Posted 21 August 2010 - 06:35 PM
My AVG Antivirus Resident Shield recently popped up saying the following files were infected:
I know these are critical system files and it says so. Therefore, they cannot be uninfected or else it might damage the computer. The only solution I had was to run the WINNT32.EXE (/cmdcon) installer from the C:\WINDOWS\I386 folder so I could install the Recovery Console. I am now able to use it from startup and everything but once I enter the Administrator password I have no idea how to proceed. I had tried the SFC.EXE /SCANNOW solution, but since I don't have the XP Service Pack 3 Installation Disk with me, this won't work. I don't know how to use the Recovery Console commands, so does anyone know how I can replace the corrupted and infected system files listed above with their original version? This is really important and any good help soon would be greatly appreciated!
UPDATE: It appears my I386 backup copy of the WINLOGON.EX_ was also infected: I used the Recovery Center at startup to expand this backup copy and replace the current infected one in the system32 folder. The virus was still detected in the same location by AVG. The only solution I can find is to replace the infected winlogon.exe files (along with the explorer.exe ones) with a legitimate copy from another computer. I must either acquire a new Windows XP Media Center Edition (Service Pack 3) non-rewritable disk or copy the critical system files from another computer of the same version. Can this be solved by some means through Windows Update? Does anyone know where I can get copies of winlogon.exe and explorer.exe for this Windows edition? Thanks again for the help!