Sign in with
Sign up | Sign in
Your question

SP2 installation failure

Last response: in Windows XP
Share
Anonymous
January 9, 2005 11:03:04 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

dell pc with windows xp pro, pentium 4 2.8, 512 mb DDR SDram.
After recovery from a new trojan virus, several functions would not work ,
internet explorer browser for one. I then used the mfg installation disk
which contained my copy of windows xp pro and used the repair an xp
installation feature, not the console, and everything seems to function, but
SP2 installation fails either from download or from the disk, I get an error
message (access denied}. In using an information diasgnostic tool it say's
that SP2 is installed, but it is not evident in the add/remove programs list.
Is there a documentation for manually removing all traces of SP2 so that it
can then be reinstalled, Or is it possible that there is a backup of the
virus in system restore? I have not disabled the system restore feature.
--
just learning the hard way
Anonymous
January 9, 2005 1:36:51 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

It is likely that System Restore contains the virus. For that reason it
should be disabled and enabled again to purge all Restore Points. However
that is likely not what is causing your problem.
See this item
http://support.microsoft.com/default.aspx?scid=kb;en-us;873148&Product=windowsxpsp2
You may also wish to look at the info here
http://www3.telus.net/dandemar/spackins.htm

Have you tried installing SP2 from the full download package? If you have a
fast connection you can get it here
http://www.microsoft.com/downloads/details.aspx?familyi...

or it can be had on CD by either ordering it from Microsoft
http://www.microsoft.com/windowsxp/downloads/updates/sp...
or by finding a copy at your favourite big box Software Seller.

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp


"ra42grif" <ra42griffin(removethis)@hot.rr.com> wrote in message
news:D B5753E6-BE50-4225-9E80-64EEBFA3170F@microsoft.com...
> dell pc with windows xp pro, pentium 4 2.8, 512 mb DDR SDram.
> After recovery from a new trojan virus, several functions would not work ,
> internet explorer browser for one. I then used the mfg installation disk
> which contained my copy of windows xp pro and used the repair an xp
> installation feature, not the console, and everything seems to function,
> but
> SP2 installation fails either from download or from the disk, I get an
> error
> message (access denied}. In using an information diasgnostic tool it
> say's
> that SP2 is installed, but it is not evident in the add/remove programs
> list.
> Is there a documentation for manually removing all traces of SP2 so that
> it
> can then be reinstalled, Or is it possible that there is a backup of the
> virus in system restore? I have not disabled the system restore feature.
> --
> just learning the hard way
January 9, 2005 2:11:04 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

"ra42grif" <ra42griffin(removethis)@hot.rr.com> wrote in message
news:D B5753E6-BE50-4225-9E80-64EEBFA3170F@microsoft.com...
> dell pc with windows xp pro, pentium 4 2.8, 512 mb DDR SDram.
> After recovery from a new trojan virus, several functions would not
> work ,
> internet explorer browser for one. I then used the mfg installation
> disk
> which contained my copy of windows xp pro and used the repair an xp
> installation feature, not the console, and everything seems to
> function, but
> SP2 installation fails either from download or from the disk, I get an
> error
> message (access denied}. In using an information diasgnostic tool it
> say's
> that SP2 is installed, but it is not evident in the add/remove
> programs list.
> Is there a documentation for manually removing all traces of SP2 so
> that it
> can then be reinstalled, Or is it possible that there is a backup of
> the
> virus in system restore? I have not disabled the system restore
> feature.
> --
> just learning the hard way


Which trojan did you get hit with and what did you do or use to remove
it? Some anti-spyware programs keep a backup snapshot which lets you
undo their changes. You end up with what you had before (you're
infected again) but the system works again and you can attempt more
research on the infection before trying to eradicate it again. However,
since you have tried to using the Repair from the Mfr's install CD, the
system may not be in a state that the restore from the anti-spyware
program can return into a working state. You never said what you used
to eradicate the trojan, or even if it was a trojan, virus, spyware,
adware, or what. The eradicator tool you used might only know what is
the trojan and not everything else it changed. For example (but not of
a virus or trojan, in this case), when you install Norton AntiVirus
(NAV), it will change the registry entries for scripting to point at its
module and the registry entry for its module will then point at the
modules for scripting. This is how NAV does its script blocking. If
you remove NAV using something else than its uninstall program, these
registry entries may not get unchained and so you're left with scripting
that won't work.

