Copying XP files.

[Frank Martin]

I have infected files that are essential to
the WindowsXP pro operating system.

These are:
C:\Windows\Config\csrss.exe
C:\Windows\Config\supdate.exe

Therefore I ask: can I delete these two
infected files, and then just copy the
original clean ones from the original
WindowsXP installation disks?

Please advise how this should be done.

Please help, Frank

 

[Elmo]

I have infected files that are essential to
the WindowsXP pro operating system.

These are:
C:\Windows\Config\csrss.exe
C:\Windows\Config\supdate.exe

Therefore I ask: can I delete these two
infected files, and then just copy the
original clean ones from the original
WindowsXP installation disks?

Please advise how this should be done.

Please help, Frank

Neither of those files are in my C:\Windows\Config folder. Supdate is
nowhere on my HD. Rename or delete them. If there are problems,
replace from the Windows\System32 folder or the Windows CD.

 

[Gary S. Terhune]

What you *should* do is to attend a Security Forum that specializes in these
things and have them help you determine the *exact* nature of your infection
and then follow their instructions for removal. Meanwhile, just rename those
files and see what happens. Change the extensions, not the rest of the name.
Even something so simple as *.virus. See if they come back, as well, and not
necessarily in the same folder.

Here's one good forum:
http://www.castlecops.com/forums.html

And another good one:
http://www.castlecops.com/forums.html (scroll part way down for the Security
forums.

 

[Frank Martin]

message

Neither of those files are in my
C:\Windows\Config folder. Supdate is
nowhere on my HD. Rename or delete them.
If there are problems,
replace from the Windows\System32 folder or
the Windows CD.

Thanks. I cannot find them on the Windows CD.
Where should I look for them.

 

[Gary S. Terhune]

Does that mean that you need them, or are you just being a good Boy Scout?

 

[Gary S. Terhune]

They're in the i386 folder but they're compressed and have an underscore in
place of the last letter of the filename. Here's the instructions for
getting individual files off the installation CD, but if you couldn't boot,
you'd have to do it from a recovery console.
http://www.winxptutor.com/expand.htm

Most relevant to this procedure is what version of XP you're running now.
Original, SP1 or SP2 or SP3? (Look in Control Panel>System on the General
tab. It will tell you what SP, if any, you have.

But the usual thing would be that they're replaced from the DLLCACHE. If
every copy of those files on that machine are infected, I would be very
surprised.

Anyway, enough of this NG, get thee to a proper Security forum, please!

 

[Frank Martin]

Thanks, I went thru this and expanded the
file from the original WindowsXP CD,
converting csrss.ex_ to csrss.exe which I
then copied into C:WINDOWS\Config.

When I restarted the computer I get an error:

"C:\Windows\Config\csrss.exe application
cannot be run in win32 mode."

Also, the new csrss.exe file is much smaller
than the corrupted one.

 

[Synapse Syndrome]

Anyway, enough of this NG, get thee to a proper Security forum, please!

Why have all your posts been deleted in the vista newsgroup, on the MS
newsserver?

They had been deleting all my posts a little while ago, even though I am not
a troll, and was helping a lot of people.

I find it rather amusing that they have started censoring their own MVPs
now. What do you think you did to deserve this?

ss.

 

[Gary S. Terhune]

You aren't listening, I can't help you.

 

[Gary S. Terhune]

I don't know. Don't really care. They're out there somewhere.

Two major possibilities come to mind: General Microsoft Incompetence when it
comes to news server maintenance crew, or 2. Carey Frisch.

 

[Gary S. Terhune]

I have a question for you: Did you just happen to reset your Vista.General
NG this morning? Why? And why would you pick up specifically on *my* posts
being gone from wherever they're gone from? (They're gone from this NG,
also, but only about half are gone from the Win98 groups where I hang out
most.)

Noting that you, too, have nothing nice to say about Mr. Frisch, I'm very
tempted to say that he whined to whoever his sponsor is at Microsoft, which
sponsor we all KNOW is very powerful or he wouldn't be a freaking MVP in the
first place. I've also been a "bad boy" over the last few months, telling
certain people in no uncertain terms what I think of them. Maybe they used
my posts to make some new rules.

Still, while ALL of my messages for WindowsXP.General and Vista.General are
gone, only half of the ones from my "home" Win98 groups are gone.

So, again, it could just be Microsoft doing what Microsoft does best --
screwing things up. Not knowing who else has had their messages deleted from
the server, it's hard to guess any further.

Besides, I don't give a sh* t. I dumped political correctness and "Proper
MVP Behavior" in these groups several months ago (and a lot of other places
I go these days), and if I *am* being singled out, (And, again, I don't
know) it wouldn't surprise me. The MVP program is not what it used to be,
and hasn't been for a few years. I tried to quit but was told, "the Award is
for past contributions and you can't 'quit'". You can just refuse the
goodies and not participate in the "Program". They don't like what I'm doing
this year, that's fine. While I have a deep respect for many MVPs, there are
just as many that I think are worse than dirt. While I still think it's just
a bunch of incompetence on the part of the server managers, it could just as
easily be MS/MVP politics, and if that's the case, they can just toot my
flute and wipe their faces when I'm finished.

