Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

NT reboot after infection = blue screen


  • Please log in to reply

#1
alan2home

alan2home

    New Member

  • Member
  • Pip
  • 3 posts
New to forum - My main PC (NT 4 SP6) got a hostage virus yesterday (PSGuard) and Norton found it (oleext32.dll) but was unable to remove it.

Found your site (it's great!) and started following your instructions on the "Start Here" page. Installed and ran Ad-Aware and SpyBot. Cleanup wouldn't run (couldn't find an "entry point" - not sure it runs on NT). Ewido definitely does not run on NT. I tried a couple of other things on the page as well. Such as HijackThis.

I then tried to reboot. I get the ominous blue screen which reads:

STOP {Bad Image Checksum}
The image WININET.DLL is possibly corrupt. The header checksum does not match the computed checksum.


It then goes on to tell me to restart and set the recovery options in the control panel or the /CRASHDEBUG system start option.

Whatever that means.

So basically I have an important (to me) Win NT box that I can not get to boot (though I have tried a couple times) and is seemingly infected.

Anybody got a suggestion, advice, recipe for recovery? I'd truly be grateful for any help.

Alan

Edited by alan2home, 23 July 2005 - 09:23 PM.

  • 0

Advertisements


#2
Tyger

Tyger

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,896 posts
Do you have another machine with NT4.0, same version? If you have one you can download the files to a boot floppy, if they're not too large, amd copy them to the right folder in ms-dos mode. When the A:\> prompt comes up just add

copy A:\file.dll C:\ windows\system\

I'm assuming they go in system.

You may have to do it in more than one step. It won't get rid of the virus but you may be able to boot up.

You can also delete

del C:\windows\system\oleext32.dll

Edited by Tyger, 23 July 2005 - 09:35 PM.

  • 0

#3
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
first, is your file system ntfs? or fat16?

Odds are you cannot use DOS to copy the file over.
  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Dang, it's been so long since I have looked at a winnt box, I cannot even think straight on this one.....I cannot recall....I think you can do an inplace installation right on top of the previous version (install to c:\winnt) and all programs remain intact....certainly all your data should.....
  • 0

#5
alan2home

alan2home

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks qerryf and Tyger.... I'll give those suggestions a try.
A friend at work said something about "repair" being an option when trying the NT disk....

Hopefully I can find time to get at it tomorrow night.
  • 0

#6
alan2home

alan2home

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Well.... the Repair option from the NT install disks did not work.... never overwrote the wininet.dll....

Now on to try other things.
  • 0

#7
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
man was looking all over for this thread the other day....if you haven't solved this, please post back....I'm going to bookmark it this time.

You should be able to expand winnet.dll from the winnt cd and overwrite the bad one.....
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP