How to fix your XP machine after CaAV broke it

[swag-nyc]

first off, update to signature file 6606

2. turn off real time protection (real time scanner)

3. restore the files from the quarintine (windows will complain that the file is not genuine, this is because it was "modified" and the checksum for the file has changed, it does not mean the file is different or broken, tell windows to use it anyway) *after reboot if windows is still angry, you will need to go to microsoft.com and find the download for XP service pack 3 to fully restore modified or deleted files. none of the affected files should prevent your machine from starting up, though it may complain a bit.

4. turn the scanner back on but keep the "clean" and "quarintine" boxes unchecked for the moment

5. scan your windows directory and everything inside, if there are no problems you can return to your normal AV settings and hope Ca buys a xp machine to check new sig files on


shame on Ca for not being on top of this, sure things happen, I've seen game patches erase hard drives, stuff happens.
but its what you do after that defines the value of your company

[NearWater]

Anyone got any ideas on how to fix the files that were deleted?
I first got hit with this last night and 3 files came up infected. I didnt realize CA doesn't automatically quarentine everything but instead actually deletes things. I have no idea what files were deleted. I just know they aren't in my quarutine folder.
I am running windows XP and have no disks to reinstall.

[swag-nyc]

Quote:

Originally Posted by NearWater

Anyone got any ideas on how to fix the files that were deleted?
I first got hit with this last night and 3 files came up infected. I didnt realize CA doesn't automatically quarentine everything but instead actually deletes things. I have no idea what files were deleted. I just know they aren't in my quarutine folder.
I am running windows XP and have no disks to reinstall.

windows xp service pack 3
go to microsoft.com and download it, install it and then go to windows update to patch it to the current version

this should restore the files that got nuked

[John12345]

Thanks, swag-nyc

last night I did a restore, and from what I read, I may have made it worse. I turned off the real-time AV and restored what was there, but I get the feeling it was to late. A bsod-less crash occurred some time thereafter.

Finally I turned off the updates as well, un-installed svcpak 3, went to the MS download center and re-installed it, (had to turn the firewall off first) and then afterwards the other updates that followed (minus IE8, of course). Im not sure it wouldve downloaded svc pak 3 unless I had uninstalled it first in the control panel/add-remove programs. I also had to enable windows automatic updates.


That link: http://support.microsoft.com/kb/322389 about halfway down the page. CA has a pretty streamlined interface, so people should be able to find where to turn off/on updates and the real time antivirus scanner.

I havent re-enabled the realtime AV, nor have I turned on the updates yet; Im waiting untile everyone agrees the coast is clear before I do. I dont actually know that I fixt anything until I get the new signature and re-enable the AV. So Im just waiting cuz I really dont want to have to do that again if Im wrong.

Since then, Ive been lolling @ the idea that Tom Symkowski is behind this :P

http://video.filestube.com/video,c63...95ada03ea.html

lol

[raingeer]

Old signature placed system files in quarantine.
Existing files were cleaned changing attributes.
Windows File Protection (WPF) Error for SP 3 CD etc.
New signature corrected quarantine error.
Reinstated each quarantined file.
WPF error remains.
Red X in Shield remains.
Norton scan negative
Norton program integrity and windows scan negative
PC Pitstop negative
Helpdesk implies reboot should be ok with a hint that I might need to redo SP3
Forum appears indefinite on this point although several members have stated similar condition and concern.
I fear my system that will not reboot without authentic files.
I am not sure if reinstatement replaced clean modified files with the originals.
Should I reboot?
Recommendation?

[spud]

raingeer

As the quarantined files restored without problem I would say uninstall the SP3 using add/remove programs then re-download it and install, which should fix all your issues.

[raingeer]

Spud,

Thank you. As these solutions require a reboot, I will start with that.

[spud]

let me know if you have any further problems and I will try and help.

[keithgh]

To all concerned
MS used to supply CDs with SP's as they were released. Originally I installed SP3 and it took ages also I believe in some cases it did cause a few problems as they were not fully downloaded for one technical reason or another. I was lucky with SP3 mine did work perfectly also I managed to pick up a CD from my local Computer club.

I would suggest contact MS to see if they have a CD for SP3 In Aust it SP1 & 2 were free .

It is always handy to have it just in case.

Keith

[OfficeManager]

Quote:

Originally Posted by keithgh

To all concerned
MS used to supply CDs with SP's as they were released. Originally I installed SP3 and it took ages also I believe in some cases it did cause a few problems as they were not fully downloaded for one technical reason or another. I was lucky with SP3 mine did work perfectly also I managed to pick up a CD from my local Computer club.

I would suggest contact MS to see if they have a CD for SP3 In Aust it SP1 & 2 were free .

It is always handy to have it just in case.

Keith

Other than a download SP3 will cost you from MS

Cheers