Missing Files in C:\Windows\System32\Drivers

Folks,

We could use some good suggestions from anyone that has them. Our company was hit with probably the nastiest virus I have ever seen in all the years I've worked in IT (2016 version of the Quakbot). We have over 1000 Windows XP machines that we can't upgrade due to instrumentation they're connected to. Out of that 1000 computers I would say about 800 of them have had all the files in the C:\Windows\System32\Drivers folder deleted. Without having to reinstall all the computers we are wondering if anyone has any suggestions on how we can repair these PC's without having to redo each one and then configure the instrument software.

- We tried doing a system restore and that didn't work
- We also didn't have any luck with running Windows Repair.
- we tried booting to Hiren's boot CD and copying the files from a working Windows XP machine and that worked for a very small handful but we started running into too many that it didn't work for so we stopped. Are we missing something here that we need to do first? This would be the quickest method to getting these computers back online.

The errors that we get are while it's loading it stops on the DOS loading screen and says Missing c:\windows\system32\drivers\PCI.sys. If you copy that file over it stops on the next one (example C:\windows\system32\mups.sys)

We have been able to start cleaning off the virus but instrument computers are extremely difficult to reinstall and setup so we would be ever so grateful if anyone has any suggestions.

 

there are over 3000 files that the WFP keep up to date , do not know how it can be automated, but you should extract all the files in the i386 folder of a cd/flash drive that has xpxp3 slipstreamed onto it, then copy all files to the system32 folder.

you could do a repair install, thus not losing any data, but you would have to uninstall IE8 first and if you installed service pack 3 separately then you would have to uninstall that also, unless you can slipstream it onto your cd before doing the repair.

--------------------

if you had a drive image, then it would be no time at all for you to reinstall.

----------

cannot think of any other way to do this, but if you can image a working, virus free pc, then you could reinstall on all the rest, 30 minutes versus hours,

 

I'll pass this and all suggestions to my technicians. Thank you!! PS - I wish we had drive images also but we don't.

 

OK, good luck!