How to read files not through win DLLs but directly from sectors/partition?

pstein

Extraordinary Member
#1
I assume I have a trojan which replaced a certain windows core DLL by a modified version.

When I list all files in a directory (e.g. C:\widnows\system32\) in Windows Explorer then certain files are not visible.
Yes, I checked unhide hidden files on unprotect system files in WinExp options.

So actually ALL files must be visible which is not the case.

Is there a win-explorer-like tool which does not use this faked win DLL and instead read all files DIRECTLY from hard disc sectors?

At least some backup tools do this for performance reasons.
But these backup tools are no usable for investigating and listing files like Windows Explorer does.

Peter
 


patcooke

Microsoft MVP
Staff member
Premium Supporter
Microsoft MVP
#2
Try running the system file checker:

Run a command prompt by right clicking it and running as administrator then entering the command:

sfc /scannow
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top