[RESOLVED] Replacing virus-infected dll file

Before I do this (having never done it before), please, someone tell me I'm doing the right thing, as follows: Norton Anti-Virus located a virus in wsock32.dll. Norton flagged the file, renamed it wsock32.vir, and left it in the original c:/windows/system folder. The advisal was to replace the original file with a clean copy of wsock32.dll. I have downloaded wsock32.dll from this site. It is in my downloaded files folder. I have removed the wsock32.vir file and placed it on a floppy.

I am now at the following stage of this operation: I see a wsock32.dll in the original folder with size: 40.0KB (40,984 bytes) 49,152 bytes used. I have a "replacement" wsock32.dll on standby with the size notation: 65.0KB (66,560 bytes) 73,728 bytes used [this is the downloaded file]. Do I replace the one with the other? Or did Norton give me a "clean" copy when it created (I guess) wsock32.vir? I don't want to do anything that I'll regret, and I'm new at this. Thank you to anyone who's taken the time to read all this mess.

[cyberhh]

Replace the dll with the new one - first backing up the old one. Just to be safe you could copy the old one to a floppy and run NAV on it to see if it detects a virus again. Then copy the new one and if everything works - great - if not an NAV did not detect another virus in the old one copy it back over the new file.

------------------
Death is lighter than a feather - duty heavier than a mountian.

[KoWind7]

Your best bet is to extract the dll from the OS Cd. This will ensure that the file is not infected (atleast until you get infected with that virus again).

I'm assuming you have the MTX/Matrix virus. The Norton writeup contains details on how to do this.

------------------
-- What? No more Jolt!?!?

If you are using WIN98, just use SFC in safe-mode!

------------------
Is it because light travels faster than sound that some people appear bright until they speak????

[Gabriel]

I think you are all wrong!
Windows Won't let you Replace the file (Because it is in Use!)

The virus is probably SKA/Happy99
According to Mcafee (The BEst Antivirus in the world...)
http://vil.nai.com/vil/virusSummary.asp?virus_k=10144

You should replace the file in Clean Command Prompt Mode!


Guys sorry for Being rude



------------------
*************************
It Works Better if you Plug it in, It Works far better if you Turn it ON!

[Larommi]

Quote:

<font face="Verdana, Arial" size="2">Originally posted by Gabriel:
I think you are all wrong!
Windows Won't let you Replace the file (Because it is in Use!)

The virus is probably SKA/Happy99
According to Mcafee (The BEst Antivirus in the world...)
http://vil.nai.com/vil/virusSummary.asp?virus_k=10144

You should replace the file in Clean Command Prompt Mode!


Guys sorry for Being rude



</font>

Safe mode! Just have to have your .cabs on the HDD. If I remember correctly, Wsock32.dll is not in use unless you have your dialer or IE open. This I could be wrong on. I am sure I will be corrected.

Just a thought!


------------------
You spend your whole life believing that you're on the right track,
only to discover that you're on the wrong train.

Dale Earnhardt #3 (1951-2001)
You will be missed!



[This message has been edited by Larommi (edited March 09, 2001).]

[Sowulo]

Quote:

<font face="Verdana, Arial" size="2">Originally posted by Larommi:

Safe mode! Just have to have your .cabs on the HDD. If I remember correctly, Wsock32.dll is not in use unless you have your dialer or IE open.</font>

Not only are you correct about the wsock.dll
usage, but there shouldn't be any need to go into safe mode before replacing it (just tested this on a Win98 system to make sure I wasn't suffering from a brain cramp).

------------------
Ya never know, ya know?