Recovering modified NT kernel dlls

Discussion in 'Malware Help (A Specialist Will Reply)' started by crashed-again, Jun 10, 2005.

  1. crashed-again

    crashed-again Private E-2

    I was infected with the Startpage.AY virus. It was detected and repaired by AVG Free. My computer continues to start very slowly and whenever I run AVG it shows the following files with the status 'CHANGED'.

    c:/windows/system32/kernel32.dll
    wsock32.dll
    user32.dll
    shell32.dll
    ntoskrnl.exe

    I assume these files were modified by the virus and AVG is unable to repair them. How do I clean them? System restore is off. My copy of XP is up to date with all patches, SP2, etc. I cannot reinstall SP2 because Windows update thinks its already installed. Can I obtain a clean copy of these files somewhere or do I have to completely reinstall XP? :confused:
     
    crashed-again, Jun 10, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should be able to find kernel32.dll and ntoskrnl.exe here: C:\WINDOWS\SYSTEM32\DLLCACHE

    The other files should all be in your c:\i386 folder (or it could be c:\windows\i386)
    They maybe compressed. If the are compressed the names will be:
    wsock32.dl_
    user32.dl_
    shell32.dl_

    You will need to expand them using the expand.exe command at a command prompt window.
     
    chaslang, Jun 10, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds