Windoze issue
Moderator: ericjon262
-
- Peer Mediator
- Posts: 15629
- Joined: Wed Nov 24, 2004 11:13 pm
- Location: In the darkness, where fear and knowing are one
- Contact:
Windoze issue
Using AVG free with windoze 2K. Recently downloaded AV update and subsequent virus scan found virus in wsock32.dll
In reboot following attempted healing of this file, the following problem popped up:
The system makes it through the low res "Win 2K loading" screen and the desktop background color pops up for a second, then a BSOD comes up with a short message about a fatal error requiring restart, then the screen goes blank and the computer restarts. The message is not on the screen long enough to determine what the fatal error is and what it involves, so I don't know how to go about fixing it. Does anyone have any ideas about how to get it to stick around?
I'll be going to Linux before the end of the year, so this is only a short term problem.
Heck, I'm not even too worried about getting the computer (a laptop) to fire up again, as long as I can recover some data from the hard drive...
In reboot following attempted healing of this file, the following problem popped up:
The system makes it through the low res "Win 2K loading" screen and the desktop background color pops up for a second, then a BSOD comes up with a short message about a fatal error requiring restart, then the screen goes blank and the computer restarts. The message is not on the screen long enough to determine what the fatal error is and what it involves, so I don't know how to go about fixing it. Does anyone have any ideas about how to get it to stick around?
I'll be going to Linux before the end of the year, so this is only a short term problem.
Heck, I'm not even too worried about getting the computer (a laptop) to fire up again, as long as I can recover some data from the hard drive...
-
- Peer Mediator
- Posts: 15629
- Joined: Wed Nov 24, 2004 11:13 pm
- Location: In the darkness, where fear and knowing are one
- Contact:
-
- cant get enough of this site!
- Posts: 3289
- Joined: Wed Mar 30, 2005 2:37 pm
^^^ do that, then wipe the hd and reformate, clean install. Make sure your virus scanner is on and up to date b4 you pull files over though.zonyl wrote:Dont need to pull the drive out. Boot the Knoppix CDrom and copy the files over usb or nic to another machine. Oddly I have had to do this twice recently for similar reasons as you are experiencing.
If you need more details, I would be glad to help via email.
"I wanna make a porno starring us. Well, not just us, also these two foreign bitches."
- Series8217
- 1988 Fiero Track Car
- Posts: 5989
- Joined: Thu Jun 02, 2005 9:47 pm
- Location: Los Angeles, CA
Some of the better antivirus software allows you to download updated definitions (from another computer) then burn to a CD and boot off of it to clean up your infected system.
Also, did you write down the name of the virus? If you look it up on Symantec's virus database they generally have specific instructions on how to remove it. You can also do a google search to see how others have had success if they got to the same point you're at.. its generally pretty hard to find but I'll often find on some Russian forum or something there is a solution
Also, did you write down the name of the virus? If you look it up on Symantec's virus database they generally have specific instructions on how to remove it. You can also do a google search to see how others have had success if they got to the same point you're at.. its generally pretty hard to find but I'll often find on some Russian forum or something there is a solution
-
- Posts: 232
- Joined: Wed May 04, 2005 1:10 pm
- Location: Down Souf
Google "wsock32.dll virus" without the quotes.
There's a few things that it could be. Most of them point to the "happy99" virus, although there are a couple of others that alter wsock32.dll as well.
Wsock32.dll is the file that allows TCP/IP (your internet protocol) to work.
The BSOD is probably happening because it's tripping up, trying to start the network.
Just for grins, you might try copying wsock32.dll from another working W2K machine, to your windows\system32 folder. The one on my XP machine is only 21K, so it should fit on a floppy just fine. Copying system files doesn't always work on NT based machines, but it's definitely worth a try.
There's a few things that it could be. Most of them point to the "happy99" virus, although there are a couple of others that alter wsock32.dll as well.
Wsock32.dll is the file that allows TCP/IP (your internet protocol) to work.
The BSOD is probably happening because it's tripping up, trying to start the network.
