Virus!

Was greeted by my Helpdesk colleague today - that our two Helpdesk desktops had just gotten a virus!

HOW
PC 01 got its virus when my Helpdesk buddy tried to download a supposed dll error fixing program. Prior to the virus, she was troubleshooting a slow IE 7 and MS Outlook problem on another user's laptop. An initial Google search led her to trying out a "dll error fixing program". The trial version seemed to work, it supposedly fixed 7 out of 150 dll errors! So she thought "get a cracked version and fix it all in one shot". Well, unfortunately the "cracked" version of that program contained several nasty trojan viruses..

PC 02 got its virus (most probably) from its shared folder - which that virus most probably came from the already spread-out infection in PC 01.

TEMPORARY FIX
I havent really fixed it yet - though PC 02 now boots. It did get a virus infection which was tried for a fix using AVG. Well, AVG supposedly cleaned the virus and deleted the infected file - which included user32.dll - which is a critical Windows XP file - which when deleted, caused the computer to continuously restart. After several reboot attempts in Safe Mode and even after the Last Known Good Configuration settings have failed, you'd initially think its time to reformat..

However, look closely into the Safe Mode boot options, there's this long text of starting the computer with the Reboot on error settings turned off. I chose this option - it booted the computer, then gave the much needed BSOD - which fortunately descriptive enough and complaining of the missing user32.dll. Got a copy of user32.dll from a clean machine, saved it to the PC 02's directory, and presto, a bootable machine.

REAL FIX
Reformat!
I think ill leave the computers to scan one more time in McAfee and AVG. By the time my shift is over, it should have finished scanning and hopefully some other immediately harmful virus should have been cleaned. Then ill suggest that they backup their files and do a reformat.