PDA

View Full Version : I need help concerning a virus problem



Constantinus
Monday, November 28th, 2005, 10:07 PM
My PC has been acting weird, I did a scan, and 3 files came up infected. The names of the files are:
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\ntoskrnl.exe

What are those files (I assume they're part of the OS) and is it wise to delete them? Reinstalling windows is not an option.

Death and the Sun
Monday, November 28th, 2005, 10:22 PM
Rename the files, restart your computer and if everything seems okay then delete them.

Constantinus
Monday, November 28th, 2005, 10:25 PM
What good will renaming them do?

Death and the Sun
Monday, November 28th, 2005, 10:29 PM
What good will renaming them do?

Windows probably won't allow you to delete them unless you do it.

Landser_
Monday, November 28th, 2005, 10:47 PM
Stan I'll talk to you on MSN about this later, because if I post info here you won't learn your lesson.

Why would you ask for PC advice on a nordish supremacist forum? Go to www.slashdot.org or something

edit: ok well before you do anything rash don't rename the files yet. you probably won't be able to unless you're in safe mode anyway.

Blutwölfin
Monday, November 28th, 2005, 10:54 PM
Stan I'll talk to you on MSN about this later, because if I post info here you won't learn your lesson.

Why would you ask for PC advice on a nordish supremacist forum? Go to www.slashdot.org or something

edit: ok well before you do anything rash don't rename the files yet. you probably won't be able to unless you're in safe mode anyway.

Because here might be some people who know a lot about computers? What's your problem? :scratch:

Try Housecall (http://de.trendmicro-europe.com/consumer/housecall/housecall_launch.php) , Stan. It can delete infected files from your computer or at least store it in a quarantine folder.
Do you use any anti virus programmes? Try AntiVir (http://www.free-av.de/personal/de/avwinsfx.exe), which is a free and good software.

TisaAnne
Monday, November 28th, 2005, 10:59 PM
Why would you ask for PC advice on a nordish supremacist forum? Go to www.slashdot.org or something

Well, probably because he knows that there are quite a few tech-minded members here that would be glad to help him with his query... without sounding condescending. :rolleyes:

(edit: Blut... you've beat me to the reprimand. ah, you are too quick for me! :P)


C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\ntoskrnl.exe

Some months back I was having the same problems as you but, particularly, concerning this '....shell32.dll' one. Since I am a complete computer retard, (:redface: ) and rather than seek assitance, I just deleted it from my computer all together. I don't know what it's for, but I don't think removing it from my system had caused me any problems.

As for renaming it, I didn't have to do that... at first, I couldn't delete it, as the access was "denied", but when I pressed ctrl + alt + delete, I saw "shell 32" in the close program dialog box, closed out of it, and was able to delete it without any problems. But, as I said, I don't have any idea about the inner workings or vast subtleties of computers, so I'm not trying to advise you in anyway. It sounds like your friend Landser can help you out with that. ;)

I would be curious to know what those files are for though, as I had the same problem and would like to know what it is that I deleted. If you find out, perhaps you can share your info.

RoyBatty
Monday, November 28th, 2005, 10:59 PM
It doesn't sound too good, those are core OS files. Back up your data, format the harddisk and reinstall. That's the quickest, safest fix. Things can usually be "fixed" but depending on what you have it can be tricky.

Frostwood
Monday, November 28th, 2005, 11:35 PM
The problem is that these files are indeed quite important. I wouldn't go renaming them, at least without an installdisc at hand, because then Windows wouldn't find them. If you don't have one, one possible solution would be to have someone give you these files, from a XP installation of course, and you just put them on a floppy. Boot up the machine with a boot diskette (I prefer the boot diskette of Windows 98/ME) and just copy the files there. There's just the problem that those older boot diskettes do not recognize NTFS, of which I'm not sure as I haven't used Windows in a loong time.

