Results 1 to 12 of 12
  1. #1
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    London, Gtr London, England
    Posts
    416
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Pos. MBR Virus + shell32 & kernel32 DLLs changed

    Post edited: apologies typed system32.dll instead of shell32.dll.

    Hi

    Apparently I have a MBR virus (I use AVG it reports that MBR change when I run the virus checker). Also, this morning when I started my PC it reported a MBR error and also a change in SHELL32.DLL & KERNEL32.DLL. Unfortunately (& being stupid) I managed to click 'Change Confirm' rather then 'Ignore' on the AVG screen for both of these DLLs. They have now changed. Is there any way of going back? The bad news is the System Restore doesn't work.

    Now AVG says MBR changed but I can't seem to do anything with it.

    So far, the PC has not crashed or has not misbehaved itself so far. But I am not sure if there is a virus or not. I would dearly like to go back to my previous SHELL32.DLL & KERNEL32.dll files.

    Any ideas/fixes more than welcome.

    Thanks

    Robie
    Thanks.
    Robie

  2. #2
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs changed

    This fdisk command will allow you to recreate the Master Boot Record or MBR. Although this can be dangerous, it is a quick way to fix many boot issues...

    1. Click Start
    2. Click Run
    3. Type CMD and hit ENTER
    4. From this dos box command line:

    FDISK/MBR

    This rebuilds the boot sector of the first bootable hard disk based on current disk structure. The partition table information should not be altered.

    This is usually used to repair a damaged, corrupted, or infected master boot record
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  3. #3
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    London, Gtr London, England
    Posts
    416
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang

    Thanks for the response Doc. Sorry for a long wait for reply but wasn't around for a while.

    Running FDISK as you suggested - I get the following:

    FDISK - is not recognized as as an internal or external command, operable program batch file

    Any more ideas?

    Thanks.
    Thanks.
    Robie

  4. #4
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang


  5. #5
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang

    robie,
    I think Doc meant to say fdisk /mbr with a space between fdisk and /mbr.
    Try that
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  6. #6
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang

    Bob is correct about the space in the command. It should be <font color=red>FDISK /MBR</font color=red> with a space between FDISK and the /. That was a typo (sort of) on my part, as it was a link to an MSKB article with more detailed info about the command. If you haven't tried the command, entered correctly, try that first. If there's no joy, then take a look at this MSKB article. MS-DOS Command Is Not Recognized in Windows 2000 You haven't said what OS you are running, but it may apply if you upgraded from Windows 95 or 98 to Windows 2000 or XP.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  7. #7
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    London, Gtr London, England
    Posts
    416
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang

    Thanks everyone. I

    I am runing XP Professional SP 2 - no upgrades at all. Installed on a brand new machine about 3 years ago.

    It is the FDISK command giving me the error. It doesn't recognize FDISK.

    I have been running ADaware, spybot, AVG 7.5 on my machine. AVG keeps telling me MBR changed. Other stuff is not picking up anytnng else.

    Robie
    Thanks.
    Robie

  8. #8
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang

    <center>
    <hr>XP Professional SP 2 - no upgrades at all<hr>
    </center>Are you saying that you haven't been using Windows Update and getting all the latest patches since the OS was installed, almost 3 years ago ??
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  9. #9
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    London, Gtr London, England
    Posts
    416
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang

    Sorry - too much information. [img]/forums/images/smilies/sad.gif[/img]

    XP Professional but with all the updates. By no upgrades in my previous message was to do with OS, i.e. this machine has not been upgrade from previous versions of windows but a brand new XP Pro was installed when the machine was bought.

    Robie
    Thanks.
    Robie

  10. #10
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang

    Hi, Argus here, haven't seen any reply to <!post=your other thread, about reinstalls, 610526>your other thread<!/post>.

    To get better help, it would be great if you provided more information. In what way do AVG tell you that you have a MBR virus?

    One part of the AVG on demand scanning is the "System Area Test"; i.e. Boot sector, MBR, kernel32.dll, wsock32.dll, shell32.dll, ntoskrnl.exe, hosts file etc. The settings for the System Area Test can be reached in the Test Center under Test menu, or by pressing Ctrl-F3.

    So, I don't know if you know that Microsoft every now and then updates some of the system files. For instance (since SP2):

    MS05-018 KB890859 ntoskrnl etc.

    MS05-049 KB900725 shell32 etc.

    MS06-015 KB908531 shell32 etc.

    MS06-045 KB921398 shell32 etc.

    MS06-051 KB917422 kernel32

    Do a search on your machine for the files and you probably will find older and newer copies.

    Two months ago I reinstalled my Windows copy (due to hardware problem), and then installed all updates and after that AVG, so I can not at this time show you test results of changed system files. But before my reinstall, during the years after SP2, I noticed that AVG in the scan result noted that shell32.dll and other files were changed. This didn't upset me in any way since I knew what had changed the files.

    If System Area scanning is enabled, as default is, it will at the first scan create a database of the system files. That is AVG7QT.DAT and found at root on homedrive, usually C:. Then, when a little MS update comes along and changes some of the files, AVG will at the next scan note that files are changed.

    If you like you can take a look at this search result at AVG free forum, the question has apparently been asked before:
    Search for "shell32.dll change"

    So, can you provide us with some more information about scan results and why you think you have a virus infection.

  11. #11
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang

    Try booting into Safe Mode ( F8 ) with command prompt and then run the fdisk /mbr command.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  12. #12
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    London, Gtr London, England
    Posts
    416
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pos. MBR Virus + shell32 & kernel32 DLLs chang

    Thanks everyone. I followed Vikings method of rebooting to safe mode & then ran the fdisk /mbr command. Everything OK now.

    FYI: Everytime I ran AVG it came up with 'MBR changed' with the buttons to OK, Ignore or Change. I always pressed Ignore.

    Thanks again for all your help. You guys are just great.
    Thanks.
    Robie

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •