Welcome, Guest. Please Login
 
  HomeHelpSearchLogin FAQ Radified Ghost.Classic Ghost.New Bootable CD Blog  
 
Page Index Toggle Pages: 1
Send Topic Print
WinXP SP3 and McAfee Antivirus--May have Killed your system! (Read 8668 times)
NightOwl
Radministrator
*****
Offline


"I tought I saw a puddy
tat..."

Posts: 5826
Olympia, WA--Puget Sound--USA


Back to top
WinXP SP3 and McAfee Antivirus--May have Killed your system!
Apr 24th, 2010 at 1:33am
 
To all

Just spent quit a few hours helping a friend whose computer lost access to the internet suddenly 2 days ago (April 21)!  He would click on Internet Explorer shortcut, program launched just long enough to see a Window screen opening and then it disappeared.

Turns out that a recent McAfee Antivirus definition update (DAT 5958) identified the Windows system program *svchost.exe* as being infected with a virus if it's on a WinXP SP3 system--and it removed that system program file--it knocked out Internet Explorer, the task bar at the bottom of the screen was not *normal*--half the programs where missing--the sound was gone, and using Windows Explorer no longer worked--could not copy and paste any files, nor drag and drop.  I suspect there are other Windows programs that are effected--but, I did not spend time looking for additional issues.

I was surprised that the system could even boot up--there have been reports that non-booting was also one of the possible problems, as well as being stuck in a repeating reboot cycle.  The Ask Woody Website states *I’m hearing estimates that tens of thousands – maybe hundreds of thousands – of PCs got locked up.*

The *solution* is to find a replacement copy of *svchost.exe*, either on the dead system, or from another working system and copy it to the *C:\WINDOWS\system32* directory--it was recommended that you boot to *SafeMode*.  Thing is, Windows Explorer will not work in *SafeMode* either--so I could not use it to transfer a copy from a thumb drive to the system's HDD!  And, McAffee apparently removed all the backups of that System file on the affected system as well!

I finally remembered that I had an old Win98se file manager program called *PowerDesk--v4.x*--I installed it in safemode, and it apparently didn't depend on WinXP's *svchost.exe* support--so I was able to use its *Copy to* function--drag and drop was not available.

I never tried, but it's possible that one could open a DOS command window by typing *cmd* in the *Start/Run* box and then use command line commands to copy the files--but, I did not try that:

An A-Z Index of the Windows XP command line

COPY command


Edit on 4/24:  Additional info

Using the command line in Windows SafeMode--the thumb drive was mounted as drive E:\ with the *svchost.exe* file in its root directory, and the OS drive was C:\--so the command that should work is:

Code:
copy E:\svchost.exe C:\Windows\system32  



As an alternative--if you make regular Ghost or other image backups--then you may be able to restore just that file from you backup (your program has to allow for single file restore from its Recovery Environment or DOS).  Or, if there's no issue with doing a complete restore of the OS partition (i.e. it's not a very old backup and you would loose lots of new changes), you could also do a regular restore operation.  Unfortunately, my friend does not use backup programs except for personal files--maybe this experience will change that!

If anyone is having this problem--or knows someone who is--hope this helps!
 

____________________________________________________________________________________________

No question is stupid ... but, possibly the answers are Wink !
 
IP Logged
 

ben_mott
Nuclear Grade
****
Offline



Posts: 278


Back to top
Re: WinXP SP3 and McAfee Antivirus--May have Killed your system!
Reply #1 - Apr 24th, 2010 at 5:05pm
 
hellol,
if you had a bootable Bart PE or a bootable UBCD4WIN Cd

and from comand line done
chkdsk /R C:
or used their utility on their system menu

just a thought
regards Ben
Smiley
 
 
IP Logged
 
Brian
Demigod
******
Offline



Posts: 6345
NSW, Australia


Back to top
Re: WinXP SP3 and McAfee Antivirus--May have Killed your system!
Reply #2 - Apr 24th, 2010 at 5:46pm
 
@
NightOwl

This is one of the best WinPE CDs I've seen. It's a trial and it requires no special knowledge to create. A 5 minute "click Next" job. The "Explore My Computer" function is just like our Windows Explorer. Files on a USB flash drive can be accessed. You can even access the internet and your email from a non booting computer with a failed HD.

http://www.ntfs.com/boot-disk.htm

Active@ Boot Disk ver 5.0.5

 
 
IP Logged
 
NightOwl
Radministrator
*****
Offline


"I tought I saw a puddy
tat..."

Posts: 5826
Olympia, WA--Puget Sound--USA


Back to top
Re: WinXP SP3 and McAfee Antivirus--May have Killed your system!
Reply #3 - Apr 25th, 2010 at 12:41am
 
@
ben_mott and
@
Brian

Thanks for your inputs--good suggestions--I guess I really need to learn how to use BartPE.

That Active@Boot Disk is a pricey item if you want to purchase:  $80 for the Windows version, $70 for the DOS version, or $110 for both!

 

____________________________________________________________________________________________

No question is stupid ... but, possibly the answers are Wink !
 
IP Logged
 
ben_mott
Nuclear Grade
****
Offline



Posts: 278


Back to top
Re: WinXP SP3 and McAfee Antivirus--May have Killed your system!
Reply #4 - Apr 25th, 2010 at 2:46am
 
 
 
IP Logged
 
OldCasper
Technoluster
***
Offline


I Love Ghost!

Posts: 119
Florida, USA


Back to top
Re: WinXP SP3 and McAfee Antivirus--May have Killed your system!
Reply #5 - Jul 18th, 2010 at 10:48am
 
Even on an NTFS hard drive, you can access any file on the HD from a DOS boot floppy or CD if you have NTFS4DOS on that boot disk.
I first heard about that by reading this forum.
Boot up to a dos prompt, then run NTFS4DOS and it opens up the HD so you can access any file on the drive.
It's a great way to delete viruses, spyware, trojans and McAfee.
Did you notice?  I rate McAfee right along with the viruses.  It can be just as hard to get rid of when you want to. Wink

I've been reading this forum for quite some time and it's amazing the things I've learned here.
thanks guys!

Casper
 

A man with experience is never at the mercy of a man with an argument.
 
IP Logged
 
Page Index Toggle Pages: 1
Send Topic Print