File lost during antivirus scanning

[yeungqeh]

I have several files infected by trojan.win32 virus and they were deleted by
the antivirus software (avast).
These files are:
\windows\system32\dllcache\
iisreset.exe iissync.exe imiputy.exe inetmgr.exe mplay32.exe

How can I replace them?
Or do I need to replace them?
Please help! Thanks.

My environment: windows xp professional, version 2002, service pack 3

 

[Randem]

If they were infected and removed... GOOD!!! Why do you think that you need
to replace them. Is there some sort of error going on on your machine?

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938

 

[Twayne]

I have several files infected by trojan.win32 virus and they were
deleted by the antivirus software (avast).
These files are:
\windows\system32\dllcache\
iisreset.exe iissync.exe imiputy.exe inetmgr.exe mplay32.exe

How can I replace them?
Or do I need to replace them?
Please help! Thanks.

My environment: windows xp professional, version 2002, service pack 3

Off the top of my head, none of those files looke like they are part of
XP, meaning they are either parts of the virus or parts of other
programs you have. Most likely they are parts of the virus.

You shouldn't need to replace them. Is everything now functioning OK?
If so, forget about them.

Usually if AV ware has removed a needed system file it will tell you it
had to delete it and that you must replace it. I don't think that
happened, did it?

I think you simply see some of the parts of the virus that were removed.

HTH,

Twayne`

 

[MowGreen]

Off the top of my head, none of those files looke like they are part of
XP, meaning they are either parts of the virus or parts of other
programs you have. Most likely they are parts of the virus.

You shouldn't need to replace them. Is everything now functioning OK?
If so, forget about them.

Usually if AV ware has removed a needed system file it will tell you it
had to delete it and that you must replace it. I don't think that
happened, did it?

I think you simply see some of the parts of the virus that were removed.

HTH,

Twayne`

The files the OP mentioned may have been legit backups. *If* the
original system files were infected, then the deletion of the backups
makes sense as the system files were most likely replaced with infected
copies.

Since Avast did not detect the original system files as being infected,
it sounds like a False Positive to me.
Most likely, Avast determined the that the files should be deleted as
per the recent vulnerability reported in IIS, which is what all of the
files except for mplay32.exe, are related to.


** To the poster ** -

You can restore the files *if* Avast just Quarantined them by opening
the Virus Chest. Click on Infected Files in the left frame, then *right*
click each file and choose Restore.

IF the files were deleted and not present in Virus Chest, suggest you
first update Avast to it's latest virus definition file, 090525-0.
Then use System Restore to roll the system back to just before Avast
deleted the files.
Avast should not delete the files again now that the latest defs are
installed.

Also ... you can get a second opinion as to the legitimacy of the files
by having them scanned here: http://www.virustotal.com/


MowGreen
================
*-343-* FDNY
Never Forgotten
================

 

[Tim Meddick]

If you are unable to perform a 'System Restore' to a point before infection
or if 'System Restore' does not replace the files you can manually restore
them from the XP installation disk (assuming you have it).

type the following commands in a 'Command Prompt' window:


expand c:\i386\iisreset.ex_ c:\windows\system32\iisreset.exe
expand c:\i386\iisreset.ex_ c:\windows\system32\dllcache\iisreset.exe
expand c:\i386\iissync.ex_ c:\windows\system32\iissync.exe
expand c:\i386\iissync.ex_ c:\windows\system32\dllcache\iissync.exe
expand c:\i386\inetmgr.ex_ c:\windows\system32\inetmgr.exe
expand c:\i386\inetmgr.ex_ c:\windows\system32\dllcache\inetmgr.exe
expand c:\i386\mplay32.ex_ c:\windows\system32\mplay32.exe
expand c:\i386\mplay32.ex_ c:\windows\system32\dllcache\mplay32.exe


==


Cheers, Tim Meddick, Peckham, London.

 

[Tim Meddick]

Sorry - I used 'c:' - replace 'c:' in 'c:\i386' with the drive letter of
your cd/dvd drive that the XP disk in in.

==


Cheers, Tim Meddick, Peckham, London.

 

[yeungqeh]

Thanks to all of you for your help.
Actually the system is running smoothly without any problem.
I think I will use Tim Meddick's method (with XP disk) to restore those files.

Cheers.