Jump to content

tycho90213

Members
  • Content Count

    1
  • Joined

  • Last visited

About tycho90213

  • Rank
    Newbie
  1. Today I ran the latest version of SAS with the latest updates on a friend's infected computer, and in addition to finding some malware, it also flagged C:\Windows\System32\MSVCRT.DLL as Trojan.Agent/Gen-MSFake. It was checked to be removed by default, and I allowed it to be deleted along with some other files. Upon reboot, I immediately received a BSOD with the following message: STOP: c000021a {Fatal System Error} The windows Logon Process system process terminated unexpectedly with a status of 0xc0000135 (0x00000000 0x00000000). The system has been shut down. I spent over 4 hours trying to debug what had gone wrong. Safe mode and Last Known Good Configuration all resulted in the same error. After much searching, I narrowed the error down to the fact that MSVCRT.DLL was missing. Using Ubuntu to replace the file, viola!, the system booted fine. I submitted the quarantined MSVCRT.DLL to both Jotti and Virustotal (File size: 343040 bytes, MD5: b0fefa816d61ec66aa765ddf534eab5e), and both gave it a clean bill of health. I can see nothing wrong with the file. I even re-ran SAS on the now clean system, and it still flags MSVCRT.DLL as infected. Please rectify this false-positive as soon as possible, as I fear that people with less technical skills may entirely lose their Win XP installation in the process. Thank you!
×
×
  • Create New...