EdmondClay
asked on
lkssys64.dll is corrupt can't find on install disk
I ran sfc and it came up lkssys64.dll is corrupt but it refuses to find a fresh copy on the installation disk Win98SE...i am trying to fix the defrag.exe which is not operating correctly. In safe mode will I be in dos and will I use the command "chkdsk c: /f" ? Thanks.
Sounds to me asif your windows cant recognise the file it could be there. Try reinstalling windows again make sure you back up your files
ASKER
Here's the code from the file...maybe that will help...thanks.
MZ 8 @ H : 4 M!8LM!This program cannot be run in DOS mode.
$ 1Iu(hTu(hTu(hTu(iTb(hT,{T(hT_ nTt(hTu(hTq(hTRichu(hT PE L C8 ` # , 0
r
` Ua 7 d @ P p f2hV3BO6ff1LinB+lwxCA472Yp rCicWuHYAi K5EQ fFvqkVmXr9+EM6K9gqkMPRKwLf eXLhivCO0W ueLm.data Hnn0hsHcVz9Eyq50SzUTCcfg1+ hXir2dF1zI pOlT @ GUmnbzf8YIhr+525VUXaSbJcwG 6ALOUhF7IN IChK GUmnYcV7hX1hVh3P5psjLlXEed yEDSMeHr27 DyQA4PD8O Gh2rEXftpiI9SnJWzv6Fv6QrLo xVbYUBXJ4Z 7IhC32.dll KERNEL32.dll "Itwp#twStw+uwo+uwi/uw</ uw}/uwEtw Ltwptw `wxwL*xwhwIiw}*xw[ViwKViwIiw tGawHawaw axw 9+8 9+8 ! 9+8 " 9+8 ~'EnumDisplayDevicesW user32.dll D i s p l a y
r
r
r
rD$h tHuh 0
r8
rkh 0
r0
r0B UllP SVWjP\
rx E|3[SSSh
rkqht
rD
rh`
rPH
r3[ Ex;Ct@3v9]|v99R 3@=0|Ss+0|G0|H PVSUx@tvt}u
F;u|rG3@_^[ICS4|SPS
rkit$
rB j|XB Ulll EM|SVW3h| j@ 8L
rp;w ut uF4 ExPhK @n EpPuxh1 @ WWWWWE`WPt PD P~Puxh| @Q Et >j>( Y5$~s% , \ ( MxGD l f0~Pf x f,~f z 4~ t hp @* utj$ Phk @ GH =D~w3@ Ck GC 3@GC H~ KL~ KP~ K,~ K0~ K4~ K D~ C(f C,f C. C0 C4 C8 C< C@ CDE K$ 3@k4VhM ut3uxh? kGE||V<
rkGE|tE 8E|_^[IB GE||kGUll UVWj$ Y E3@=|js+l ^ Eh|vH ElE EpP G|l uGEd utGEx@ E|t@tMhQP;Fu
}x uFk3@_^IB UllEGEx@ l vx Mp$ Mt| M|tItEpPQxu}x t3@IB j|XB( VW? 0
rW4
rjj@L
rp3@;ptL$ F N F F!0
r 50
rW@
rF_^B SV; 0
rWS4
r!0
rt$;Fu #0
rk@t;NtAkr v=<
rWVWS@
r_^[B SVt$3[W9^tLSSv ^ ^hw x;{t6F;CtP<
rWSL
r;C FtPWvhJ ;Gt;{txkM ~N3@9L$sAk;Ktv|$AjAis%HXas$_^[B D$@B VWt$3X
rpvtt$t$Vh Vxt$T
rG_^B V3@WPPPP
rpjVt$(
rt$t$V$
rVx
rG_^B 3@B Uljh
rh$
rd! Pd % QQl@SVW ehMX}7Lv3I M|9tM|j}XiL F E,$ E0GE4 ] ]8E E<US U@UP UD MTh 0
r4
rE,P }Lvtm}Lvu%j$ PhS !0
r E\@tG@ knh 0
r@
r}Lvt }LBvulF E(MdQPh @u GEXpkOVh @u&Vhm|VhX|@tj$ PhZ @JG GEX}Vh:|@tu(h- }L u&fg, G /EMH+HG$Ah/C+H O(GEX M|EXk
jXCehH E|Mpd
