[rootkits-r-evil]

For what it's worth, I copied hal.dll from the good PC and the copy is on my thumb drive right now.


(I can't help but think of Stanley Kubrick here.)

[Advertisements]

"Find the hal.dll file on the good PC.
Copy it to the USB drive.
Move it to the bad.
Copy from the usb drive to C:\hal.dll"


Hah! For once I was ahead of you. I was typing that I was doing that very thing while you were suggesting it.


"Boot into the Recovery console. Select C:

Type:

copy E:\hal.dll c:\Windows\System32\hal.dll"

I'll try. Not sure where to "select C", but I'll try....

[rootkits-r-evil]

"Find the hal.dll file on the good PC.
Copy it to the USB drive.
Move it to the bad.
Copy from the usb drive to C:\hal.dll"


Hah! For once I was ahead of you. I was typing that I was doing that very thing while you were suggesting it.


"Boot into the Recovery console. Select C:

Type:

copy E:\hal.dll c:\Windows\System32\hal.dll"

I'll try. Not sure where to "select C", but I'll try....

[RKinner]

remember when you booted into the Recovery Console it asked you which windows you wanted. C or E?

It might be best to back up the file first:

copy c:\Windows\System32\hal.dll c:\Windows\System32\hal.old

Ron

[rootkits-r-evil]

I did exactly as you said, it came back with "The system cannot find the file specified".

[rootkits-r-evil]

" Find the hal.dll file on the good PC.
Copy it to the USB drive.
Move it to the bad.
Copy from the usb drive to C:\hal.dll

Boot into the Recovery console. Select C:

Type:

copy E:\hal.dll c:\Windows\System32\hal.dll"

I missed that part. Should I do it now, even though I got the "file not found"?

[rootkits-r-evil]

What makes us think our pal hal.dll is in the mystery, "E" drive? Remember how there wasn't much on that drive? I bet there is a folder called "windows", but I am not sure there is much in there- except what the virus needs. I'm not the expert, but I'm just sayin,...

[RKinner]

You can look from the Recovery Console.

Select E:

Then

cd \windows\system32

dir hal.dll

repeat for C:

There has to be a hal.dll somewhere or it couldn't boot.

Probably one in \windows\system32\dllcache

[rootkits-r-evil]

You can look from the Recovery Console.

Select E:

Then

cd \windows\system32

dir hal.dll

repeat for C:

There has to be a hal.dll somewhere or it couldn't boot.

Probably one in \windows\system32\dllcache


I just looked in the C:\windows\system32 folder directly. There it is, but the funny thing is, it's in all capitol letters, it's "HAL.DLL"

Does that matter?


To me, it looks suspicious like that, as if it's a fake hal. Like the virus killed the real one and installed that instead.

[rootkits-r-evil]

I understand that the problem is replacing "Bad Hal" with a good one while the machine is running. It needs it to run so you can't do that. But what about booting up with the Hiren CD? Can I boot with that and then transfer a good copy from the thumb drive?

[RKinner]

It's possible. Depends on if the mini XP will recognize your hard drive. Give it a shot.

[rootkits-r-evil]

Hmmmm. Does this matter? I looked closely at Good Hal, from the "Good PC", ("hal.dll" with the small letters)

, and Bad Hal, from the infected machine, "HAL.DLL". If you look, the size is different.



Good Hal

size: 131 KB (134,400 bytes)
size on disk: 132 KB (135,168 bytes)


Bad Hal

size: 131 KB (134,272 bytes)
size on disk: 132 KB (135,168 bytes)


Notice that the size of Bad Hal is a little smaller.

[rootkits-r-evil]

"It's possible. Depends on if the mini XP will recognize your hard drive. Give it a shot. "

Will do.

[rootkits-r-evil]

I was able to save a copy of bad hal, then replace with good hal, Tried to reboot, and I got caught in that loop, had to pop the disk out,.

Then I didn't switch to "Good Windows" fast enough, so It's rebooting off bad windows. Will

lather, rinse, repeat, to good windows. hold on...

[rootkits-r-evil]

$hit.

Booted into "good Windows", got the same error message. "hal.dll" is corrupt.

I'm out of ideas. But the good news is- I'm the expert who comes up with the good ideas. :-)

So I'm going to sit back and wait for you to have a stroke of genius here. I'm counting on you. I know you can do it.

[rootkits-r-evil]

seems to me the answer is staring us in the face.