>>> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message

>>> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl...

>>>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'.

>>>>

>>>>

>>>>> "file version of the system file is 5.1.2600.5512"

>>>>

>>>> That is correct for WinXP SP3. 'Windows File Protection' has done its

>>>> job. Everything looks fine.

>>>>

>>>>

>>>> ju.c

>>>>

>>>>

>>>> "Santander" <santander@microsoft.news> wrote in message

>>>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl...

>>>>> Someone run untested self-extracting archive (executable) on work PC.

>>>>> I checked Event Viewer tasks and find there:

>>>>>

>>>>> System -> Source: Windows File Protection

>>>>>

>>>>> Event Type: Information

>>>>> Event Source: Windows File Protection

>>>>> Event Category: None

>>>>> Event ID: 64002

>>>>> Date: 2008.09.17.

>>>>> Time: 9:59:49

>>>>> User: N/A

>>>>> Computer: UserName

>>>>> Description:

>>>>> File replacement was attempted on the protected system file setup.exe.

>>>>> This

>>>>> file was restored to the original version to maintain system

>>>>> stability. The

>>>>> file version of the system file is 5.1.2600.5512.

>>>>> For more information, see Help and Support Center at

>>>>> http://go.microsoft.com/fwlink/events.asp.

>>>>>

>>>>> Has been replaced this system file or not?(is if was restored). What

>>>>> is this file and where?

>>>>>

>>>>> Thanks.

>>>>>

>>>>>

>>>

>>

>>

>

Guest Santander

Guest Santander

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

I am sure I did not deleted this file. I copied this file from CD, though I

typed this command not in DOS box, but directly in Run window (by mistake),

so this also works.

File version. is 5.1.2600.5512

So the thing is what deleted it from system32 folder.

------------

"Pegasus (MVP)" <I.can@fly.com.oz> wrote in message

news:u1tA9yYGJHA.4992@TK2MSFTNGP04.phx.gbl...

> There are two ways in which this file can get lost:

> 1. You delete it by mistake.

> 2. It gets deleted by malware or by a virus.

>

> The SP3 installation will NOT delete this file. You can restore it like

> so:

> 1. Click Start/Run/cmd{OK}

> 2. Type this command:

> expand X:\i386\setup.ex_ c:\windows\system32\setup.exe{Enter}

> (Replace X: with the drive letter of your CD drive)

>

> "Santander" <santander@microsoft.news> wrote in message

> news:eQbq$SYGJHA.5244@TK2MSFTNGP04.phx.gbl...

>>I enabled to show hidden files, but there are no setup.exe

>> If this protected system file exist and the file "file was restored to

>> the original version to maintain system stability" as show th

>> EventViewer,

>> where is this file?

>> Or it can be lost during SP3 update process? How to search for this file

>> with Search tool with advanced command to show hidden files?

>>

>> To restore setup.exe from CD, how long this can take?

>> sfc /scannow

>>

>> ------------------

>>

>>

>>

>> "Pegasus (MVP)" <I.can@fly.com.oz> wrote in message

>> news:uC0hT0XGJHA.4056@TK2MSFTNGP05.phx.gbl...

>>> Here are the details for c:\windows\system32\setup.exe on my WinXP Pro

>>> machine:

>>> --a-- W32i APP ENU 5.1.2600.5512 shp 23,040 04-14-2008 setup.exe

>>>

>>> Perhaps your file is hidden. If it is really missing then you can

>>> restore

>>> it from the i386 folder of your WinXP installation CD. In this case the

>>> Windows File Protection mechanism won't interfere.

>>>

>>>

>>> "Santander" <santander@microsoft.news> wrote in message

>>> news:%23Hqd$fXGJHA.1268@TK2MSFTNGP05.phx.gbl...

>>>>I find no setup.exe in windows system32 folder, there is setupapi.dll

>>>>v.

>>>>5.1.2600.5512 setupdll.dll v. 5.1.2600.0

>>>> The application is old HHD Sector Scan utility (Floppy Version) 3.0

>>>> from

>>>> SalvationDATA Technology Inc. File name hsr3.0floppysetup.exe is SFX

>>>> RAR archive.

>>>>

>>>> Not clear why this utility tried to replace setup. Probably virus??

