The Windows System32 Directory: What It Is and Why You Can’t Delete It

Spend some time on the internet, and you’ll probably come across a jokester telling you to delete the System32 folder on your computer. But what is this mysterious Windows folder, and why would someone tell you to delete it?

Beyond that, what would happen if you did delete System32? Let’s take a look at the facts.

What Is System32?

System32 is a folder included in every Windows version since Windows 2000. It’s located at C:\Windows\System32 and includes all sorts of files and folders that are vital to keep Windows functioning properly.

There are far too many files in System32 to discuss individually, though a user on Symantec’s forums has explained a lot of them if you’re interested. In general, you can break the majority of System32’s contents into two groups:

DLL (Dynamic Link Library) files allow programs to access parts of Windows and perform standard tasks. For instance, one DLL file might allow the computer to play audio, while another could enable automatic Windows Updates. Many DLLs start as soon as you boot your computer. Windows couldn’t start without them, which is why DLL errors are a big pain.

EXE (Executable) files are software applications and utilities. You start an executable every time you open software like Word or Chrome. But the EXE files in System32 are more important: aside from Windows utilities like the Event Viewer (eventvwr.exe), these include executables for vital processes like winlogon.exe. Without this, you couldn’t even sign into your PC.

Aside from these, System32 also contains a drivers folder (whose contents lets your computer interface with various hardware), language files, and more.

How to Delete System32 on Windows

Despite the jokes online, deleting System32 isn’t a one-click affair. Since it’s a protected system folder, Windows will deny you access if you try to delete it. This is enough to deter inexperienced users from accidentally deleting the folder.

However, if you’re persistent, you can continue along your path of destruction. Taking ownership of the folder lets you attempt to delete it, but Windows blocks this again since there are files in use inside System32.

To get around this, you could start deleting individual files inside System32 or use the Command Prompt for more efficient deletion. If you did this, Windows would let you delete files that weren’t currently in use.

What Happens When You Delete System32?

If you proceed with deleting random files in System32, your computer will begin a slow collapse. Basic functions, like launching programs, searching via the Start Menu, and opening Windows utilities won’t work anymore since you deleted their files.

Depending on what you delete, you probably won’t even be able to shut down your computer normally. Once you do a hard shutdown and reboot, you’ll likely find that Windows won’t boot without those critical DLLs. Obviously, your Windows installation is toast.

If you went this far, you’d have to reinstall Windows to get everything working properly again. Obviously, Windows protects this folder for a reason. If it wasn’t protected and someone didn’t know better, they might try to delete the folder to save space and end up with a nasty surprise.

System32 vs. SysWOW64

On 64-bit versions of Windows, you’ll notice a few folder differences, like the separate Program Files (x86) directory. Something similar occurs with System32: in the C:\Windows folder on a 64-bit system, you’ll find a folder called SysWOW64 in addition to System32.

Take a look, and you’ll see that the two folders essentially contain files with identical names. Like Program Files (x86), Windows includes two directories for compatibility with 32-bit programs. If a 32-bit program tried to load a 64-bit DLL, it would crash.

But what’s strange is that on 64-bit systems, System32 has 64-bit files, while SysWOW64 contains 32-bit files. As it turns out, WoW64 stands for Windows 32-bit on Windows 64-bit. This is a service that allows the OS to properly run 32-bit programs, even on a 64-bit system.

System32 and SysWOW64

Part of how it accomplishes this is by automatically redirecting 32-bit processes to use the proper folders. A 32-bit program, not even knowing that 64-bit software exists, will naturally try to access the System32 folder. But WoW redirects it to use the SysWOW64 instead. The same happens with Program Files.

Since many 32-bit programs were hardcoded to access System32 and Program Files, this redirecting method allows 32-bit and 64-bit programs to both work on one system with ease. It’s a bit confusing, but now you know the reason for it.

What About System32 Viruses?

It’s possible that a virus or other malware infection could hide in System32. A rootkit may try to invade the folder and disguise itself as a legitimate process, which you might notice due to unusually high CPU usage.

If you suspect you have a System32 virus, you shouldn’t try to delete or modify any affected files. You have a better chance of accidentally damaging your system than you do cleaning the infection that way.

Instead, you should scan with a trusted antivirus program, then follow up with an anti-malware scanner like Malwarebytes.

Getting Acquainted With System32 on Windows

Now you know all about System32, what it does, and what would happen if you deleted it.

If you don’t remember anything else, just know that System32 contains a collection of vital files that Windows needs to work properly. You can’t delete System32 without intentionally circumventing built-in protections, and you’ll need to reinstall Windows if you trash the folder.

For more like this, check out Windows oddities that will make you wonder.



via MakeUseOf https://ift.tt/2KagtOg

Comments