Is Replacing File Correct Fix

[Guest]

Archived from groups: microsoft.public.windowsme.general (More info?)

Recent Scan produced following:C:\WINDOWS\HELP\TSHOOT00.CHM »CHM
»/w0dvd_result.htm - probably modified trojan VBS/Valg.A - -
NOD32 AV only offers "LEAVE" option- (Stinger/Spybot S&D/AdAware SE no help-
TSHOOT00.CHM can be found in the Win_9.cab file which I found in
C:\Windows\Options\Install folder (8 MB size).
Install CD is via DELL OEM original install/Believe Desired Folder Not On It-
Is there any logic to copying file from Win_9.cab over the one showing
"probable trojan"?
http://support.microsoft.com/kb/129605/EN-US/ addresses Extracting
Compressed Files AND Extracting Those protected by the System File Protection
feature in Windows Me.
I'm not good at this but is this a way to fix the issue? Many Thanks!

 

[Guest]

Archived from groups: microsoft.public.windowsme.general (More info?)

To replace a file in Win Me see MS KB129605 - "HOW TO: Extract Original
Compressed Windows Files"
(http://support.microsoft.com?kbid=129605).

To replace a protected file in Win Me see MS KB 265371 - "How to Extract
and Replace a Protected File in Windows Me"
(http://support.microsoft.com?kbid=265371).

You can use either the CAB files on your hard disk (probably in either
C:\Windows\Options\Cabs or C:\Windows\Options\Install) or those on your
Win Me CD or Recovery disk.
--
Mike Maltby MS-MVP
mike.maltby@gmail.com


Craig S <CraigS@discussions.microsoft.com> wrote:

> Recent Scan produced following:C:\WINDOWS\HELP\TSHOOT00.CHM »CHM
> »/w0dvd_result.htm - probably modified trojan VBS/Valg.A - -
> NOD32 AV only offers "LEAVE" option- (Stinger/Spybot S&D/AdAware SE
> no help- TSHOOT00.CHM can be found in the Win_9.cab file which I
> found in C:\Windows\Options\Install folder (8 MB size).
> Install CD is via DELL OEM original install/Believe Desired Folder
> Not On It- Is there any logic to copying file from Win_9.cab over the
> one showing "probable trojan"?
> http://support.microsoft.com/kb/129605/EN-US/ addresses Extracting
> Compressed Files AND Extracting Those protected by the System File
> Protection feature in Windows Me.
> I'm not good at this but is this a way to fix the issue? Many Thanks!

 

[Guest]

Archived from groups: microsoft.public.windowsme.general (More info?)

Thanks, Mike. I Extracted TSHOOT00.chm to C:\My Documents from
C:\Windows\Options\Install and got same "Probable Mod'd Trojan Warning" as
First seen in Windows\HELP.
Have requested False Positive analysis from ESET/NOD32 AV .
Will advise if/when answered.

"Mike M" wrote:

> To replace a file in Win Me see MS KB129605 - "HOW TO: Extract Original
> Compressed Windows Files"
> (http://support.microsoft.com?kbid=129605).
>
> To replace a protected file in Win Me see MS KB 265371 - "How to Extract
> and Replace a Protected File in Windows Me"
> (http://support.microsoft.com?kbid=265371).
>
> You can use either the CAB files on your hard disk (probably in either
> C:\Windows\Options\Cabs or C:\Windows\Options\Install) or those on your
> Win Me CD or Recovery disk.
> --
> Mike Maltby MS-MVP
> mike.maltby@gmail.com
>
>
> Craig S <CraigS@discussions.microsoft.com> wrote:
>
> > Recent Scan produced following:C:\WINDOWS\HELP\TSHOOT00.CHM »CHM
> > »/w0dvd_result.htm - probably modified trojan VBS/Valg.A - -
> > NOD32 AV only offers "LEAVE" option- (Stinger/Spybot S&D/AdAware SE
> > no help- TSHOOT00.CHM can be found in the Win_9.cab file which I
> > found in C:\Windows\Options\Install folder (8 MB size).
> > Install CD is via DELL OEM original install/Believe Desired Folder
> > Not On It- Is there any logic to copying file from Win_9.cab over the
> > one showing "probable trojan"?
> > http://support.microsoft.com/kb/129605/EN-US/ addresses Extracting
> > Compressed Files AND Extracting Those protected by the System File
> > Protection feature in Windows Me.
> > I'm not good at this but is this a way to fix the issue? Many Thanks!
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsme.general (More info?)

ESET/NOD32 AV Trojan Alert on TSHOOT00.chm (in Windows\HELP finally written
out as False Positive. Good learning experience as I did learn how to extract
files. Thanks Mike.

"Mike M" wrote:

> To replace a file in Win Me see MS KB129605 - "HOW TO: Extract Original
> Compressed Windows Files"
> (http://support.microsoft.com?kbid=129605).
>
> To replace a protected file in Win Me see MS KB 265371 - "How to Extract
> and Replace a Protected File in Windows Me"
> (http://support.microsoft.com?kbid=265371).
>
> You can use either the CAB files on your hard disk (probably in either
> C:\Windows\Options\Cabs or C:\Windows\Options\Install) or those on your
> Win Me CD or Recovery disk.
> --
> Mike Maltby MS-MVP
> mike.maltby@gmail.com
>
>
> Craig S <CraigS@discussions.microsoft.com> wrote:
>
> > Recent Scan produced following:C:\WINDOWS\HELP\TSHOOT00.CHM »CHM
> > »/w0dvd_result.htm - probably modified trojan VBS/Valg.A - -
> > NOD32 AV only offers "LEAVE" option- (Stinger/Spybot S&D/AdAware SE
> > no help- TSHOOT00.CHM can be found in the Win_9.cab file which I
> > found in C:\Windows\Options\Install folder (8 MB size).
> > Install CD is via DELL OEM original install/Believe Desired Folder
> > Not On It- Is there any logic to copying file from Win_9.cab over the
> > one showing "probable trojan"?
> > http://support.microsoft.com/kb/129605/EN-US/ addresses Extracting
> > Compressed Files AND Extracting Those protected by the System File
> > Protection feature in Windows Me.
> > I'm not good at this but is this a way to fix the issue? Many Thanks!
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsme.general (More info?)

Thanks for the update Craig. Knowing where to look for replacement files
and how to then change a current file is always useful.

Cheers,
--
Mike Maltby MS-MVP
mike.maltby@gmail.com


Craig S <CraigS@discussions.microsoft.com> wrote:

> ESET/NOD32 AV Trojan Alert on TSHOOT00.chm (in Windows\HELP finally
> written out as False Positive. Good learning experience as I did
> learn how to extract files. Thanks Mike.