_^[IB UllL VW3uWWWWWWWW4~WPFPh= @t<L ;L~u.P ;P~u T ;T~uX ;d~u3@kjX_^IB Uljh
rh$
rd! Pd % QQlSVW ehue| >Lv u,Pv EXp~ E\? 0
rW4
rEXPVXW@
rff, f( kjXCehM|Mpd
_^[IB UllE@t[8Lv V0LvuCl GEx@ vx Ep$ Et| E|t@tMpQPxu FPh} V<
r^IB j|XB j|XB j|XB j|XB LLLUlSVWUj j hD
ruh8 ]_^[e]CL$wA 8 tD$T$ 8 CSVWD$Pj~hL
rd5 d % D$ Xp~t.;t$$t(4v3 L$ H|3 uh D3h@ T3kCd D_^[C3@d
yL
ruQR9Qu8 CSQ; 0
rk
SQ; 0
rM K C kY[B LLVC20XC00UllSVWU|]Ew@ ExE E|Ex C|s{~tav| tEVUkT]^]@t3x<{Sh)~DkVSh^~DvjDha CT{v4k!8 k8 kUkjSh~D]8 ]_^[e]CUL$)APAPhy~D]B %d
r%
r%
r%
r%
r%
rh | d X N T 4 ~ 0 * 6 B P \ l | Z f r 4 N @ : F & p RtlUnwind ntdll.dll - CreateDCW Q DeleteDC W GdiEntry3 Z GdiEntry6 V GdiEntry2 O GdiEntry10 N GdiEntry1 T DeleteObject dGetRegionData bGetRandomRgn I CreateRectRgn GDI32.dll IGetSystemMetrics ReleaseDC GetDC USER32.dll Z DeleteCriticalSection EInitializeCriticalSectio n SGetProcAddress :GetModuleHandleA iLocalFree eLocalAlloc ^LeaveCriticalSection o EnterCriticalSection KERNEL32.dll }+8 8 X v R % U # @
# u | X
- @ Q b m u
) ; M ] q + :
DCIMAN32.dll DCIBeginAccess DCICloseProvider DCICreateOffscreen DCICreateOverlay DCICreatePrimary DCIDestroy DCIDraw DCIEndAccess DCIEnum DCIOpenProvider DCISetClipList DCISetDestination DCISetSrcDestClip GetDCRegionData GetWindowRegionData WinWatchClose WinWatchDidStatusChange WinWatchGetClipList WinWatchNotify WinWatchOpen 0 H `@ @ @4 V S _ V E R S I O N _ I N F O =o~ ? S t r i n g F i l e I n f o | 0 4 0 9 0 4 B 0 L C o m p a n y N a m e M i c r o s o f t C o r p o r a t i o n @ F i l e D e s c r i p t i o n D C I M a n a g e r 8 F i l e V e r s i o n 5 . 0 0 . 2 1 8 0 . 1 2 I n t e r n a l N a m e d c i m a n 3 2 t ( L e g a l C o p y r i g h t C o p y r i g h t ( C ) M i c r o s o f t C o r p . 1 9 8 1 - 1 9 9 9 : O r i g i n a l F i l e n a m e d c i m a n 3 2 ~ / P r o d u c t N a m e M i c r o s o f t ( R ) W i n d o w s ( R ) 2 0 0 0 O p e r a t i n g S y s t e m < P r o d u c t V e r s i o n 5 . 0 0 . 2 1 8 0 . 1 D V a r F i l e I n f o $ T r a n s l a t i o n 0 11$1(191?1F1L1e1w1~11 11p1|1)2O3[4b4l4 555&5.535B5_5k5#5+5656J 6Y6h6q6667767M7S7 8%8e8l8z8989y9b:|::~;;
;;;;
dll\dciman32.dbg lib\i386\dciman32.dll
MZ 8 @ H : 4 M!8LM!This program cannot be run in DOS mode.
