[CentOS] Dual boot box: WinXP & CentOS 5: Impossible torestoreWinXP?

Mon Nov 19 15:36:22 UTC 2007
Ross S. W. Walker <rwalker at medallion.com>

Ross S. W. Walker wrote:
> 
> You can fix it all from CentOS.

I'm going to reply with some more details.

> Install CentOS plus kernel with NTFS support.
> 
> Insert cdrom. Use the ported "expand" app to expand the user32.dl_ out

The "expand" app is called "cabextract" it can be found in the EPEL repo
or the "extras" repo in Fedora.

> of the i386 directory on the cd-rom (or an extracted copy of your
> latest service pack), and then mount your NTFS partition read-write,
> and copy the user32.dll into the windows\system32 directory, and
> possibly the windows\system32\dllcache.

It IS also in dllcache, and the fact that the trojan bypassed the
windows system file recovery means that it is probably a rootkit.

You need to run some kind of rootkit detection and cleaner on the
system before it reboots or else it will just reinstall itself.
 
> I would run all Windows accounts as restricted users from now on. I
> have done that on my M$ home PC with fast-user switching and it
> works well for me, my wife and children rarely need to "install"
> anything, but if they do I tell them, save it to c:\temp and
> I'll install it when I get home.
> 
> It may be worth while to try and image your Windows partition from
> Linux if you have the space. Then you can restore your image and
> your Windows if it gets corrupted again, which it won't if you
> set all users as Restricted Users.
> 
> -Ross
> 
> 
> > -----Original Message-----
> > From: centos-bounces at centos.org 
> > [mailto:centos-bounces at centos.org] On Behalf Of Lanny Marcus
> > Sent: Sunday, November 18, 2007 10:12 AM
> > To: CentOS Mailing List
> > Subject: [CentOS] Dual boot box: WinXP & CentOS 5: Impossible 
> > to restoreWinXP?
> > 
> > We rarely use M$ Windows, but I let my daughter surf 
> pbskids.org while
> > using Windows and a Trojan Horse modified or deleted the user32.dll
> > file. I found the instructions on the Microsoft Support web 
> site, and
> > it would be very easy for me to expand a new copy of user32.dll if I
> > could get the MS WinXP CD to work. It boots OK, I press a key so it
> > will search hardware and it then has hard drive activity for a long,
> > long time. My impression is that Microsoft does not want 
> this to work
> > on dual boot boxes.
> > 
> > I've tried this on dual boot boxes with Windows ME and Windows 98 SE
> > and it works fine. Dell sent me two (2) new WinXP CDs (one 
> in English
> > and one in Spanish) but the problem apparently  is not that I have a
> > defective WinXP CD from Dell.
> > 
> > Has anyone been able to restore WinXP on a dual boot box? TIA!
> > -- 
> > Lanny
> > ---------------------------------------------------------
> > Over 800 Magazine titles up to 85% off
> > http://lowcostmagazines.com/
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> > 
> 
> ______________________________________________________________________
> This e-mail, and any attachments thereto, is intended only for use by
> the addressee(s) named herein and may contain legally privileged
> and/or confidential information. If you are not the intended recipient
> of this e-mail, you are hereby notified that any dissemination,
> distribution or copying of this e-mail, and any attachments thereto,
> is strictly prohibited. If you have received this e-mail in error,
> please immediately notify the sender and permanently delete the
> original and any copy or printout thereof.
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.