A friend brought his Dell 2100 (3 1/2 yrs old, XP Home (with SP3, I believe), 512 mb ram, single 80 gb Hd Drv, with Norton AntiVirus installed) to me. The owner assured me that he had noticed no aberrant behavior until yesterday, when it refused to boot. After confirming that it would not boot in either normal or safe mode (it displays the splash screen, then a cursor appears in the center of the screen, and all activity stops - in Safe Mode, the screen displays the safe mode indications at the edges of the screen, and the cursor again shows up, but no further activity), I removed the hard drive, and set it up as an external drive to one of my PCs. The drive spun right up, and I had no problems reading it. AVG Free found two instances of a Trojan - Win32.PEPatch.AO, attached to two familiar files in Windows\System32\, spoolsv.exe and svchost.exe, both dated August 10, 2004. AVG reported that forced removal of this malware would cause the host system to be unstable - which, for whatever it's worth, makes sense to me.
I checked these files in an XP system of mine (one which is fully updated with all current Windows XP Home patches), and found they were dated July 16, 2003, with similar, but slightly different, file sizes.
What I'm considering doing - if for no other reason than to just see if it will result in a bootable system - is simply deleting the infected files, and replacing them with copies of the non-infected files in another PC. (Added later) After that, whether win, lose, or draw, I'm considering trying an XP Repair operation.
I will appreciate any advice from you experts out there. A quick review of the "read this before posting" information at the top of this forum board indicates that a bootable system is required in order to follow the removal advice given. Since this machine does not boot - well, you get the idea.
Thanks in advance.
