Is there any down side to replacing system files with Winzip extract?

By joelgayman ·
I have a client whose sysprep created OEM WinXP Home OS installation does not permit me to use the recovery console expand command to replace system and driver files that have been altered on his system by the very malicious Backdoor.Tidserv trojan. And I don't have a slip-streamed XP Home installation CD with the SP3 files in any case.

Is there any risk or downside to just going to the C:\WINDOWS\Driver Cache\i386\SP3 or driver archives on his hard drive and using Winzip to extract, rename and move the system files I need back to back to their original locations (after making sure that the date stamp and size of these files are the same as the original ones I need of course)?

I may be nuts, but this seems to be a much, much simpler and quicker method than using the recovery console to expand the files I need back to their original locations from the XP installation disc, presuming you even have a disc with the necessary SP3 versions of the system files.

Any thoughts you have about using the method above instead of the using the recovery console and the expand command would be appreciated.

Thanks in advance!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Will WinZip do it?

by seanferd In reply to Is there any down side to ...

If so, I don't see a problem. But you need to see if WZ will mimic the Windows expand command - try to expand a file to your desktop with WZ and see if you get a valid file, or if WZ says that the source file is not a valid archive. (Files that have an extension ending in an underscore _ need to be expanded.)

If the source file is a normal file, but just in a Windows cabinet file or compressed folder, it should work just fine, assuming that the file is not in use by the OS at the time, and will not be automatically replaced by a copy from dllcache or something.

Collapse -

WinZip seemed to work just fine extracting Win system files

by joelgayman In reply to Will WinZip do it?


Thanks for responding to my question so quickly!

The Sp2, Sp3 and driver archives in C:\WINDOWS\Driver Cache\i386 are regular compressed folders that Winzip views as Winzip archives if you have Winzip pre-installed. And they certainly seem to contain normal Windows system files and not ones ending in an underscore that need to be expanded.

When you double click an archive, Winzip opens it, allows you to view all the files inside and then permits you to extract any system or driver file(s) you want to any location on your PC prior to reinserting them where you need them.

I compared the date stamps and file sizes of the files I extracted in this way with some of the same file names in my windows\system32 directory, and they seem to be identical copies of most of the existing system files (though Windows updates may have replaced some of them with newer versions than those that originally came with Sp3).

Assuming a system still boots and can run Winzip or WinRar, this is a much, much easier procedure for restoring original Windows system files after they have been corrupted or altered by malware than using the Windows Recovery Console to replace them from the Windows installation discs, especially when you're working on systems that never came with an original installation disc to begin with or have a disc that does not have the relevant service packs. You could also just copy the entire i386 directory to a CD or USB drive and take it along with your notebook when you need to replace system files on systems that have missing or corruped system files.

I've only tried this method with XP thus far, and I don't know if it also works with Vista and Win 7. But if it does, I should post this workaround on Technet and somewhere useful here on Techrepublic as well.

I doubt I've really discovered some heretofore unknown technique. But I should probably send this forum thread to Bill Detwiler just in case!

Thanks once again for your help.

Joel Gayman
Do-it-Yourself IT
Los Angeles, CA

Collapse -

If the target OS is unusable,

by seanferd In reply to WinZip seemed to work jus ...

in those cases, consider booting off a live CD or slaving the drive into another system. You can then easily, in a graphical environment, replace files while the target OS is offline. This way you can also run any expand operations if necessary. I've noticed that there seem to be fewer files that require expanding, but they are still around. There are some in a standard XP install in the root of the i386 folder (not in a cabinet file).

And Windows Explorer will also open the standard cab file as well as WinZip, WinRAR, or 7-Zip. I agree entirely that this method is easier by far than using Recovery Console if it isn't necessary.

I'd imagine your method would work fine for Vista and 7.

I'm glad I was able to be some help.

Related Discussions

Related Forums