$ 1Iu(hTu(hTu(hTu(iTb(hT,{T(hT_ nTt(hTu(hTq(hTRichu(hT PE L C8 ` # , 0
r
` Ua 7 d @ P p f2hV3BO6ff1LinB+lwxCA472Yp
r
r
r
rD$h tHuh 0
r8
rkh 0
r0
r0B UllP SVWjP\
rx E|3[SSSh
rkqht
rD
rh`
rPH
r3[ Ex;Ct@3v9]|v99R 3@=0|Ss+0|G0|H PVSUx@tvt}u
F;u|rG3@_^[ICS4|SPS
rkit$
rB j|XB Ulll EM|SVW3h| j@ 8L
rp;w ut uF4 ExPhK @n EpPuxh1 @ WWWWWE`WPt PD P~Puxh| @Q Et >j>( Y5$~s% , \ ( MxGD l f0~Pf x f,~f z 4~ t hp @* utj$ Phk @ GH =D~w3@ Ck GC 3@GC H~ KL~ KP~ K,~ K0~ K4~ K D~ C(f C,f C. C0 C4 C8 C< C@ CDE K$ 3@k4VhM ut3uxh? kGE||V<
rkGE|tE 8E|_^[IB GE||kGUll UVWj$ Y E3@=|js+l ^ Eh|vH ElE EpP G|l uGEd utGEx@ E|t@tMhQP;Fu
}x uFk3@_^IB UllEGEx@ l vx Mp$ Mt| M|tItEpPQxu}x t3@IB j|XB( VW? 0
rW4
rjj@L
rp3@;ptL$ F N F F!0
r 50
rW@
rF_^B SV; 0
rWS4
r!0
rt$;Fu #0
rk@t;NtAkr v=<
rWVWS@
r_^[B SVt$3[W9^tLSSv ^ ^hw x;{t6F;CtP<
rWSL
r;C FtPWvhJ ;Gt;{txkM ~N3@9L$sAk;Ktv|$AjAis%HXas$_^[B D$@B VWt$3X
rpvtt$t$Vh Vxt$T
rG_^B V3@WPPPP
rpjVt$(
rt$t$V$
rVx
rG_^B 3@B Uljh
rh$
rd! Pd % QQl@SVW ehMX}7Lv3I M|9tM|j}XiL F E,$ E0GE4 ] ]8E E<US U@UP UD MTh 0
r4
rE,P }Lvtm}Lvu%j$ PhS !0
r E\@tG@ knh 0
r@
r}Lvt }LBvulF E(MdQPh @u GEXpkOVh @u&Vhm|VhX|@tj$ PhZ @JG GEX}Vh:|@tu(h- }L u&fg, G /EMH+HG$Ah/C+H O(GEX M|EXk
jXCehH E|Mpd
_^[IB UllL VW3uWWWWWWWW4~WPFPh= @t<L ;L~u.P ;P~u T ;T~uX ;d~u3@kjX_^IB Uljh
rh$
rd! Pd % QQlSVW ehue| >Lv u,Pv EXp~ E\? 0
rW4
rEXPVXW@
rff, f( kjXCehM|Mpd
_^[IB UllE@t[8Lv V0LvuCl GEx@ vx Ep$ Et| E|t@tMpQPxu FPh} V<
r^IB j|XB j|XB j|XB j|XB LLLUlSVWUj j hD
ruh8 ]_^[e]CL$wA 8 tD$T$ 8 CSVWD$Pj~hL
rd5 d % D$ Xp~t.;t$$t(4v3 L$ H|3 uh D3h@ T3kCd D_^[C3@d
yL
ruQR9Qu8 CSQ; 0
rk
SQ; 0
rM K C kY[B LLVC20XC00UllSVWU|]Ew@ ExE E|Ex C|s{~tav| tEVUkT]^]@t3x<{Sh)~DkVSh^~DvjDha CT{v4k!8 k8 kUkjSh~D]8 ]_^[e]CUL$)APAPhy~D]B %d
r%
r%
r%
r%
r%
rh | d X N T 4 ~ 0 * 6 B P \ l | Z f r 4 N @ : F & p RtlUnwind ntdll.dll - CreateDCW Q DeleteDC W GdiEntry3 Z GdiEntry6 V GdiEntry2 O GdiEntry10 N GdiEntry1 T DeleteObject dGetRegionData bGetRandomRgn I CreateRectRgn GDI32.dll IGetSystemMetrics ReleaseDC GetDC USER32.dll Z DeleteCriticalSection EInitializeCriticalSectio
# u | X
- @ Q b m u
) ; M ] q + :
DCIMAN32.dll DCIBeginAccess DCICloseProvider DCICreateOffscreen DCICreateOverlay DCICreatePrimary DCIDestroy DCIDraw DCIEndAccess DCIEnum DCIOpenProvider DCISetClipList DCISetDestination DCISetSrcDestClip GetDCRegionData GetWindowRegionData WinWatchClose WinWatchDidStatusChange WinWatchGetClipList WinWatchNotify WinWatchOpen 0 H `@ @ @4 V S _ V E R S I O N _ I N F O =o~ ? S t r i n g F i l e I n f o | 0 4 0 9 0 4 B 0 L C o m p a n y N a m e M i c r o s o f t C o r p o r a t i o n @ F i l e D e s c r i p t i o n D C I M a n a g e r 8 F i l e V e r s i o n 5 . 0 0 . 2 1 8 0 . 1 2 I n t e r n a l N a m e d c i m a n 3 2 t ( L e g a l C o p y r i g h t C o p y r i g h t ( C ) M i c r o s o f t C o r p . 1 9 8 1 - 1 9 9 9 : O r i g i n a l F i l e n a m e d c i m a n 3 2 ~ / P r o d u c t N a m e M i c r o s o f t ( R ) W i n d o w s ( R ) 2 0 0 0 O p e r a t i n g S y s t e m < P r o d u c t V e r s i o n 5 . 0 0 . 2 1 8 0 . 1 D V a r F i l e I n f o $ T r a n s l a t i o n 0 11$1(191?1F1L1e1w1~11 11p1|1)2O3[4b4l4 555&5.535B5_5k5#5+5656J
;;;;
dll\dciman32.dbg lib\i386\dciman32.dll
ASKER
The experts at WinDrivers.com have suggested that the above corrupt code is perhaps a virus. Comparing the above code to the below file DCIMAN32.dll which is indicated in the corrupt file shows a whole lot of extra code. I plan to notify the appropriate authorities in the event that we conclude that there is virus behaviour here. Should I post this question at a different forum? Thanks guys!
