startpage.4.al has infected c:\windows\system32\notepad.exe

  • Thread starter Thread starter Craig Z
  • Start date Start date
C

Craig Z

HELP!! I have a client's personal PC that has been
infected with what AVG identifies as a trojan. I need to
replace the notepad.exe in the system32 folder. Can
someone please advise the best way to go about this or
any other suggestions would be greatly appreciated. I
have searched high and low and am so far unable to find
anything helpful!! Thanks in advance for your assistance!
 
Clean your virus, then copy/expand the executable from your original setup
disk

--
Eddy Koller[MS]

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
 
Craig,

You can use System File Checker to replace the file:

310747 Description of Windows XP and Windows Server 2003 System File Checker
http://support.microsoft.com/?id=310747

You can also use MSConfig to restore a single file:

310560 How to Troubleshoot By Using the Msconfig Utility in Windows XP
http://support.microsoft.com/?id=310560

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp

Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp

Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)

--------------------
| From: "Craig Z" <[email protected]>
| Subject: startpage.4.al has infected c:\windows\system32\notepad.exe
| Date: Wed, 2 Jun 2004 12:47:50 -0700
|
| HELP!! I have a client's personal PC that has been
| infected with what AVG identifies as a trojan. I need to
| replace the notepad.exe in the system32 folder. Can
| someone please advise the best way to go about this or
| any other suggestions would be greatly appreciated. I
| have searched high and low and am so far unable to find
| anything helpful!! Thanks in advance for your assistance!
|
 
What a neat tool. I read the book XP Inside Out, cover to cover, and never
saw System File Checker. I'm definitely running this on a routine basis.
Up to now, I've been relying on folder permissions as a defense when surfing
the web. I set up a special Limited user account for surfing the web, that
has no permissions to access the folders named \Windows or \Program Files,
except for Read/Execute. Because I set up auditing on the folders \Windows
and \Program Files, I can see numerous failed attempts every day to break
into the \Windows folder, and monkey with the system files and registry (e.g
Notepad.exe and Explore.exe). System File Checker will help me prove the
integrity of the system files.

Since somebody somewhere will surely say the obvious (Folder Permissions
cannot stop everything.), it is worth saying at this point that Folder
Permissions is not intended to stop everything. This approach obviously
does not stop infestations of folders in the User Profile (e.g. Favorites
and Cookies). It is just one of many tools/techniques/weapons that can be
used to defend ourselves. I only use these straight-jacket Folder
Permissions on one special user account for surfing the web. I dare not use
the same user account for surfing the web, as I use for storing private
family records.


Craig,

You can use System File Checker to replace the file:

310747 Description of Windows XP and Windows Server 2003 System File Checker
http://support.microsoft.com/?id=310747

You can also use MSConfig to restore a single file:

310560 How to Troubleshoot By Using the Msconfig Utility in Windows XP
http://support.microsoft.com/?id=310560

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp

Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp

Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)

--------------------
| From: "Craig Z" <[email protected]>
| Subject: startpage.4.al has infected c:\windows\system32\notepad.exe
| Date: Wed, 2 Jun 2004 12:47:50 -0700
|
| HELP!! I have a client's personal PC that has been
| infected with what AVG identifies as a trojan. I need to
| replace the notepad.exe in the system32 folder. Can
| someone please advise the best way to go about this or
| any other suggestions would be greatly appreciated. I
| have searched high and low and am so far unable to find
| anything helpful!! Thanks in advance for your assistance!
|
 
Where is the restore location on the original setup CD.
I have attempted to expand it using MSCONFIG but have
been unsucessful, and think I may not be using the
correct expand from file. Please help, and many thanks
in advance.

Craig Z
-----Original Message-----
Clean your virus, then copy/expand the executable from your original setup
disk

--
Eddy Koller[MS]

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


Craig Z said:
HELP!! I have a client's personal PC that has been
infected with what AVG identifies as a trojan. I need to
replace the notepad.exe in the system32 folder. Can
someone please advise the best way to go about this or
any other suggestions would be greatly appreciated. I
have searched high and low and am so far unable to find
anything helpful!! Thanks in advance for your
assistance!


.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top