[Metallica]

Copy & paste the part in bold below into notepad and save it as C:\repwininet.bat

cd\
copy /y C:\WINDOWS\ServicePackFiles\i386\WININET.dll C:\WINDOWS\system32\WININET.dll /v
exit

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight CommandPrompt only

In the resulting command prompt type repwininet.bat behind the C:> prompt to execute that file.

[Advertisements]

I tried it twice to make sure I got everything spelled properly and still failure. I get the response :

'repwininet.bat' is not recognized as an internal or external command,operable program, or batch file.

It may be that I don't have just a "C:\" prompt it appears as this:

C:\Documents and Setting\KEN GRESHAM>

Or something like that.

[Azureflame]

I tried it twice to make sure I got everything spelled properly and still failure. I get the response :

'repwininet.bat' is not recognized as an internal or external command,operable program, or batch file.

It may be that I don't have just a "C:\" prompt it appears as this:

C:\Documents and Setting\KEN GRESHAM>

Or something like that.

[Metallica]

If you saved repwininet.bat directly to C:
the command needs to be given behind the C:> prompt

To get there from any other prompt use cd\

Regards,

[Azureflame]

Ok I did that. After the command is given the command prompt closed leaving just a black "safe Mode" screen. I rebooted the machine and *blink* still have bad doggy message

[Metallica]

Now I'm curious what we're dealing with.

Can you surf to http://virusscan.jotti.org/
and upload that file there.
Let me know the results.

I'll tell you why. Bloodhound is what Norton uses to describe unknown viruses.
That means it didn't recognize the file as a known virus, but it did see suspicious behavior.
Maybe one of the other scanners at jotti can give us the name of the virus, so we can go look for a custom-fix.

Regards,

[Azureflame]

Ok I uploaded the file "wininet.dll" and I got the message "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file". This machines not running behind a firewall afaik. I also uploaded another file I found there C:\Windows\system32\WININET(3).dll and no viri were found.

[Metallica]

Hang on a sec.

There is a file called C:\Windows\system32\WININET(3).dll ?

That usually means there are (or were) several

Can you try deleting them and let me know which one does not want to go peacefully?

If you succeed in deleting them all, do not reboot, but click start > run > cmd > OK

In the command prompt type:
sfc /scannow Note: there is a space behind sfc

Regards,

[Azureflame]

WININET(3).DLL went bye bye but the wininet.dll was access denied. Not sure if it matters but one is in caps the other is not. Also their creation dates were in '02 and '04.

[Metallica]

They have long ago found ways to falsify the dates of creation.

And Windows is insensitive to caps or undercast.

Do you have bootfloppies or an original XP CD?

I think it's time for drastic measures.

Regards,

[Azureflame]

Yep I have reinstall CD for XP

[Metallica]

OK. We will be using the Recovery Console:
http://support.micro...kb;EN-US;314058

Once you are in the Console itself these are the commands we will use:

attrib -s -r -h C:\Windows\system32\WININET.dll
this will strip the file of the atributes that are stopping us from deleting it the normal way
del C:\Windows\system32\WININET.dll
this will delete the file
COPY C:\WINDOWS\ServicePackFiles\i386\WININET.dll C:\WINDOWS\system32\WININET.dll
to replace the file we deleted
EXIT
To reboot back to normal. Remove the CD before you use it

Print the above and the microsoft article I linked to could be usefull as well.

Regards,

[Azureflame]

Sorry for the delay...had to actually work for a minute. How do I get the puter to boot from the CD? When I restart with the CD in it just starts normally. I used to know how to enter setup and make it go through the CD first but I have forgotten Talk sloooowly to the monkey behind the computer

[Metallica]

Depends on the settings of your computer.
Usually you need to change the boot order in the BIOS to make your computer boot from CD.
Since this is very dependent on the brand of the computer I can only give you some general guidelines.

1. Boot your machine.
2. While the machine is booting, watch the bottom of the screen for a prompt that tells you how to access the BIOS. Generally, you’ll need to press <Del>, <ESC>,<F1>, or <F10>.
Sometimes these prompts are hidden by a manufacturers screen so try using those keys even if you don't see a prompt.
3. From the BIOS screen, choose the Boot menu.
The boot devices will be listed.

4. Change the CD or DVD drive to be the first boot device in the list.

5. Save the changes and exit the BIOS setup.

Regards,

[Azureflame]

Hmm unfortunately he doesn't know his admin password...go figure. I'll look for it. Any ideas?

btw I did get the thing to boot from CD. I knew it was something like that (f12) but [bleep] Dell just blipped past the screen with that info with their big blue proprietary crapola...esc revealed it however.

[Metallica]

On many XP installations you can't start the Recovery Console because it won't recognize your password or because a password was never issued. This registry edit causes the Recovery Console not to ask for a password. This works for both XP Home and XP Professional.

Copy the part in bold below into notepad and save it as burglar.reg

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
"SecurityLevel"=dword:00000001

Doubleclick the file and confirm you want to merge it with the registry.

Regards,