Ross S. W. Walker wrote: > > You can fix it all from CentOS. I'm going to reply with some more details. > Install CentOS plus kernel with NTFS support. > > Insert cdrom. Use the ported "expand" app to expand the user32.dl_ out The "expand" app is called "cabextract" it can be found in the EPEL repo or the "extras" repo in Fedora. > of the i386 directory on the cd-rom (or an extracted copy of your > latest service pack), and then mount your NTFS partition read-write, > and copy the user32.dll into the windows\system32 directory, and > possibly the windows\system32\dllcache. It IS also in dllcache, and the fact that the trojan bypassed the windows system file recovery means that it is probably a rootkit. You need to run some kind of rootkit detection and cleaner on the system before it reboots or else it will just reinstall itself. > I would run all Windows accounts as restricted users from now on. I > have done that on my M$ home PC with fast-user switching and it > works well for me, my wife and children rarely need to "install" > anything, but if they do I tell them, save it to c:\temp and > I'll install it when I get home. > > It may be worth while to try and image your Windows partition from > Linux if you have the space. Then you can restore your image and > your Windows if it gets corrupted again, which it won't if you > set all users as Restricted Users. > > -Ross > > > > -----Original Message----- > > From: centos-bounces@xxxxxxxxxx > > [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Lanny Marcus > > Sent: Sunday, November 18, 2007 10:12 AM > > To: CentOS Mailing List > > Subject: Dual boot box: WinXP & CentOS 5: Impossible > > to restoreWinXP? > > > > We rarely use M$ Windows, but I let my daughter surf > pbskids.org while > > using Windows and a Trojan Horse modified or deleted the user32.dll > > file. I found the instructions on the Microsoft Support web > site, and > > it would be very easy for me to expand a new copy of user32.dll if I > > could get the MS WinXP CD to work. It boots OK, I press a key so it > > will search hardware and it then has hard drive activity for a long, > > long time. My impression is that Microsoft does not want > this to work > > on dual boot boxes. > > > > I've tried this on dual boot boxes with Windows ME and Windows 98 SE > > and it works fine. Dell sent me two (2) new WinXP CDs (one > in English > > and one in Spanish) but the problem apparently is not that I have a > > defective WinXP CD from Dell. > > > > Has anyone been able to restore WinXP on a dual boot box? TIA! > > -- > > Lanny > > --------------------------------------------------------- > > Over 800 Magazine titles up to 85% off > > http://lowcostmagazines.com/ > > _______________________________________________ > > CentOS mailing list > > CentOS@xxxxxxxxxx > > http://lists.centos.org/mailman/listinfo/centos > > > > ______________________________________________________________________ > This e-mail, and any attachments thereto, is intended only for use by > the addressee(s) named herein and may contain legally privileged > and/or confidential information. If you are not the intended recipient > of this e-mail, you are hereby notified that any dissemination, > distribution or copying of this e-mail, and any attachments thereto, > is strictly prohibited. If you have received this e-mail in error, > please immediately notify the sender and permanently delete the > original and any copy or printout thereof. > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos