Ross S. W. Walker wrote:
You can fix it all from CentOS.
I'm going to reply with some more details.
Install CentOS plus kernel with NTFS support.
Insert cdrom. Use the ported "expand" app to expand the user32.dl_ out
The "expand" app is called "cabextract" it can be found in the EPEL repo or the "extras" repo in Fedora.
of the i386 directory on the cd-rom (or an extracted copy of your latest service pack), and then mount your NTFS partition read-write, and copy the user32.dll into the windows\system32 directory, and possibly the windows\system32\dllcache.
It IS also in dllcache, and the fact that the trojan bypassed the windows system file recovery means that it is probably a rootkit.
You need to run some kind of rootkit detection and cleaner on the system before it reboots or else it will just reinstall itself.
I would run all Windows accounts as restricted users from now on. I have done that on my M$ home PC with fast-user switching and it works well for me, my wife and children rarely need to "install" anything, but if they do I tell them, save it to c:\temp and I'll install it when I get home.
It may be worth while to try and image your Windows partition from Linux if you have the space. Then you can restore your image and your Windows if it gets corrupted again, which it won't if you set all users as Restricted Users.
-Ross
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Lanny Marcus Sent: Sunday, November 18, 2007 10:12 AM To: CentOS Mailing List Subject: [CentOS] Dual boot box: WinXP & CentOS 5: Impossible to restoreWinXP?
We rarely use M$ Windows, but I let my daughter surf
pbskids.org while
using Windows and a Trojan Horse modified or deleted the user32.dll file. I found the instructions on the Microsoft Support web
site, and
it would be very easy for me to expand a new copy of user32.dll if I could get the MS WinXP CD to work. It boots OK, I press a key so it will search hardware and it then has hard drive activity for a long, long time. My impression is that Microsoft does not want
this to work
on dual boot boxes.
I've tried this on dual boot boxes with Windows ME and Windows 98 SE and it works fine. Dell sent me two (2) new WinXP CDs (one
in English
and one in Spanish) but the problem apparently is not that I have a defective WinXP CD from Dell.
Has anyone been able to restore WinXP on a dual boot box? TIA!
Lanny
Over 800 Magazine titles up to 85% off http://lowcostmagazines.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.