Just for grins, you might try copying wsock32.dll from another working W2K machine, to your windows\system32 folder. The one on my XP machine is only 21K, so it should fit on a floppy just fine. Copying system files doesn't always work on NT based machines, but it's definitely worth a try.
BRDS
- Series8217
- 1988 Fiero Track Car
- Posts: 5989
- Joined: Thu Jun 02, 2005 9:47 pm
- Location: Los Angeles, CA
-
- Posts: 232
- Joined: Wed May 04, 2005 1:10 pm
- Location: Down Souf
Very true. But hopefully, the antivirus software has or will snag the perpetrator.Series8217 wrote:The virus probably lives in another file that overwrites the real winsock32.dll when it loads. Replacing or deleting winsock32.dll wont solve the problem
If not, maybe one of the googled links will provide enough info to kill it.
No guarantees, but it's something to try.
BRDS
You should be able to stick in the original CS and choose 'repair an existing installation'. That will preserve your personal files, but you'll have to reinstall 3rd party software.BigRedDeckSpoiler wrote:Google "wsock32.dll virus" without the quotes.
There's a few things that it could be. Most of them point to the "happy99" virus, although there are a couple of others that alter wsock32.dll as well.
Wsock32.dll is the file that allows TCP/IP (your internet protocol) to work.
The BSOD is probably happening because it's tripping up, trying to start the network.
Just for grins, you might try copying wsock32.dll from another working W2K machine, to your windows\system32 folder. The one on my XP machine is only 21K, so it should fit on a floppy just fine. Copying system files doesn't always work on NT based machines, but it's definitely worth a try.
wsock32.dll is the .dll most of the socket functions are exported from. Sockets=the nuts n bolts of the windows os connecting to a network like someone else said.
Copy it from another machine or extract it off of your original setup disks. YOu should be able to start the machine in safe mode (f8) to prevent the network related functionality from loading. If you STILL have the problem reboot into safe mode and step through the login to see precisely where it's bombing at.
This might go away if you turn the system file protection feature back on; it all depends on when the last image of the machine was taken. This feature marks all the system related dlls as protected and will allow deletion, renaming, changing, etc, but will immediately copy back the old version out of a cache. I've never seen this work, but if you're in the realm of last resorts you might as well give it a try.
- Series8217
- 1988 Fiero Track Car
- Posts: 5989
- Joined: Thu Jun 02, 2005 9:47 pm
- Location: Los Angeles, CA
That reminds me..
If you can boot into safe mode, go to Start>Programs>Accessories>System Tools>System Information.
Click on the tools menu, find "System File Checker" or "File Signature Verification Utility" and run that. It should check your system files against the originals in the CABs or on the CD and replace them as necessary. It may fix your problem, but again the virus may reside elsewhere. Its worth ttrying if you have to save the system though.
If you can boot into safe mode, go to Start>Programs>Accessories>System Tools>System Information.
Click on the tools menu, find "System File Checker" or "File Signature Verification Utility" and run that. It should check your system files against the originals in the CABs or on the CD and replace them as necessary. It may fix your problem, but again the virus may reside elsewhere. Its worth ttrying if you have to save the system though.
There are some pretty sophisticated root kits nowadays for Windoze (Ring-0 stuff now), far more than what the media and AV companies even realize.Series8217 wrote:That reminds me..
If you can boot into safe mode, go to Start>Programs>Accessories>System Tools>System Information.
Click on the tools menu, find "System File Checker" or "File Signature Verification Utility" and run that. It should check your system files against the originals in the CABs or on the CD and replace them as necessary. It may fix your problem, but again the virus may reside elsewhere. Its worth ttrying if you have to save the system though.
To prevent / counter this problem, I installed linux on my work pc, and run Windows and my work applications in a VMWare image now (save all of my docs via samba to the linux host) At the slightest hint something is wrong with Windows, in a couple of seconds I pull back the VMWare image to a prior checkpoint , and Im off to the races again. I will even run Windows now in non-persist mode if I am comfortable with the setup of my applications.
On the linux side, I run daily MD5's against all system bins from an MD5 master file located on a partition that only gets mounted upon check.