Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Critical System Files - INFECTED (Win32/Patch)


  • Please log in to reply
No replies to this topic

#1 CarlosM

CarlosM

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 20 August 2010 - 02:57 PM

My AVG Antivirus Resident Shield recently popped up saying the following files were infected:

c:\WINDOWS\system32\winlogon.exe
c:\WINDOWS\system32\dllcache\winlogon.exe
c:\WINDOWS\explorer.exe

I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!

UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new Windows XP Media Center Edition (Service Pack 3) non-rewritable disk or copy the critical system files from another computer of the same version. Can this be solved by some means through Windows Update? Does anyone know where I can get copies of winlogon.exe and explorer.exe for this Windows edition? Thanks again for the help!

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users