I just installed Avast! Home, it did the initial scan in DOS mode at bootup. After rebooting, I can’t launch ANYTHING! When I try to start any program, XP gives me the following message: “Windows cannot access the specific device, path or file. You may not have the appropriate permissions to access the item”.

Please Help!!
Tim

Where there infections detected?
If so, what files where delete/moved?

It found lots of Win32 Trojans in system directories. I told Avast to move, not delete.

When I look at the text logs I see:
…sign of “Win32-Trojan:gen {other}” found in “C:\WINDOWS\System\Rundll.exe” file.

Thanks for the fast response!

That is indeed malware.

Are you using XP Home or Pro?

If Pro:
Do you also get this message when logged in as administrator (not as user with admin rights)?

If Home:
Does your user account have admin rights?

XP Home, and I do have admin rights.
As a test, I created another ID and put it in the Admin group. It has the same problems.

I checked and the Rundll.exe is still in the Windows\System32 directory.

???

Switch off system restore, reboot and scan again (or run a boot time scan after reboot).

Windows in its wisdom is trying to protect itself (or so it thinks), by protecting/restoring files deleted from its system folders.

When you are in the clear again, then you can enable system restore again.

Try this:

start > run > sfc /scannow

Hmm. It says it needs to copy some files from my original XP CD which I don’t have. Not good. Do you think I could just find a replacement for rundll.exe?

David,

Just noticed your post. Can you explain more of what you are suggesting that I do?

“Switch off system restore, reboot and scan again (or run a boot time scan after reboot).”

Not sure how / where to “Switch off system restore”

As I said before. That rundll.exe is MALWARE, you don’t want that back.

How to disable system restore.

Get a Windows XP cd and run the sfc is I suggested, place all original Windows files it asks for back from the cd.

Also check this key in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
If you see c:\windows\system\rundll.exe there, remove it.

The original XP disk didn’t solve my problem, so I bit the bullet and rebuilt the whole from scratch. This time, I loaded Avast! right away before I installed any of my other tools. So far all is well.

Not exactly how I would have approaced it, but at least the problem is solved. I hope you didn’t forget a firewall :wink: