Re: Fix Missing ntoskrnl.exe?

  • Thread starter Thread starter Pegasus \(MVP\)
  • Start date Start date
P

Pegasus \(MVP\)

Chris LeFebvre said:
My neighbor asked me to take a look at this problem on their computer,
they're getting a <Root>\system32\ntoskrnl.exe missing error on boot.
According to what they say the machine was working fine when they used
it one morning after which they shut it down normally and when they
started it up in the evening they got this message.

As per one of the other posts here about this problem I booted it up
with the Win2K cd and tried to do a repair but I was asked for some type
of repair or rescue disk which they don't have. On my machine I noticed
that there are several copy's of the ntoskrnl.exe file on the disk, in
\winnt\system32, in \winnt\driver cache\i386 and in
c:\winnt\servicepackfiles\i386. I notice that that all are of an
identical size and the two in System32 and driver cache have the same
date and time stamp. I'd hoped that if I could get to the console I
could just copy the file back from another location and hopefully
everything would be all right, however when I get to the point where I
have to enter the administrator password (which I'm fairly sure is
blank) it won't accept any of the few things that it would be.

Is there anything that can be done to fix this?

Thanks,

- Chris LeFebvre
Click to expand...

This problem is often caused by

a) an incorrect setting in c:\boot.ini, or
b) a corrupted version of c:\boot.ini
c) a damaged drive C:

Get yourself a Win98 boot disk from www.bootdisk.com,
boot your friend's machine with it and check if you can
see drive C:. If you cannot then it may be an NTFS
partition - get a copy of ntfsdos.exe from
www.sysinternals.com, run it, then examine drive C:.
Type this command:

type c:\boot.ini

What do you see? Did you need ntfsdos.exe?
 
Chris LeFebvre said:
Okay, here's what I was able to find out:

I took the hard drive out and put it in as a secondary drive on my Win2K
machine and (the two partitions on the drive are both NTFS) once I was
able to access it I first scanned for virus's which I did in fact find.
There were three files infected with a virus called w32.mylife.n@mm and
according to the Symantec encyclopedia it can attempt to delete files on
the hard drive. I searched the drive and was unable to find any copy's
of the ntoskrnl.exe file.

The boot.ini file that you asked me about contained this:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows 2000
Professional" /fastdetect

so my next question is how can I get a valid ntoskrnl.exe file back on
this computer?

Thanks,

- Chris LeFebvre
Click to expand...

You can copy ntoskrnl.exe from your machine to the
problem disk. It is located in c:\windows\system32.

However, seeing that the machine was infected by a virus,
I doubt if this will solve the problem. I think a re-installation
over the top of the existing installation is the very least
that is required, perhaps even a full installation into a
different folder, followed by the installation of a proper virus
scanner.
 
Okay, here's what I was able to find out:

I took the hard drive out and put it in as a secondary drive on my Win2K
machine and (the two partitions on the drive are both NTFS) once I was
able to access it I first scanned for virus's which I did in fact find.
There were three files infected with a virus called w32.mylife.n@mm and
according to the Symantec encyclopedia it can attempt to delete files on
the hard drive. I searched the drive and was unable to find any copy's
of the ntoskrnl.exe file.

The boot.ini file that you asked me about contained this:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows 2000
Professional" /fastdetect

so my next question is how can I get a valid ntoskrnl.exe file back on
this computer?

Thanks,

- Chris LeFebvre
 
Back
Top