[alan2home]

New to forum - My main PC (NT 4 SP6) got a hostage virus yesterday (PSGuard) and Norton found it (oleext32.dll) but was unable to remove it.

Found your site (it's great!) and started following your instructions on the "Start Here" page. Installed and ran Ad-Aware and SpyBot. Cleanup wouldn't run (couldn't find an "entry point" - not sure it runs on NT). Ewido definitely does not run on NT. I tried a couple of other things on the page as well. Such as HijackThis.

I then tried to reboot. I get the ominous blue screen which reads:

STOP {Bad Image Checksum}
The image WININET.DLL is possibly corrupt. The header checksum does not match the computed checksum.

It then goes on to tell me to restart and set the recovery options in the control panel or the /CRASHDEBUG system start option.

Whatever that means.

So basically I have an important (to me) Win NT box that I can not get to boot (though I have tried a couple times) and is seemingly infected.

Anybody got a suggestion, advice, recipe for recovery? I'd truly be grateful for any help.

Alan

Edited by alan2home, 23 July 2005 - 09:23 PM.

[Advertisements]

Do you have another machine with NT4.0, same version? If you have one you can download the files to a boot floppy, if they're not too large, amd copy them to the right folder in ms-dos mode. When the A:\> prompt comes up just add

copy A:\file.dll C:\ windows\system\

I'm assuming they go in system.

You may have to do it in more than one step. It won't get rid of the virus but you may be able to boot up.

You can also delete

del C:\windows\system\oleext32.dll

Edited by Tyger, 23 July 2005 - 09:35 PM.

[Tyger]

Do you have another machine with NT4.0, same version? If you have one you can download the files to a boot floppy, if they're not too large, amd copy them to the right folder in ms-dos mode. When the A:\> prompt comes up just add

copy A:\file.dll C:\ windows\system\

I'm assuming they go in system.

You may have to do it in more than one step. It won't get rid of the virus but you may be able to boot up.

You can also delete

del C:\windows\system\oleext32.dll

Edited by Tyger, 23 July 2005 - 09:35 PM.

[gerryf]

first, is your file system ntfs? or fat16?

Odds are you cannot use DOS to copy the file over.

[gerryf]

Dang, it's been so long since I have looked at a winnt box, I cannot even think straight on this one.....I cannot recall....I think you can do an inplace installation right on top of the previous version (install to c:\winnt) and all programs remain intact....certainly all your data should.....

[alan2home]

Thanks qerryf and Tyger.... I'll give those suggestions a try.
A friend at work said something about "repair" being an option when trying the NT disk....

Hopefully I can find time to get at it tomorrow night.

[alan2home]

Well.... the Repair option from the NT install disks did not work.... never overwrote the wininet.dll....

Now on to try other things.

[gerryf]

man was looking all over for this thread the other day....if you haven't solved this, please post back....I'm going to bookmark it this time.

You should be able to expand winnet.dll from the winnt cd and overwrite the bad one.....