>>>> I checked file on online scanner, http://www.virustotal.com, and few

>>>> antiviruses show that there is a virus:

>>>>

>>>> Avast 4.8.1195.0 2008.09.17 Win32:Spyware-gen

>>>> eSafe 7.0.17.0 2008.09.17 Suspicious File

>>>> Ikarus T3.1.1.34.0 2008.09.18 Virus.Win32.Spyware

>>>> eSafe 7.0.17.0 2008.09.17 Suspicious File

>>>>

>>>> NOD32 and Kaspersky does not detected anything. Is this false positive?

>>>> But we know new viruses appears every day. Please give the advice.

>>>>

>>>> -------------

>>>>

>>>>

>>>>

>>>>

>>>> "ju.c" <bibidybubidyboop@mailnator.com> wrote in message

>>>> news:OvCfwBXGJHA.768@TK2MSFTNGP05.phx.gbl...

>>>>> The Windows file "setup.exe" is located in 'C:\WINDOWS\system32'.

>>>>>

>>>>>

>>>>>> "file version of the system file is 5.1.2600.5512"

>>>>>

>>>>> That is correct for WinXP SP3. 'Windows File Protection' has done its

>>>>> job. Everything looks fine.

>>>>>

>>>>>

>>>>> ju.c

>>>>>

>>>>>

>>>>> "Santander" <santander@microsoft.news> wrote in message

>>>>> news:erUoA4WGJHA.4056@TK2MSFTNGP05.phx.gbl...

>>>>>> Someone run untested self-extracting archive (executable) on work PC.

>>>>>> I checked Event Viewer tasks and find there:

>>>>>>

>>>>>> System -> Source: Windows File Protection

>>>>>>

>>>>>> Event Type: Information

>>>>>> Event Source: Windows File Protection

>>>>>> Event Category: None

>>>>>> Event ID: 64002

>>>>>> Date: 2008.09.17.

>>>>>> Time: 9:59:49

>>>>>> User: N/A

>>>>>> Computer: UserName

>>>>>> Description:

>>>>>> File replacement was attempted on the protected system file

>>>>>> setup.exe.

>>>>>> This

>>>>>> file was restored to the original version to maintain system

>>>>>> stability. The

>>>>>> file version of the system file is 5.1.2600.5512.

>>>>>> For more information, see Help and Support Center at

>>>>>> http://go.microsoft.com/fwlink/events.asp.

>>>>>>

>>>>>> Has been replaced this system file or not?(is if was restored). What

>>>>>> is this file and where?

>>>>>>

>>>>>> Thanks.

>>>>>>

>>>>>>

>>>>

>>>

>>>

>>

>

>

>

$Guest Pegasus \(MVP\)$

Guest Pegasus \(MVP\)

Posted September 18, 2008

Posted September 18, 2008

Re: Has been file replaced?

"Santander" <santander@microsoft.news> wrote in message

news:eNtEZKZGJHA.5084@TK2MSFTNGP02.phx.gbl...

>I am sure I did not deleted this file. I copied this file from CD, though I

>typed this command not in DOS box, but directly in Run window (by mistake),

>so this also works.

> File version. is 5.1.2600.5512

> So the thing is what deleted it from system32 folder.

I gave you the two possible reasons in my previous reply. Since this is your

machine and not mine, you're the best judge to pick the most likely one.

Share

https://extremetechsupport.com/topic/115720-has-been-file-replaced/

Go to topic listing

Similar Content
- File deleted, name changed or replaced error message
  
  By Guest Josh Butcher, October 3, 2024
  - 0 replies
  - 17 views
  - Guest
  - October 3, 2024
- how do i find the good file to replace the corrupted file?
  
  By Guest thatkid_12, September 9, 2024
  - 0 replies
  - 11 views
  - Guest
  - September 9, 2024
- Windows has been corrupted
  
  By Guest ArminAb, October 2, 2024
  - 0 replies
  - 16 views
  - Guest
  - October 2, 2024
- Email hacked and replaced
  
  By Guest Avi___S, September 11, 2024
  - 0 replies
  - 16 views
  - Guest
  - September 11, 2024
- hardware changes might not have been detected
  
  By Guest Mudassir_Tariq, October 15, 2024
  - 0 replies
  - 17 views
  - Guest
  - October 15, 2024

×

Browse
- Back
- Forums
- Resources
- Downloads
- Link Directory
- Online Users
- Staff
- Blogs
- Events
- Videos
- Leaderboard
Activity
- Back
- All Activity
- Search
- Our Picks
Site Info
Support

×

Create New...