  flashman0 08:40 27 Nov 03

have foolishly deleted a file called "svchost.exe" from the windows registry is there any way to recover this file this was don in an attempt to get rid of a virus


  temp003 09:16 27 Nov 03

Have you deleted the file itself, or deleted references to the file in the windows registry, or both?

If you're using XP, see if you can find a restore point which is after you remove the virus file but before you delete the file /references to the file in the registry (it's still risky because system restore may still have the virus somewhere - if the virus is not destructive, you can try it and remove it again).

Otherwise, the file itself (in XP) should be in C:\WINDOWS\system32.

There's another copy of it in C:\WINDOWS\system32\dllcache (part of Windows file protection). The dllcache folder is a hidden folder (enable show hidden files and folders in Folder Options, View tab, possibly need to untick Hide protected operating system files, not sure). Just copy it back to the system32 folder.

If it's not there either, or is a corrupted copy, you can find it on your Windows CD, inside the i386 folder, called svchost.ex_

To extract it from the CD, insert CD, and exit the popup window when it opens. Then click Start, Run, type cmd and press Enter. The cmd window will open.

At the prompt, type:

expand x:\i386\svchost.ex_ c:\windows\system32\svchost.exe

and press Enter (where x is the drive letter for your cdrom, and note that there's a space after the word expand, and a space after ex_) After it's done, exit cmd.

But if you have deleted references to the file in the registry, then I assume you have not made any backup of the registry nor can you remember what you deleted (otherwise you would not be asking). Then you should do a reinstall of Windows (a repair reinstall - installing a fresh copy of Windows over the existing copy without formatting). You will keep data and programs, but will need to reinstall Windows updates since the CD version.

  Jakey boy 09:24 27 Nov 03

Of your registry by clicking "Start" "Run" and typing scanreg /restore. Select a date prior to your deleting the said entry. Should work unless you've deleted anything else related.

