[Date Prev][Date Next][Subject Prev][Subject Next][
Re: [virus] -- Winsock32.dll
- Subject: Re: [virus] -- Winsock32.dll
- From: jr_fox@xxxxxxxxxx
- Date: Wed, 29 Nov 2000 13:15:04 -0800
"Yo Intl." wrote:
> Phew.... I have learned a whole lot about this pesky Hanson virus since yesterday.
> I have eradicated it from all the places where it took root, but there is
> one file that remains corrupted, and that is: \windows\system\wsock32.dll.
> Is there any way to replace this file without re-installing Windows? As it
> is, Windows seems to allow me neither to edit nor to remove it at all.
> I have been digging around in Windows directories since yesterday, and it
> is not pleasant work. Has anybody experience with this? Tia
Not directly. I have a fair level of experience with NT, rather little with
W98. However, the basic principle may be the same. If the affected file(s)
are "locked" (always in use, even in some standby capacity) when Win is
running, you cannot touch them. That is the main argument in favor of a
"Maintenance Partition", no matter what o.s. you choose to run. A secondary
iteration of the o.s., in its own separate partition with its own option to
boot, should allow you to work on any files in the main partition *in an
Unlocked state*. Of course, you would still need to have uninfected copies of
any files you intend to replace. (I don't know the odds on a viral infection
reaching across partitions, though it certainly seems a possibility in the
Windows world. Anyway, that's a different issue.)
Your practical alternative to a maintenance partition is the W98 emergency
boot diskettes. You did make a set of these, didn't you ? (They happen to be
system-specific, and can't reliably be used on another computer's
configuration.) Booting with these should also gain you access to any locked
files you may need to zap and replace. Once created, it is a good idea to
keep the emergency W98 boot diskettes with the Write Protect tab ON -- just as
you do with an emergency diskette set made by your antiviral program -- in
order to be sure any virus or Trojan does not migrate to them.
Hope this helps.