 

[Synapse Syndrome]

I have a question for you: Did you just happen to reset your Vista.General
NG this morning? Why? And why would you pick up specifically on *my* posts
being gone from wherever they're gone from? (They're gone from this NG,
also, but only about half are gone from the Win98 groups where I hang out
most.)

I have set OE to download all headers only when I enter a newsgroup. I
noticed that everytime I tried to read one of your posts it said that the
message was no longer available on the server. After searching your name
within the newsgroup, all headers from you that I had not already downloaded
and read, were deleted.

Noting that you, too, have nothing nice to say about Mr. Frisch, I'm very
tempted to say that he whined to whoever his sponsor is at Microsoft,
which sponsor we all KNOW is very powerful or he wouldn't be a freaking
MVP in the first place. I've also been a "bad boy" over the last few
months, telling certain people in no uncertain terms what I think of them.
Maybe they used my posts to make some new rules.

I find Carey Frisch to be quite an amusing clown type character.

Still, while ALL of my messages for WindowsXP.General and Vista.General
are gone, only half of the ones from my "home" Win98 groups are gone.

So, again, it could just be Microsoft doing what Microsoft does best --
screwing things up. Not knowing who else has had their messages deleted
from the server, it's hard to guess any further.

Besides, I don't give a sh* t. I dumped political correctness and "Proper
MVP Behavior" in these groups several months ago (and a lot of other
places I go these days), and if I *am* being singled out, (And, again, I
don't know) it wouldn't surprise me. The MVP program is not what it used
to be, and hasn't been for a few years. I tried to quit but was told, "the
Award is for past contributions and you can't 'quit'". You can just refuse
the goodies and not participate in the "Program". They don't like what I'm
doing this year, that's fine. While I have a deep respect for many MVPs,
there are just as many that I think are worse than dirt. While I still
think it's just a bunch of incompetence on the part of the server
managers, it could just as easily be MS/MVP politics, and if that's the
case, they can just toot my flute and wipe their faces when I'm finished.

Yes, there are some MVPs that seem to devalue the title.

I just thought - there is the possibility that the posts are deleted by
email address, and with yours set as 'none', it is likely that one of the
many trolls on the newsgroups is using the same address.

ss.

 

[Gary S. Terhune]

If that were the case, they'd all be gone from all of the groups. Anyway,
it's no big deal. It's just been fun to consider the more sinister
possibilities.

 

[Ken Blake, MVP]

I have set OE to download all headers only when I enter a newsgroup. I
noticed that everytime I tried to read one of your posts it said that the
message was no longer available on the server. After searching your name
within the newsgroup, all headers from you that I had not already downloaded
and read, were deleted.

I just thought - there is the possibility that the posts are deleted by
email address, and with yours set as 'none', it is likely that one of the
many trolls on the newsgroups is using the same address.

For what it's worth, as far I can see, all of Gary's messages appear
here, and I'm not aware of any problems getting to any of them.

 

[Synapse Syndrome]

For what it's worth, as far I can see, all of Gary's messages appear
here, and I'm not aware of any problems getting to any of them.

Yes, I can get them in this newsgroup as well, but they are all gone in the
Vista group.

ss.

 

[Synapse Syndrome]

If that were the case, they'd all be gone from all of the groups. Anyway,
it's no big deal. It's just been fun to consider the more sinister
possibilities.

Not necessarily. When I was getting my posts deleted, they always
disappeared in the Vista group, but only sometimes in the other groups I
sometimes post to. You are either being deliberately targeted for deletion,
like other posters, or your email address is getting you confused with a
troll poster.

ss.

 

[Gary S. Terhune]

I reset all of my groups, after running my 30-day cleanup rule. My post
count before reset was 700 (exactly -- weird.) and dropped to 136
afterwards. According to Google, there are 510 posts for the approx. the
same period. The My Sent Items folder says 436, which makes sense, what with
cross-posting.

But no doubt, the counts were about halved after reset in all the groups
except Vista, where they all went.

 

[Synapse Syndrome]

I reset all of my groups, after running my 30-day cleanup rule. My post
count before reset was 700 (exactly -- weird.) and dropped to 136
afterwards. According to Google, there are 510 posts for the approx. the
same period. The My Sent Items folder says 436, which makes sense, what
with cross-posting.

But no doubt, the counts were about halved after reset in all the groups
except Vista, where they all went.

The posts in the non-Vista groups may have gone just because they expired on
the server as they were too old to be retained, but your newsreader kept
them, while your Vista posts were deliberately deleted.

ss.

 

[Gary S. Terhune]

All of the posts involved were dated in July. No more than a month old.