You didn't mention what "functions" no longer worked. If the problem is
with connectivity, it could be that removing the trojan resulted in a
corrupted chaining of LSPs (layered service providers) which prevents
proper operation of TCP; see http://www.cexx.org/lspfix.htm. Be sure to
read the readme.txt file that comes with it on how to use it. Like
using regedit, this is digging into your system and can be hazardous.
If you put this on your system, do NOT put a shortcut to it in the Start
menu that anyone can see (i.e., only put it in admin profile's Start
menu) and put its file in a path that requires admin priviliges to read
it, like under the Administrator's %userprofile% path, or change
permissions on the folder containing it so only administrators can run
this program.

You had Service Pack 2 installed in your instance of Windows XP. You
did a repair using the Mfr install CD. It doesn't sound like it was a
drive image because that would have overwritten and wiped out everything
in the OS partition to the same state as how the Mfr delivers the system
(I'm presuming all your data is there and anything else you installed
after getting the computer). That probably did not have Service Pack 2
slipstreamed into it, so you might've been using a SP-1 version of
Windows to repair a SP-2 instance of Windows. Because the
manufacturer-customized version of Windows that comes with Dell (and
other brands) is not a Microsoft-standard installation CD, I'm not sure
that you can slipstream a service pack into it. You could make a copy
of the CD and try slipstreaming SP-2 into the copy
(http://www.winsupersite.com/showcase/windowsxp_sp2_slip...).
Then try the Repair again now with the SP-2 version of Windows on the
CD-R[W] to repair your SP-2 patched instance of Windows XP. If trying
to slipstream in SP-2 into the Mfr-customized version of Windows doesn't
work, you might see if you can remove SP-2 from your installed instance
of Windows XP; see http://support.microsoft.com/?id=875350.

If nothing works to get you into a working state for the instance of
Windows that is installed, trojaned, had the trojan removed somehow but
broke some "functions", and a Repair was performed but which might not
have matched on the service pack level, you might end up having to save
all your data and do a fresh install of Windows XP. Unless using the
trojan extractor tool's restore, reapplying SP-2, or LSPfix gives you a
quick fix, often it takes less time to save your data and wipe the
partition to do a fresh install of the OS and your applications than to
repair your system from a poor trojan eradication.

You might also try asking in newsgroups more focused on trojans and
malware, like:

alt.comp.virus
alt.comp.anti-virus.
alt.privacy.spyware

--
_________________________________________________________________
Post your replies to the newsgroup. Share with others.
E-mail: vanguard_help AT yahoo.com (append "#NEWS#" to Subject)
_________________________________________________________________
Anonymous
January 9, 2005 2:37:03 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Bloodhound.W32.E.P. and 4 variations. I had Norton 2004 Norton quaranteened
and then I used AVG Premium to clean it. I then uninstalled Norton but did
not remove all symantec files. Thanks for the response both of you I now have
enough to keep me busy a while, I will as a last resort reinstall a clean
copy of Windows. By the way when I did the repair of the existing windows
installation it saved my files and you are right it repaired with a built in
sp1 while sp2 had not been cleanly removed. Everything else works so I will
try to remove the system restore files and see what happens, I will keep
updat ing this response until I/we get it resolved. ra42grif

"Vanguard" wrote:

