grml 1.1 works!

marbux marbux at gmail.com
Thu Jan 1 04:03:42 UTC 2009 

On Wed, Dec 31, 2008 at 8:31 AM, Josh <jkenn337 at gmail.com> wrote:
my wife's machine has a virus in it called
> c:\windows\system32\drmclienp.dll . pay attention to spelling. so I want to
> delete this file and therefore get rid of the virus. but windows will not
> let me access the file. so how do I do this using grml linux 1.1?

I'm not familiar with grml, but this can be done fairly simply in
Windoze using a program like Unlocker.
<http://ccollomb.free.fr/unlocker/>. The linked page has a list of
similar programs as well.

Basically, the problem is that Windoze does not allow you to delete
DLLs that are loaded in memory. So the trick is either to get the DLL
unloaded so you can delete it or to get it marked for deletion upon
rebooting, before it is loaded in memory.

You can also do it from Linux, commonly from a non-installed live CD
version. But it will need to be a live CD/Linux that has support for
the Windoze file system, which will be either NTFS or FAT32. There are
packages you can download and install to get that support. After
booting Linux and installing such a package if necessary, you'll need
to mount the Windoze partition, then navigate to the directory that
contains the file, then rename or delete it.

I favor renaming until you are certain Windoze will run properly
without it. Then the file can be deleted from Windoze. If Windoze
won't run properly without it, then you can rename it back to the name
it had, then reboot.

Also, if the file in fact contains a virus, the same software that
detected the virus likely will be able to delete or disable the virus.
See if you can find a feature in the anti-virus program called
"quantine" or "heal."

If you have the assistance of a sighted person, you might also
download and install Prio, <http://prnwatch.com/prio.html>. It adds
some bells and whistles to the Windoze Task Manager (the 3-finger
salute dialog). One of them is a Services tab, which displays all
running services. Find the service for your bothersome file and
right-click on it. it. From the context menu, select Startup Mode,
then Disabled. Reboot Windoze, and you should then be able to
delete/rename the file.

There are still other methods, but at least one of the above should work.

Best regards,

Paul

-- 
Universal Interoperability Council
<http:www.universal-interop-council.org>

More information about the Blinux-list mailing list