System Files Infected

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


While uninstalling Comodo (an app from Cnet) , my system stalled.  Had to
shut down using the On/Off button.  After trying to reboot, I found I was
infected and my system tried to fix the problems - but couldn't.  I use
ERUNT and have a Raid 1 backup system.  I was able to get into a prompt
mode and used ERUNT to get my system going.  I used my backup to restore
everything back to a time when I didn't have Comodo installed.  The
system booted.  Then, I used Avira Free Version but it found five
unsigned system files.  I tried System File Recovery - but I have an HP
Pavilion laptop which does not have an original Vista disk.  It only has
a partition which is supposed to restore the system back to it's store
bought condition.  I don't want to do this and believe if I had the I386
folder, I could used System File Checker to replace these unsigned files.
NOTE:  I also ran my backup on the partition that is used for Restore
(and it found files that (I don't think) should have been there.  In any
case, the backup corrected that partition since I only ran two backups of
it since I've owned the laptop.  Bottom line:  I need a way to fix those
five unsigned system files.  Please help.......

Re: System Files Infected



wrote:

Quoted text here. Click to load it

Specifically, the errors I get from Avira Free are:

HEUR/Modified.system file  (for the folloowing five files):
svchost.exe
wsock_32.dll
w32_32.dll
csrss.exe
alg.exe

Re: System Files Infected



Hello, The!

You wrote on Sat, 27 Mar 2010 21:00:53 -0400:

 ??>> laptop.  Bottom line:  I need a way to fix those five unsigned system
 ??>> files.  Please help.......

 TL> Specifically, the errors I get from Avira Free are:

Let Avira delete them, then (maybe) replace them from your original OS CD.

Worth a cry. :) or try.



--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: System Files Infected



On 3/29/2010 5:17 PM, gufus wrote:
Quoted text here. Click to load it
He probably doesn't have a cd, a restore partition which is probably an
image.
I swear by imaging programs, first thing I did with my laptop was make
my own image.

Re: System Files Infected



Hello, Dave!

You wrote on Mon, 29 Mar 2010 21:34:45 -0400:

 DC> I swear by imaging programs, first thing I did with my laptop was make
 DC> my own image.

I never did setup any imaging programs.

Can you suggest a few /good/ ones?

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: System Files Infected




Quoted text here. Click to load it

Acronis TrueImage is probably one of the defacto standards now. I've always
been a fan of Norton Ghost myself.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: System Files Infected





Quoted text here. Click to load it






| Acronis TrueImage is probably one of the defacto standards now. I've always
| been a fan of Norton Ghost myself.


Symantec Ghost -- The only Symantec product I swear by and not swear at!


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: System Files Infected



Hello, David!

You wrote on Wed, 31 Mar 2010 23:31:01 -0400:

 DHL> Symantec Ghost -- The only Symantec product I swear by and not swear
 DHL> at!

I sware at Symantec <.>

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: System Files Infected




| Hello, David!

| You wrote on Wed, 31 Mar 2010 23:31:01 -0400:

DHL>> Symantec Ghost -- The only Symantec product I swear by and not swear
DHL>> at!

| I sware at Symantec <.>

Tag -- You're it.

USB DOS driver and DOS CONFIG.SYS instructions.




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: System Files Infected



Hello, David!

You wrote on Thu, 1 Apr 2010 18:09:44 -0400:

DHL> Tag -- You're it.

Hehe... I'll go jump on my server, I'm away on my notebook right now.

 DHL> USB DOS driver and DOS CONFIG.SYS instructions.

:-)

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: System Files Infected



            News: alt.comp.virus,alt.comp.anti-virus [Thu, 01 Apr 2010
03:04:12 GMT @169]

            Subject: Re: System Files Infected

      Hello, Dustin!

      You wrote on Thu, 01 Apr 2010 03:04:12 GMT:

      Acronis TrueImage is probably one of the defacto standards now. I've
always
      been a fan of Norton Ghost myself.

      Thanks
      --
      With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: System Files Infected



Quoted text here. Click to load it

I discovered that having my Seagate or Maxtor drives entitles me to a
free imaging program (powered by Acronis). It is not as versatile as the
full blown TrueImage program, but it suffices for making backups. The
one I have is called MaxBlast, but they may have newer offerings and
other drive manufacturers may have offerings also.



Re: System Files Infected



wrote:

Quoted text here. Click to load it

I use Macrium Reflect Free:
http://www.macrium.com/reflectfree.asp
(don't forget to make a "Rescue CD" for restoring)

I do a weekly back-up (image) of my C:\-partition with Win7.
(takes less than 10 minutes.)
Restoring (via the CD or a USB) works fine, I restored several times.

--
Fred W. (NL)

Re: System Files Infected



Hello, FredW!

You wrote on Thu, 01 Apr 2010 13:49:33 +0200:

 FL>> Can you suggest a few /good/ ones?

 F> I use Macrium Reflect Free:
 F> http://www.macrium.com/reflectfree.asp

Thanks Fred :)

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: System Files Infected




| Hello, FredW!

| You wrote on Thu, 01 Apr 2010 13:49:33 +0200:

FL>>> Can you suggest a few /good/ ones?

F>> I use Macrium Reflect Free:
F>> http://www.macrium.com/reflectfree.asp

| Thanks Fred :)

http://clonezilla.org /

http://www.easeus.com/disk-copy/index.htm

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: System Files Infected



Hello, David!

You wrote on Thu, 1 Apr 2010 18:12:41 -0400:

 FL>>>> Can you suggest a few /good/ ones?

 DHL> http://clonezilla.org /
 DHL> http://www.easeus.com/disk-copy/index.htm

Thanks David :-)
--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: System Files Infected




Quoted text here. Click to load it

I use Acronis True Image Home to make a disk image once a week
automatically to a seperate internal drive.
I use Second Copy to update all my modified documents to a network computer
every night, so the most I stand to lose is one day's changes.
Acronis Disk Director is also an excellent application and in my option has
Norton's Partition Magic all beat to hell.
True Image and Disk Director can both be mounted on a single CD if you have
both apps installed.
I formerly used Ghost and Laplink to perform the above routines but due to
Windows 7 incompatibilty issues I wound up using Acronis and Second Copy.
Both work flawlessly and in the background.

--
        --- Everybody has a right to my opinion. ---

Site Timeline