Help identify deleted files due to bad update

Discussion in 'Trojan Defence Suite' started by Buckyball, Jul 13, 2004.

Thread Status:
Not open for further replies.
  1. Buckyball

    Buckyball Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    3
    I too was the victim of the bad update. I was successful in downloading another update however, I was not smart enough to not delete some important files. I think the files I deleted are showing up in the new Trojan scan as missing files, as follows.

    16:42:13 [CRC32] File doesn't exist: C:\WINDOWS\System\cmd.exe
    16:42:14 [CRC32] File doesn't exist: C:\WINDOWS\System\netstat.exe
    16:42:14 [CRC32] File doesn't exist: C:\WINDOWS\System\drwatson.exe
    16:42:15 [CRC32] File doesn't exist: C:\WINDOWS\System\drwtsn32.exe
    16:42:16 [CRC32] File doesn't exist: C:\WINDOWS\System\rundll32.exe
    16:42:17 [CRC32] File doesn't exist: C:\WINDOWS\System\taskman.exe
    16:42:18 [CRC32] File doesn't exist: C:\WINDOWS\System\taskmgr.exe
    16:42:19 [CRC32] File doesn't exist: C:\WINDOWS\System\winlogon.exe
    16:42:21 [CRC32] File doesn't exist: C:\WINDOWS\System\regedt32.exe
    16:42:21 [CRC32] File doesn't exist: C:\WINDOWS\System\netmsg.dll
    16:42:25 [CRC32] File doesn't exist: C:\WINDOWS\System\winsock.dll

    Do you think this could be true? Do you know where I can replace them?

    I did not back up the files I deleted thinking there were trojans embedded within. I thought I was only deleting the embedded file and not the complete file (stupid me). Can you tell me anything about the files shown above? What they do on my computer?

    There are some things that are not working on my computer. Such as not all webpages are displaying that did in the past. I have an AOL account that I access directly or through AOL.com. Accessing through aol.com will show the homepage but will not proceed to the next page when I enter my screenname and password. Likewise, some webpages that were accessable before are coming up as 'page not found'.

    I could go on and on but this is enough for now.

    Thanks,

    Bucky
     
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    well for starters to get the right versions might be a chore. One possibility is to compare the CRC32 hash of candidate versions with the numbers in the CRC32 file that TDS-3 used to check them.

    Doesn't sound like fun to me.
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    You can always try running the System File Checker..

    Make sure you have the Windows CD in the CDROM, then click start, run, and type in:
    "sfc /scannow" for Windows 2000/XP or
    "sfc", and go through the dialogs, for Windows 98

    Of course you leave out the quotes. This is something I do periodically anyway. The only problem I run into with this is that it replaces my graphics driver, I assume because it's not "signed" by Microsoft.
     
    Last edited: Jul 13, 2004
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there!
    Which windows version are you using?
    Did you run TDS longer or is this new for you?
    I mean: the list looks rather familiar with the default list shipping with TDS with some default pathnames, which are different for example with an win ME or win98 system.
    To name an example: the win.9 series doent have files in a system32 directory but in system, and theyre is no cmd.exe but a command.com or command.exe, etc

    Could you do file for file a search in wndows on the filenames if they might be in another location on your system?
    If not, SFC would enable you to find back what is possible for your windows version and put it back default.



    On a sidenote: Notok, could you shorten that line in your signature a little, as it makes the messages wider and therefore a little uneasy to read for people with lower screen resolutions. (need scrolling one and back for it)
     
Thread Status:
Not open for further replies.