There are some sites which offer dll-files, as well. Of course, make sure you download the right version of a file. Such as http://www.dll-downloads.com/download_dll.asp and here are some more (http://www.google.com/search?num=100&hs=6Lr&hl=en&lr=&safe=off&c2coff=1&client=opera&rls=en&q=dll+download&btnG=Search).

You probably have to fetch that 'ntoskrnl.exe' from someone helpful, as a quick glance with google didn't turn out any very impressive sites from which you could download it.

Overall, what I'd first do would be to boot from the installdisc and try repair. If that doesn't work, then I would make backups of the files in question to a floppy, and boot the machine with a boot diskette that recognizes the filesystem you use for C:. After that, I'd just remove the original files (likely not possible while running the OS, must be done via a boot diskette) and try the repair again.

I don't know if this will help anything, but someone has the same problem as you do. (http://www.annoyances.org/exec/forum/winxp/1118434494)

Hopefully this was of some help.


I would be curious to know what those files are for though

Well, according to
DLL is short of Dynamic Link Library, a library of executable functions or data that can be used by Windows applications. DLL provides one or more particular functions, program accesses the functions by creating either a static or dynamic link to the DLL. A static link remains constant during program execution while a dynamic link is created by the program as needed. DLLs can also contain just data. DLL files end with the extension ".dll".

So, pretty important and I wouldn't tamper with them. :P

TisaAnne
Monday, November 28th, 2005, 11:43 PM
So, pretty important and I wouldn't tamper with them. :P

:O Alas, it is too late for me... the tampering has since been done; to what consequence I've yet to find out. :shrugani: (This is where I insert my foot into my mouth for being utterly foolish.)

But, thankfully for good ol' Stan, consulting this Nordic Supremicist board before making any rash decisions just might have saved his cyber skin, after all. ;) Good luck to you, Constantinus, and I hope you get your troubles sorted out.

Frostwood
Tuesday, November 29th, 2005, 12:17 AM
:O Alas, it is too late for me... the tampering has since been done; to what consequence I've yet to find out. :shrugani: (This is where I insert my foot into my mouth for being utterly foolish.)

Well, I remember something about Windows file protection, that won't let you tamper with important files and will return them if you manage to cast them into the bit space. I'm not sure though, and who would: the ways of Windows are mysterious, indeed, that is one thing I'm sure of.

Aor
Tuesday, November 29th, 2005, 01:38 AM
there is no need to reinstall your operating system.

see inuse.exe: http://support.microsoft.com/default.aspx?scid=kb;en-us;228930 PS: IF this won't work, please post back with info about windoze OS version.

brian
Tuesday, November 29th, 2005, 02:50 AM
A little googling gave me this: http://www.auditmypc.com/process/shell32.asp

Blood_Axis
Tuesday, November 29th, 2005, 11:34 AM
Stan, you did not tell us what your files have been infected with. Name of the virus? That could be helpful.

For example, I had a virus, I google searched on the virus name, found a removal tool, downloaded it, runned it and it disabled the virus. That simple. :shrugani:

Constantinus
Tuesday, November 29th, 2005, 11:52 AM
I have AVG virusscan. It just told me the files are infected, but nothing more.


I do not have an installdisc. I bought an illegal version from some guy who died of cancer a while ago.

Thank you all for your advize.

Blutwölfin
Tuesday, November 29th, 2005, 11:54 AM
Just try some of the virus scanners I mentioned in my first post. Both of them are able to delete, recover or put infected files in quarantine. Download them, install them and let both do a scan on your computer.

Death and the Sun
Tuesday, November 29th, 2005, 02:18 PM
Why would you ask for PC advice on a nordish supremacist forum? Go to www.slashdot.org or something


1. tNP is not a "supremacist" forum.

2. This post is complete spam. Either someone here can help Con or not, but if you were going to talk to him later anyway your whole post was 100% redundant. Don't post crap like this again.

Constantinus
Tuesday, November 29th, 2005, 02:33 PM
In Landser's defense, I know he's good with computers and I contacted him via messenger. he was absent so I left a message. I was already logging off when he replied, so instead of typing the problem out again I linked him to this thread.