MZ 8 @ : 4 M!8LM!This program cannot be run in DOS mode.
$ PE L _! 7 ` !<
~ ` l 0 ( @ P ` p0 H .text | `.data @ @.idata \ 0 0 @ @.rsrc @ @ @ @.reloc P P @ B 32-bit DCIMAN D$Vt$VPh ~h ~hn @u3@^B 8 ^B LLLVWjHj@t0~xu
8t_^B D$WPGH hk pv}W0~F_^B D$ 8F_^B LLSVt$0WjTj@G t0~xu8t_^[B( D$0WL$0PT$0QD$0RL$0PT$0QD$0RL$0PT$0QRGT h
X[}W0~C_^[B( C >_^[B( SVt$WjPj@G t0~xu8t_^[B D$WL$PQGP hq X[}W0~C_^[B C >_^[B LLLVt$VhR V0~^B LLLLLLLLLL3@B LLLZh)~h ~Ri_ dcithk_ThunkData16 @ ~` ~1UlQl<<~7@IC1UlQl<fuhz P<~hs IB 1UlQl<fuuuuuuu u$u(E,h$ U,P<~M,h IB( 1UlQl<fuh Ph P<~h h
IB f9@~lfuuvuVk}8WMl@9 -f+b{uvuVk}0WMl9 -f+b{uuhs ?Xi} 1k1
UlQl<h} P<~hw IB 1
UlQl<h_ Pfufufufu<~hH IB 1 UlQl<h0 P<~h) IB 1UlQl<h Ph P<~h h IB f9@~luvtvvFuvtvvFhG PuvuVk}8WMl9 -f+b{uvuVk}0WMl9 -f+b{he ?Xh i^ f9@~luvtvvFuvtvvFhN PuvuVk}8WMl9 -f+b{uvuVk}0WMl9 -f+b{h4 Phf 7Xh h' i` 1UlQl<fu<~7@IB 1k1UlQl<fu<~IB f9@~luvtvvFfuuvuVk}8WMl9 -f+b{fuh# PhU 7Xh iT 1UlQl<fu<~IB 1 k1UlQl<fuuhS P<~A`,PhF IB %x0~%|0~%0~%0~% 0~%0~%0~%p0~%0~%0~% 0~%$0~%(0~%,0~%00 ~LL ~F5 8 h k ~ @ p I m D 9 c \ z l ` ! 0 A T e v . = O a o ! 9 M \ i
DCIMAN32.dll DCIBeginAccess DCICloseProvider DCICreateOffscreen DCICreateOverlay DCICreatePrimary DCIDestroy DCIDraw DCIEndAccess DCIEnum DCIOpenProvider DCISetClipList DCISetDestination DCISetSrcDestClip DllEntryPoint GetDCRegionData GetWindowRegionData WinWatchClose WinWatchDidStatusChange WinWatchGetClipList WinWatchNotify WinWatchOpen dcithk_ThunkData32 dciman.dll dciman32.dll LS01x% LB01 $ D LLLLLLLLLLLLLLLLLLLLLLLLLL LLLLLLLLLL LLLLLLLLLL LLLLLLLLLL LLLLLLLL (0 3B7N1 p0 *1 D0 R0 ^0 j0 v0 1 1 1 80 >1 R1 h1 |1 1 &1 <1 ww?4Hw?`)w?,w?),w?A,w?w?w?7w?PIw?<w?|w?2w?rw?-w?mw?>.w? :LocalFree 6LocalAlloc FT_Thunk FT_Exit12 FT_Exit16 FT_Exit20 SMapLS $SUnMapLS #SMapLS_IP_EBP_8 -SUnMapLS_IP_EBP_8 SMapLS_IP_EBP_12 %SUnMapLS_IP_EBP_12 SMapLS_IP_EBP_16 &SUnMapLS_IP_EBP_16 SMapLS_IP_EBP_20 'SUnMapLS_IP_EBP_20 ThunkConnect32 KERNEL32.dll ~F5 ~F5 0 ~F5 H `@ @ @4 V S _ V E R S I O N _ I N F O =o~ N N ? 0 S t r i n g F i l e I n f o | 0 4 0 9 0 4 E 4 ` C o m p a n y N a m e I n t e l ( R ) C o r p . , M i c r o s o f t C o r p . J F i l e D e s c r i p t i o n D C I M a n a g e r 1 . 0 0 4
F i l e V e r s i o n 4 . 0 3 . 1 9 9 8 6 I n t e r n a l N a m e d c i m a n . d l l 5 L e g a l C o p y r i g h t C o p y r i g h t ( c ) 1 9 9 2 - 1 9 9 8 I n t e l / M i c r o s o f t C o r p o r a t i o n . > O r i g i n a l F i l e n a m e d c i m a n . d l l D P r o d u c t N a m e M i c r o s o f t W i n d o w s 8
P r o d u c t V e r s i o n 4 . 0 3 . 1 9 9 8 D V a r F i l e I n f o $ T r a n s l a t i o n d ` 0!0H0v0#0z0#1W1~111<1@1O1m1.2Z2s2^23+3P3i3b3o444{4 565<5B5H5N5T5Z5`5f5l5r5x5~ 55
5
MZ 8 @ : 4 M!8LM!This program cannot be run in DOS mode.
$ PE L _! 7 ` !<
~ ` l 0 ( @ P ` p0 H .text | `.data @ @.idata \ 0 0 @ @.rsrc @ @ @ @.reloc P P @ B 32-bit DCIMAN D$Vt$VPh ~h ~hn @u3@^B 8 ^B LLLVWjHj@t0~xu
8t_^B D$WPGH hk pv}W0~F_^B D$ 8F_^B LLSVt$0WjTj@G t0~xu8t_^[B( D$0WL$0PT$0QD$0RL$0PT$0QD$0RL$0PT$0QRGT h
X[}W0~C_^[B( C >_^[B( SVt$WjPj@G t0~xu8t_^[B D$WL$PQGP hq X[}W0~C_^[B C >_^[B LLLVt$VhR V0~^B LLLLLLLLLL3@B LLLZh)~h ~Ri_ dcithk_ThunkData16 @ ~` ~1UlQl<<~7@IC1UlQl<fuhz P<~hs IB 1UlQl<fuuuuuuu u$u(E,h$ U,P<~M,h IB( 1UlQl<fuh Ph P<~h h
IB f9@~lfuuvuVk}8WMl@9 -f+b{uvuVk}0WMl9 -f+b{uuhs ?Xi} 1k1
UlQl<h} P<~hw IB 1
UlQl<h_ Pfufufufu<~hH IB 1 UlQl<h0 P<~h) IB 1UlQl<h Ph P<~h h IB f9@~luvtvvFuvtvvFhG PuvuVk}8WMl9 -f+b{uvuVk}0WMl9 -f+b{he ?Xh i^ f9@~luvtvvFuvtvvFhN PuvuVk}8WMl9 -f+b{uvuVk}0WMl9 -f+b{h4 Phf 7Xh h' i` 1UlQl<fu<~7@IB 1k1UlQl<fu<~IB f9@~luvtvvFfuuvuVk}8WMl9 -f+b{fuh# PhU 7Xh iT 1UlQl<fu<~IB 1 k1UlQl<fuuhS P<~A`,PhF IB %x0~%|0~%0~%0~%
DCIMAN32.dll DCIBeginAccess DCICloseProvider DCICreateOffscreen DCICreateOverlay DCICreatePrimary DCIDestroy DCIDraw DCIEndAccess DCIEnum DCIOpenProvider DCISetClipList DCISetDestination DCISetSrcDestClip DllEntryPoint GetDCRegionData GetWindowRegionData WinWatchClose WinWatchDidStatusChange WinWatchGetClipList WinWatchNotify WinWatchOpen dcithk_ThunkData32 dciman.dll dciman32.dll LS01x% LB01 $ D LLLLLLLLLLLLLLLLLLLLLLLLLL
F i l e V e r s i o n 4 . 0 3 . 1 9 9 8 6 I n t e r n a l N a m e d c i m a n . d l l 5 L e g a l C o p y r i g h t C o p y r i g h t ( c ) 1 9 9 2 - 1 9 9 8 I n t e l / M i c r o s o f t C o r p o r a t i o n . > O r i g i n a l F i l e n a m e d c i m a n . d l l D P r o d u c t N a m e M i c r o s o f t W i n d o w s 8
P r o d u c t V e r s i o n 4 . 0 3 . 1 9 9 8 D V a r F i l e I n f o $ T r a n s l a t i o n d ` 0!0H0v0#0z0#1W1~111<1@1O1m1.2Z2s2^23+3P3i3b3o444{4 565<5B5H5N5T5Z5`5f5l5r5x5~
5
If you look carefully at the code you will see it has an internal name of dciman.dll.
