Re: W32/Backdoor.KPI

From: "antioch" <r.antiochdunkthis@xxxxxxxxxxxxxxxxxxxx>

| Hello All
| Just did my daily Netguard virus scan supplied by my ISP and up popped this
| virus W32/Backdoor.KPI.
| Netguard reported that it could not be disinfected but was deleted so did
| another scan as per advice - nothing found.
| Went into their site to see what it was and there was no trace of any info
| about it.
| I also got a window entitled 'Windows file protection' This said;
| "Files that are required by windows to run properly have been replaced by
| unrecognised versions. To maintain system stability windows must restore
| the original versions of these files.
| Insert your WIN XP Home SP2 CD now.
| I have a screen-shot of this window and the netguard warning.
| If I insert the disk, does anyone know what I can expect. Will it require
| re-install of WIN XP or will the process just pick out what is required.
| I thought it better to ask for advice first.
| As it happens I had done a CD backup of personal stuff only an hour before.
| Rgds
| Antioch
|

Is Netguard AV an OEM product by RadialPoint ?

It sounds like this replaced a OS file with its own (like WININET.DLL).

The message you got is like running System File Chgecker to replace the removed file.

If your OS is WinXP SP2 (as evindenced by the request to inert a WinXP SP2 CDROM) then you
need to point it to a CDROM of WinXP SP2 or point it to an i386 folder that has been
slip-streamed to SP2 level.

One can easily slip-stream a WinXP SP1 or WinXP Gold i386 folder. You would copy the i386
folder tree from the CDROM to the root of "C:" (c:\i386) then change the attributes of the
folder form Read-Only to Read-Write.

Then you would download the SP2 update in EXE format (~265MB file)
http://www.microsoft.com/downloads/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&DisplayLang=en

You would then execute;
WindowsXP-KB835935-SP2-ENU.exe -u -s:c:\

To slip-stream the c:\i386 folder to SP2 level.

Then you would go to the Registry and the following location...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

and change...

"SourcePath" from D:\ (or other location) to; c:\

This will tell the OS where the i386 folder is to be found, in the root of "C:"

Then if you run the System File Checker (SFC.EXE) it will automatically find the files
needed and and you won't get a 'Windows file protection' and "Insert your WIN XP Home SP2 CD
now" type message.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Relevant Pages

  • Re: tidying up after failed sp2 update
    ... You should be able to get Windows SP2 into a 5.85 gb partition. ... Go to Start, Control Panel, Folder ... Next in Windows Explorer make sure View, Details is selected and then select View, ... I would forget about Windows XP SP2 remnants and check the position after installing SP2. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Windows File Protection SFC wants nonexistant file
    ... I Googled "s3legacy.dll" and believe it is a file used by Windows XP ... i386 folder on the installation CD you won't find s3legacy.dl_, ... Google is your Friend! ... Do you have a CD with the SP2 executable or a CD with WinXP and SP2 ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: System Restore
    ... getting asked for the windows xp sp2 cd to be inserted. ... If you don't browse to a new location, a new i386 folder will be created ... Reinstall System Restore and browse to the new i386 folder. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Temporary files accumulating
    ... This document does not apply to Windows XP Service Pack 2. ... But the page says it is not for XP SP2. ... temp in Start | Run to open the folder. ...
    (microsoft.public.windowsxp.general)
  • Re: W32/Backdoor.KPI
    ... | Just did my daily Netguard virus scan supplied by my ISP and up popped ... | "Files that are required by windows to run properly have been replaced ... need to point it to a CDROM of WinXP SP2 or point it to an i386 folder ... One can easily slip-stream a WinXP SP1 or WinXP Gold i386 folder. ...
    (microsoft.public.security.virus)