W32\Nachi worm infection upon upgrade

[cheesehead]

Yesterday I tried to upgrade from Windows ME to XP.
Coincidentally (?) my computer was infected with the Nachi
worm. It put me in a crash loop and I could not download
the Stinger program from McAfee.com to cleanse my files.
I then uninstalled ( I thought) the XP version and
returned to using ME. I was able to download Stinger and
it found two infected files which it deleted. Then I
downloaded and ran Virus Scan 8.0 which detected one
infected file which was <Windows root>\system32\hal.dll.
This file was "write protected" and I was told it could
not be cleaned, deleted or quarentined. I disabled the
restore mode and ran the scan again. My computer runs
normally now except when it is booting. Then I get the
message: "Windows could not start because the following
file is missing or corrupt: <Windows root>\system32
\hal.dll Please install a copy of the above file." Then
I am told to select one of the following operating systems:
Windows XP Setup
Cancel Windows XP Setup

If I choose cancel setup my computer boots as normal. Any
ideas?

P.S. I ran Virus Scan again today and no infected files
were found but the booting problem still exists.

 

[Jupiter Jones [MVP]]

Try a Repair Installation:
Repair Installation:
http://www.dougknox.com/xp/tips/xp_repair_install.htm
Windows Updates will need to be reinstalled.
Data should be safe, back-up important data just in case.
Install Service Pack first and by itself.
Then install ALL Critical Updates no more than 4 at a time,

Disconnect the network/modem cable before starting repair and do NOT
reconnect the cable until repair is completed and firewall is
installed/enabled.
http://support.microsoft.com/?kbid=283673

 

[Bruce Chambers]

Greetings --

If you connected the PC to the Internet without having first
installed the KB824146 Hotfix, without having first installed an
antivirus application with current virus definition files, and before
enabling a firewall, you're very likely to get infected from any of
the thousands of PCs on the Internet that are constantly broadcasting
the worms.

Microsoft Security Bulletin MS03-39
http://support.microsoft.com/?kbid=824146

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

W32.Welchia.Worm a.k.a. W32/Nachi.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Welchia.Worm Removal Tool
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH