Deleted files magically appear

[Morcarak]

Greetings Noble Tech Warriors

Question: Does system files reappear either after renaming them or deleting them?
Files for example:

ndisuio.sys, ntoskrnl.exe, svchost.exe, lsass.exe, explorer.exe, iexplorer.exe, services.exe, clbcatq.dll, pchsvc.dll I'm sure there's more...

I suspect they don't just reappear, did some searching around on your forum and the closest one resembling my situation is the

http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/21/pid/83/qid/360745

After deleting them, the winlogon.exe has considerable CPU usage, around 30%, then goes back to normal with the new file.

Also the ndisuio.sys has constant inbound calls on the sygate firewall around 80 million blocks in one day.
Approx 50 thousand blocks on the ntoskrnl.exe a day.

When i boot up on safe mode the files stay deleted so i'm concluding that there is a piece of code either in the registry or deep somewhere else to duplicate these files.

Any help provided would be considerably useful

Thanks

Morcarak

 

[ChicagoJim]

The files you listed are critical Windows system files. Even if you could delete them, you shouldn't. The operating system depends on them.

It looks to me like your running either Windows 2000 or XP. Both have a feature called Windows File Protection (WFP), which does exactly what you describe. It replaces OS files that are renamed or deleted in order to maintain system stability. If you open up the Event Viewer (found under Start/Settings/Control Panel/Administrative Tools), you'll see an event in the log file stating that WFP restored the file you tried to delete.

If you could post a sample of the log entries that concern you, perhaps we can determine if you should be alarmed or not. Black out the last octet of your IP address when you post it though (i.e. 192.168.0.XXX)