Where can I get MD5 hash of system files?
WinXPTalk.com Forum Index WinXPTalk.com
Forums for Windows XP users.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winxptalk.com
Where can I get MD5 hash of system files?

 
Post new topic   Reply to topic    WinXPTalk.com Forum Index -> Windows XP General
Author Message
speeder
Guest
Posted: Fri May 20, 2005 12:26 am    Post subject: Where can I get MD5 hash of system files? Reply with quote
I want to make sure certain files that are named what they are, are
truly that. Where can I get Windows system files MD5 hashes?

I currently suspect ctfmon.exe to be something else, even if I delete
it from the system32 folder it comes back!

C:\WINDOWS\system32\ctfmon.exe
MD5 hash: f40bc97996b8e53799eef1d63996674b
15.360 bytes
version 5.1.2600.2180
OS: WinXP SP2

On a related subject, I´ve noticed that Msinfo32.exe utility will
check for system files that are not digitally signed. How does it do
that, with hash checksums?
Back to top
Doug Knox MS-MVP
Guest
Posted: Fri May 20, 2005 12:26 am    Post subject: Re: Where can I get MD5 hash of system files? Reply with quote
CTFMON.EXE is a valid windows file. The reason it keeps coming back when you delete it is that it is a protected system file. Windows XP keeps a backup copy of files that are considered critical and/or part of the operating system. If you delete one, its restored from the backup by Windows File Protection.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"speeder" <no.spam@invalid.com> wrote in message news:np5q81d4dlhomie9660fpgmhc31ko1k4mj@4ax.com...
Quote:
I want to make sure certain files that are named what they are, are
truly that. Where can I get Windows system files MD5 hashes?

I currently suspect ctfmon.exe to be something else, even if I delete
it from the system32 folder it comes back!

C:\WINDOWS\system32\ctfmon.exe
MD5 hash: f40bc97996b8e53799eef1d63996674b
15.360 bytes
version 5.1.2600.2180
OS: WinXP SP2

On a related subject, I´ve noticed that Msinfo32.exe utility will
check for system files that are not digitally signed. How does it do
that, with hash checksums?
Back to top
 
Post new topic   Reply to topic    WinXPTalk.com Forum Index -> Windows XP General All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Office Forums Access Forums Windows Server Exchange Server Help
New Topics Powered by phpBB