| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 102099 | 2009-08-07 00:39:00 | Combofix ballsup in Vista wscsvc.dll | wratterus (105) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 798975 | 2009-08-07 00:39:00 | Right, someone else was cleaning out spyware, ran Combofix through, and it seems to have removed the wscsvc.dll file. (Windows security center.) I've tried re-registering every dll file I can find, clearing repositories, reinstalling SPs, none of it has made any difference. When the Security Centre service (or what's left of it) is opened, the message 'The specified device instance handle does not correspond to a present device' comes up, and none of the service properties will open. I'm going to overwrite the file with a copy from another vista installation and see if that works, apart from that I'm out of ideas. Thought I'd post this as it seems I'm not the only one (www.bleepingcomputer.com) with this issue, and a resolution might help someone else. :badpc: |
wratterus (105) | ||
| 798976 | 2009-08-07 00:50:00 | Have you tried performing a repair(upgrade) install? I've seen this before. The nasty viruses infect integral system files. Blam |
Blam (54) | ||
| 798977 | 2009-08-07 00:55:00 | Does Vista allow you to upgrade itself? (eg do the same as an XP repair-reinstall)? A normal repair does nothing, why can't Vista be like XP in this respect! :p | wratterus (105) | ||
| 798978 | 2009-08-07 01:03:00 | Run trojan remover in safe mode / networking, (if this is 32 bit), click on scan, see what else it can find. Select all options under the utils menu. They / You should have tried other methods first (before using comobofix) | Speedy Gonzales (78) | ||
| 798979 | 2009-08-07 01:11:00 | I'm all too well aware of that Speedy. :p Already run TR through, the PC is clean as a whistle. I've also taken ownership of the folder and subcontainers, and it wont let me change the files, also looks like this is an issue without a resolution too, so no replacing the file. I'm interested in what you mentioned earlier Blam about the upgrade, is it possible to do that in the same way XP would do a repair-reinstall? I always thought you couldn't do that in Vista. Running VHP here. |
wratterus (105) | ||
| 798980 | 2009-08-07 01:13:00 | Run trojan remover in safe mode / networking, (if this is 32 bit), click on scan, see what else it can find. Select all options under the utils menu. They / You should have tried other methods first (before using comobofix) The file was infected. TR obviously did not detect it and Combofix did. It likely that other System Files were/are infected also. In cases like these a clean install is best. But if you're desperate, a repair(upgrade) install *may* be able to fix it. Have you tried sfc /scannow yet? Its possible the System File Checker executable is infected too, so : s Wratterus. Read this: www.vistax64.com Blam |
Blam (54) | ||
| 798981 | 2009-08-07 01:14:00 | What version of Vista is it? Altho it may not matter its probably the same file (wscsvc.dll ). Did you manage to extract that file? | Speedy Gonzales (78) | ||
| 798982 | 2009-08-07 01:16:00 | If you really need to extract that file from a Vista DVD mount the WIMs and copy it from there. | Blam (54) | ||
| 798983 | 2009-08-07 01:18:00 | In cases like these a clean install is best. But if you're desperate, a repair(upgrade) install *may* be able to fix it. Have you tried sfc /scannow yet? Its possible the System File Checker executable is infected too, so : s Wratterus. Read this: www.vistax64.com Blam Done SFC. I'm 99.9% confident there aren't any more infected files on the machine, at least nothing active. Thanks for that link, got SP2 installed, looks like i'd better go back to SP1 then try the upgrade with a SP1 disk I have here. Will also clone the drive before going any further. :p The issue is not getting hold of another wscsvc.dll file, it's not being able to remove the old one. (just realized I said the file had been removed in the first post. Corrupted or ****ed would have been the better use of words, as it's still there...) Thanks for the help... |
wratterus (105) | ||
| 798984 | 2009-08-07 01:31:00 | Take ownership of the file first (www.howtogeek.com) | Speedy Gonzales (78) | ||
| 1 2 | |||||