This seems to be an error, and anyway one cannot delete the "user32.dll" file from c:\windows\system32.

Just letting everyone know. If anybody has any further feedback on this I would love to hear it.


~~~ yours in Chaos, Scarlett

Same thing here. Clamwin reports: C:\WINDOWS\system32\user32.dll: Worm.Pinit-4 FOUND but another online scan does not detect anything. False positive?

When I researched it I found that AVG has been doing the same thing and that it's a mistake. However, I would like to know for sure, of course.

I have the same problem.
I try a scan on user32.dll with bitdefender (online), trendmicro (online), virscan.org and dr.web, but no one found a virus or nothing else. (Ouf ... )

This was a false positive, and it has been fixed. This is a good reason not to have ClamWin set to quarantine or remove files it detects as infected initially. Always check it out (especially if it is a Windows system file) before you "lose" it!

If you think a file has a false positive detection, submit it to Clam (see the location on the Clamwin Antimalware page). They need more input from Windows users because ClamWin uses their virus detection engine and signature database., but Clam was designed for use on Linux mail servers.

Regards,

Hello All,

Had the same problem yetserday when scanning C:
C:\WINDOWS\$NtServicePackUninstall$\user32.dll: Worm.Pinit-4 FOUND
C:\WINDOWS\ServicePackFiles\i386\user32.dll: Worm.Pinit-4 FOUND
C:\WINDOWS\system32\user32.dll: Worm.Pinit-4 FOUND

All been fixed today. Recommend to keep the default option to 'Report only', thus to avoid problems.

Regards,
Antonio

People who looked before they leapt, but I was not cautious. I had the file quarantined. Now I get a blue screen with "STOP: c0000135" smugly telling me that I was dumb for moving USER32.dll. Now what? I have a laptop and haven't seen my copy of the windows OS disk for years. Any ideas on how to get that USER32 back where it belongs? I already downloaded the file on another comp and burned it to a cdr, but what can I do now? Thanks for any help.

ShaoLinR,

Try these amule/emule links to download the user32.dll

ed2k://|file|user32.dll|578560|A1F2EFF854AABBCFBF10305FCC32B846|/
magnet:?dn=user32.dll&xt=urn:ed2k:a1f2eff854aabbcfbf10305fcc32b846&xl=578560

I have downloaded them and ran a virus scan on them and they are clean. They are for Windows XP.

All antivirus programs have false positives, but Clam is subject to a bit more false positives than a lot of the commercial AVs. The Clam AV program is primarily used on Linux-based email systems , and tje don't have to worry about Windows system files. Clam also doesn't have all Windows system files available to checks against for false positives before their signatures are released.

That's why I believe that the ClamWin Remove and Quarantine preferences should be changed to exclude files in the Windows directories and only Report them as infected. The user can then check them out and do a manual removal if they turn out to be infected. This entails some user "education," but it would save some users a lot of time/trouble.

Regards,

Got that. I actually already have the file, I suppose I'm more asking if anyone has experience with installing files without access to Windows (it won't even start in SafeMode). You know...since I deleted a critical file for it to do so.

Anyone know?

Can I install it from DOS? If so how?

Can you get hold of a Windows boot disk for XP? That way you could boot up with the OS from the CD and then install the file where it needs to be.

Some of the AV companies have boot disk files you can make in case malware prevents Windows from working. The boot disks usually have a Linux boot OS with their AV and some "housekeeping" software. I've made and used the Dr. Web boot CD for virus scans. After you boot up from the CD, I think you will have the opportunity to bypass the virus scan and access the hard drive. You have to burn the file(s) available at the AV websites to an ISO file on CD. Files are available from Dr. Web, Bitdefender, Kaspersky, and F-Secure. I chose Dr. Web because it is 60 MB and the others are 150+ MB.

There is also the BART PE bootup CD you can make, but I've never been able to do it, and it zapped my XP-SP3 OS the last time I tried that.

Regards,

Sorry to hear that...
You need Windows XP/2003/Vista setup CD (borrow it form a friend if you don't have one), then use recovery console and copy the file using COPY command.
If your computer has a floppy drive then this page might be useful:
https://support.microsoft.com/kb/310994

You could yank the hard drive, put it in a usb enclosure, attach to another computer, and then replace the file in question.

The other methods described above might be easier, depending on a number of factors.

Hello ShaoLinR@73R,


You can use Linux distro that runs on Live CD (means an OS that is booted from CD and does not need to be installed locally) to have access to your C: drive and copy the missing files back in their place.
Here are the steps I took to copy a .txt file from a USB drive to C: using a live CD. I Chose GOS for simplicity but there are many options around (all free software, so you don't have to bother about licences...)

1-Downloaded the image (.iso file) from https://www.thinkgos.com/gos/download.html and burnt it on CD as image file.
2-Booted machine from CD (Note: at least 384 MB of Ram are required)
3-Once the OS was loaded on RAM I had access to C: drive, then copied the file the the Documents and Settings folder.
4-Restarted the machine (CD was ejected)
5-Rebooted in Windows and checked the folder; file was there copied correctly.

If you need to recover more .dll files you should check @ https://www.dll-files.com. That worked for me some time ago when an Audio player wouldn't run...

Hope this helps,
Antonio

Thanks for the information, Antonio. You must have larger CDs in Italy than we have in the states, however. The gOS download was larger than my 700 MB CD would hold, so I looked around for something else. There's a free Linux distro available at https://distro.ibiblio.org/pub/linux/distributions/damnsmall/current/ . It is a 50 MB version of Linux called Damn Small Linux (DSL) and it looks perfect for quick access to a dead system. Make sure you download the version named dsl-version.iso . There's also something called Knoppix Linux, which is much larger but it is still under 700 MB. For any bootable OS, make sure you get an ISO version and burn it with your CD burner as an ISO file.

Regards,