This is a driver file for QuickTime Video.
Have you tried renaming the file and seeing what happens yet?
This is a driver file for QuickTime Video.
Have you tried renaming the file and seeing what happens yet?
Gh2rEXftpiI9SnJWzv6Fv6QrLo xVbYUBXJ4Z 7IhC32.dll
hm.. it appears to have references to a dll with that name
perhaps it unpacks that and tries to execute it
its data section appears to be
fFvqkVmXr9+EM6K9gqkMPRKwLf eXLhivCO0W ueLm.data
it appears to be a polymorphic virus..
DeleteCriticalSection ÅInitializeCriticalSectio n SGetProcAddress :GetModuleHandleA éLocalFree åLocalAlloc ÞLeaveCriticalSection o EnterCriticalSection
those calls seem to suggest that it injects itself into running processes
and attempts to initiate the code for that dll
hm.. it appears to have references to a dll with that name
perhaps it unpacks that and tries to execute it
its data section appears to be
fFvqkVmXr9+EM6K9gqkMPRKwLf
it appears to be a polymorphic virus..
DeleteCriticalSection ÅInitializeCriticalSectio
those calls seem to suggest that it injects itself into running processes
and attempts to initiate the code for that dll
ASKER
I've forwarded the code to several virus check sites and should have some feedback in a day or two. I also noticed that when I loaded the code into an html format it showed a couple of links which are further curious. Here are the links:
mailto:ÌÌÌVWjHj@ÿt0~<ø.ÿ u
mailto:t$0WjTj@Ç
curiouser, and curiouser....
mailto:ÌÌÌVWjHj@ÿt0~<ø.ÿ
mailto:t$0WjTj@Ç
curiouser, and curiouser....
oh no thats only because of the @ signs
browsers like to define links for you :D
browsers like to define links for you :D
ASKER
I dl'd an evaluation copy of vexira av and lo and behold we did find TR\FlashKiller.B virus which supposedly destroyed a file canonbj/itp.exe. I have forwarded the report to VAV for evaluation as it may only be a false positive...thanks for the feedback on the mailto:...
i had a run in with that one too.. it took a liking to explorer.exe.. ick
flashkiller is a very nasty one.. hopefully its false positive heh
flashkiller is a very nasty one.. hopefully its false positive heh
ASKER
thanks. the file that it destroyed was canonbj\itp.exe I am wondering if any itp.exe file that is fresh and uninfected could be inserted back into the canonbj directory and be considered repaired. Canon is useless on support and I found a copy of ITP.EXE available from a site that makes it available for developers and database engineers. I understand that it is an "Intelligent Whatever I can't find nor remember the original information" executable. The infected file was 152kb and the fresh file is 34kb so I guess there is some, ahem, additional code in there...Well I stuck it in the canonbj file after extracting, av checking it, and I guess it will work, although I cannot tell what the problem was in the first place as my canon bj printer works just fine, ah well...whatever....thanks will get back when I have more in the next day or so...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check out which folder it is in, write down this folder name, and rename the folder to something like unknown. No dll extension.
Reboot and see if they system runs. If it doesn't then boot up in dos and rename it back.
When you boot up in safe mode you are still in the GUI and you run scandisk and then defrag.
No need to drop into DOS mode and run chkdsk.
To get into the various modes, Normal, Safe Mode and Dos (Command Prompt), tap the F8 key on startup until you are given a menu to choose from.