msls51.dll removed by Virus software now PC won't work

Hi there
I logged on tonight after a few days away and my weekly virus scan kicked in (I used Virgin Media Total Security). A few minutes later, a message displayed that a Trojan had been detected and a restart was required to complete the removal. I duly did so and after restart, started getting lots of messages that the msls51.dll was missing and as a result, a number of exe's won't load - explorer, userinit, taskmgr etc. I have a blank desktop and I can't access any files. I can get into DOS but it's been a while for remembering how to access logs etc.

I can't tell you much about the PC from memory - it's just a year old, AMD twin core( both either 2.6 or 3.0 can't remember) , 2BG ram, I run WinXP SP3. Always updated with latest patches etc.

Can anyone start to help me navigate through?

Thanks

D

Hello and welcome to BleepingComputer

When you have the blank desktop, press Windows Key + R. Does this bring up the runbox? If so, type sfc /scannow and press enter and let me know if the System File Checker starts.

I can get into DOS but it's been a while for remembering how to access logs etc.

How did you get in the command line? Using your CD?

[quote]When you have the blank desktop, press Windows Key + R. Does this bring up the runbox? If so, type sfc /scannow and press enter and let me know if the System File Checker starts.[quote]

Nope, it does nothing

[quote]How did you get in the command line? Using your CD?[quote]

I got in using both Windows Recovery Console from start up and also selecting Safe Mode with DOS prompt.
It won't boot up with my system installation DVD of Win XP.

Please download ARCDC from Artellos.com.

• Double click ARCDC.exe
• Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
• You will be prompted with a Terms of Use by Microsoft, please accept.
• You will see a few dos screens flash by, this is normal.
• Next you will be able to choose to add extra files. Select the Default Files.
• The last window will allow you to burn the disk using BurnCDCC
  
• If your PC is not booting from the CD, you need to change the boot order:
  • Restart your PC
  • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
  • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
  • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
  • The tab should now show your current boot order.
    If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
  • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
• Your PC should now boot from your XP-CD.
  Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  
  
• When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  
  
• When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.
  
  
• A command prompt will open

Type the following bolded lines and hit enter after each of them.

cd system32

ren uxteme.dll uxtheme.vir

copy c:\windows\servicepackfiles\i386\uxtheme.dll uxtheme.dll

You should now see: 1 file(s) copied.

Type EXIT and press enter to restart your computer and let me know if things are back to normal.

Hi Elise

I've followed the instructions (some DOS coming back to me!!) and I'm getting the message:

The system cannot find the file specified.

D

Elise

Just had a look in the System32 directory and the uxtheme.dll has a further file extension of:

uxtheme.dll~RFa7180a0.TMP

Should I use this in the ren line?

Good job, that should be the legit file

cd system32

ren uxteme.dll uxtheme.vir

copy uxtheme.dll~RFa7180a0.TMP uxtheme.dll

However, if you already renamed uxtheme.dll to uxtheme.vir, you can try to boot normally and with a bit of luck Windows File Protection should replace the file.

Nope. I'm now gettign the message:

This application has failed to start because the UxTheme.dll was not found. Re-installing the application may fix this problem.

I checked in the System32 file before re-starting and the .TMP version and the .VIR are there.....

Okay, please do the steps from my last post in the Recovery Console.

Elise

You are a STAR!! It worked this time so I was obviously doing something wrong!

thanks so much for all your help!

D

Please let me know if you have any other problems