> "ra42grif" <ra42griffin(removethis)@hot.rr.com> wrote in message
> news:D B5753E6-BE50-4225-9E80-64EEBFA3170F@microsoft.com...
> > dell pc with windows xp pro, pentium 4 2.8, 512 mb DDR SDram.
> > After recovery from a new trojan virus, several functions would not
> > work ,
> > internet explorer browser for one. I then used the mfg installation
> > disk
> > which contained my copy of windows xp pro and used the repair an xp
> > installation feature, not the console, and everything seems to
> > function, but
> > SP2 installation fails either from download or from the disk, I get an
> > error
> > message (access denied}. In using an information diasgnostic tool it
> > say's
> > that SP2 is installed, but it is not evident in the add/remove
> > programs list.
> > Is there a documentation for manually removing all traces of SP2 so
> > that it
> > can then be reinstalled, Or is it possible that there is a backup of
> > the
> > virus in system restore? I have not disabled the system restore
> > feature.
> > --
> > just learning the hard way
>
>
> Which trojan did you get hit with and what did you do or use to remove
> it? Some anti-spyware programs keep a backup snapshot which lets you
> undo their changes. You end up with what you had before (you're
> infected again) but the system works again and you can attempt more
> research on the infection before trying to eradicate it again. However,
> since you have tried to using the Repair from the Mfr's install CD, the
> system may not be in a state that the restore from the anti-spyware
> program can return into a working state. You never said what you used
> to eradicate the trojan, or even if it was a trojan, virus, spyware,
> adware, or what. The eradicator tool you used might only know what is
> the trojan and not everything else it changed. For example (but not of
> a virus or trojan, in this case), when you install Norton AntiVirus
> (NAV), it will change the registry entries for scripting to point at its
> module and the registry entry for its module will then point at the
> modules for scripting. This is how NAV does its script blocking. If
> you remove NAV using something else than its uninstall program, these
> registry entries may not get unchained and so you're left with scripting
> that won't work.
>
> You didn't mention what "functions" no longer worked. If the problem is
> with connectivity, it could be that removing the trojan resulted in a
> corrupted chaining of LSPs (layered service providers) which prevents
> proper operation of TCP; see http://www.cexx.org/lspfix.htm. Be sure to
> read the readme.txt file that comes with it on how to use it. Like
> using regedit, this is digging into your system and can be hazardous.
> If you put this on your system, do NOT put a shortcut to it in the Start
> menu that anyone can see (i.e., only put it in admin profile's Start
> menu) and put its file in a path that requires admin priviliges to read
> it, like under the Administrator's %userprofile% path, or change
> permissions on the folder containing it so only administrators can run
> this program.
>
> You had Service Pack 2 installed in your instance of Windows XP. You
> did a repair using the Mfr install CD. It doesn't sound like it was a
> drive image because that would have overwritten and wiped out everything
> in the OS partition to the same state as how the Mfr delivers the system
> (I'm presuming all your data is there and anything else you installed
> after getting the computer). That probably did not have Service Pack 2
> slipstreamed into it, so you might've been using a SP-1 version of
> Windows to repair a SP-2 instance of Windows. Because the
> manufacturer-customized version of Windows that comes with Dell (and
> other brands) is not a Microsoft-standard installation CD, I'm not sure
> that you can slipstream a service pack into it. You could make a copy
> of the CD and try slipstreaming SP-2 into the copy
> (http://www.winsupersite.com/showcase/windowsxp_sp2_slip...).
> Then try the Repair again now with the SP-2 version of Windows on the
> CD-R[W] to repair your SP-2 patched instance of Windows XP. If trying
> to slipstream in SP-2 into the Mfr-customized version of Windows doesn't
> work, you might see if you can remove SP-2 from your installed instance
> of Windows XP; see http://support.microsoft.com/?id=875350.
>
> If nothing works to get you into a working state for the instance of
> Windows that is installed, trojaned, had the trojan removed somehow but
> broke some "functions", and a Repair was performed but which might not
> have matched on the service pack level, you might end up having to save
> all your data and do a fresh install of Windows XP. Unless using the
> trojan extractor tool's restore, reapplying SP-2, or LSPfix gives you a
> quick fix, often it takes less time to save your data and wipe the
> partition to do a fresh install of the OS and your applications than to
> repair your system from a poor trojan eradication.
>
> You might also try asking in newsgroups more focused on trojans and
> malware, like:
>
> alt.comp.virus
> alt.comp.anti-virus.
> alt.privacy.spyware
>
> --
> _________________________________________________________________
> Post your replies to the newsgroup. Share with others.
> E-mail: vanguard_help AT yahoo.com (append "#NEWS#" to Subject)
> _________________________________________________________________
>
>
!