What a neat tool. I read the book XP Inside Out, cover to cover, and never
saw System File Checker. I'm definitely running this on a routine basis.
Up to now, I've been relying on folder permissions as a defense when surfing
the web. I set up a special Limited user account for surfing the web, that
has no permissions to access the folders named \Windows or \Program Files,
except for Read/Execute. Because I set up auditing on the folders \Windows
and \Program Files, I can see numerous failed attempts every day to break
into the \Windows folder, and monkey with the system files and registry (e.g
Notepad.exe and Explore.exe). System File Checker will help me prove the
integrity of the system files.
Since somebody somewhere will surely say the obvious (Folder Permissions
cannot stop everything.), it is worth saying at this point that Folder
Permissions is not intended to stop everything. This approach obviously
does not stop infestations of folders in the User Profile (e.g. Favorites
and Cookies). It is just one of many tools/techniques/weapons that can be
used to defend ourselves. I only use these straight-jacket Folder
Permissions on one special user account for surfing the web. I dare not use
the same user account for surfing the web, as I use for storing private
family records.
Craig,
You can use System File Checker to replace the file:
310747 Description of Windows XP and Windows Server 2003 System File Checker
http://support.microsoft.com/?id=310747
You can also use MSConfig to restore a single file:
310560 How to Troubleshoot By Using the Msconfig Utility in Windows XP
http://support.microsoft.com/?id=310560
=========
This posting is provided "AS IS" with no warranties, and confers no rights.
Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp
Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp
Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp
=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)
--------------------
| From: "Craig Z" <
[email protected]>
| Subject: startpage.4.al has infected c:\windows\system32\notepad.exe
| Date: Wed, 2 Jun 2004 12:47:50 -0700
|
| HELP!! I have a client's personal PC that has been
| infected with what AVG identifies as a trojan. I need to
| replace the notepad.exe in the system32 folder. Can
| someone please advise the best way to go about this or
| any other suggestions would be greatly appreciated. I
| have searched high and low and am so far unable to find
| anything helpful!! Thanks in advance for your assistance!
|