I have virus and i can't delete the file or move it...

Viruses and worms
1

Today i reseive a message
c:\windows\system32\user32.dll - infected with Worm ( Win32:SysPatch [Wrm] )
and when i try to delete it or move it to the chest, avast told me that the “specified file is read only” and i can’t do nothing!

Please help :slight_smile:

2

This is a very complex problem because it is an essential system that is infected making it very hard to deal with, see this topic, http://forum.avast.com/index.php?topic=41227.0 and this post at the end of it, http://forum.avast.com/index.php?topic=41227.msg346103#msg346103.

3

Hi DavidR,

First cleanse the malware with System Restore disabled and in SafeMode, re:
http://forum.avast.com/index.php?topic=41227.msg346103#msg346103

then one can use the following methods to restore to the original user32.dll file:

Method 1: Use Recovery Console to restore the User32.dll file

Some User32.dll errors can be fixed by restoring the original User32.dll file from your Windows CD. Restoring the User32.dll file replaces the copy of User32.dll on your computer by using the original copy of User32.dll that is contained on your Windows CD.

You can use this method if you are running one of the following Windows operating systems:

*

  Windows XP
*

  Windows Server 2003
*

  Windows 2000

Before you perform this procedure you should have the Windows installation CD.

  Step1:Insert the Windows XP CD into your computer, and then restart the computer.

  Step2:If you are asked whether you want to start the computer from the CD drive, click Yes.

  Step3:When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  Step4:When you are asked to type the Administrator password, type the Administrator password. If the administrator password is blank, just press ENTER.

  Step5:At the command prompt, type the following command:

        cd %systemroot%\system32

  Step6:First, rename the damaged or corrupted file so that it is not deleted when you copy the original file. To do this, type the following command:

        ren USER32.DLL USER32.BAK

  Step7:Next, restore the original User32.dll file from the Windows CD to your computer. To do this, type the following command:

        expand [CD drive letter]:\i386\USER32.DLL %systemroot%\system32 /Y

  Note In this command, replace [CD drive letter] with the letter of your CD drive, such as D.

  Step8:To exit the Recovery Console and to restart the computer, type exit at the command prompt, and then press ENTER.

Method 2: Use the System File Checker tool to repair User32.dll

System File Checker lets you scan all protected files to verify their versions. If System File Checker discovers that a protected file has been overwritten, it retrieves the correct version of the file from the cache folder (%Systemroot%\System32\Dllcache) or from the Windows installation source files, and then replaces the incorrect file. You must be logged on as an administrator or as a member of the Administrators group to run System File Checker,

polonus

4

That is the post I sent kitana_mk to look at ;D

5

Hi DavidR,

That is what I sort of expected, but having it repeated here for a print-out did not appear as a bad idea,
tomorrow is the Eve of Christmas, let your Christmas days be malware free,

Damian

P.S. Click the picture for animation!

6

Thank you all … I really hate this stupid viruses ( the computer is for work >:( i’m getting mad when i can’t do my work )