Incanus

Member
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Incanus

  • Rank
    New Member
  1. Of course - yes, I can look through the Quarantine with a-squared. Silly me. Thanks again.
  2. Done! Thank you very, very much!! With that info I was able in Linux to copy over the dll from another location on the PC (Windows\SoftwareDistribution\Download\...) into system32. Rebooted and presto! Straight back into Windows. Not sure yet about the redirecting - will have to wait till I can get the machine online tonight at home, can't do that here at work. And the version of of ws2_32.dll there now is 5.1.2600.5512. I had a search on the web and can't see any references to a v6.1.2600.2180 - that number mostly refers to corpol.dll. But anyway, I'll tackle the system with some anti-rootkit tools to be sure, then whack on XP SP3 and run Windows updates which should get it as up to date as it can be. Will bear in mind, though, what you said about the danger of the integrity of the whole system still having been compromised. I'd originally said to my friend, just based on his description of the problems, that sometimes the only way to be completely sure is to backup data, format and reinstall Windows. Final question, if I may: were there any other files, or records of other files, that you saw had been removed in what I sent? Just because I'm sure that there was more than one filename in the list that A-Squared said it would quarantine for me, and I'm just a bit concerned that something else might prove not to be working further down the line. Once again, heartfelt thanks for your help, Fabian.
  3. Thanks for that, Fabian. I'll zip up the files and send them to that address. I did warn my friend that a fresh Windows install might be needed - his parents had been running it for a while without any AV on and the firewall off. I'd downloaded some rootkit checkers and they were going to be my next stop after A-Squared...!
  4. Thanks, Lynx. I'd agree with your first statement! Wish I'd read the sticky first; I'm normally more careful than that. I can't boot Windows at all - not normally, not into Safe Mode, nor Last Known Good Configuration - hence the Linux malarkey, and so System Restore isn't available. And "when and if the system will be functional" is where I'm trying to get to! Have copied off the files. Thanks for the SQLiteSpy suggestion - I ran it but couldn't get anywhere with my .DB3 file, so will submit - see below response.
  5. A friend gave me his parents' XP Home PC to look at for them. I ran Malwarebytes' AntiMalware, SuperAntiSpyware and Avira and they found and cleaned lots of infections. All seemed well, so I then put it online last night and found IE7 was being redirected to other sites. It clearly still wasn't completely clean, so I decided to give a-squared a go. I used the latest version as of last night (fresh download). It found several problems and recommended quarantining a bunch of files. I was going to note their names and locations, but foolishly didn't - IIRC they were dll's in Windows and Windows\System. I should have researched them, but it was late and I was tired - I think I'd hoped that some auto-un-quarantine feature would kick in if it all went wrong. There had been so many infections before that I just assumed these "system" files were actually rogue files placed in the system folders. Now, when Windows boots up, I get a blue screen, stop code (c000021a), fatal system error (0xc0000135) and "the windows logon process system process terminated unexpectedly" and it just won't boot. Is there any way of getting these files out of quarantine? I've booted to a Linux live CD (Puppy) and nosed around, but they seem to be encrypted or something (well, that's the contents of the "Quarantine" directory, anyway). There's also a submit.dat file there - would that be of any use? It just looks like a list of three long hex numbers. I did click on a "submit for inspection to Emsi" button for some files last night, but IIRC they weren't the ones that were quarantined. The "logs" directory just has a file "a-squared.db3" which I can't get to open in a text editor; I'd bene hoping it would at least tell me the names of the files that were quarantined so that I could copy them off another XP Home machine, but this too seems to be a no-hoper. Can anyone offer any advice please? Thanks a lot.