Am I ok to extract using Winzip - should be ok?

[Fred176]

I have to install the self-extracting file for Windows XP sp3 update - WINDOWSXP-KB936929-SP3-X86-ENU.EXE. While doing this, it got stuck on the file atapi.sys (claims it's open or locked). Unlocker didn't work too well other than rename so I decided to trick Windows into thinking that I have the newer file by extracting it first.

So I extracted the file (with Winzip) atapi.sy_ from the above self-extracting .exe. So I should be ok to use this file once I rename the file to atapi.sys. I assume. I don't think tools like extrac32 and msconfig will work on this. I believe kbfile.exe would work but I don't have that utility.

One other issue is that the newer file is only about 48kb, while the old one is like over 90kb. So I wonder if I better be very careful to use all of the new files right away.

What I mean is, I wonder if the entire design of their file system utilities are different in sp3 than sp2. Not sure about this. But I think I will proceed to use the Winzip extracted file and copy it over the old one for sp2. Then continue. I may have to copy it in Linux since the current sp2 atapi.sys is probably locked. So I guess this should work more or less.

My question is just that I can assume Winzip did it's job ok - that's all I needed?

 

[Fred176]

I think I might have just answered my question partly, not fully, but if that file is > 90kb, then it has an embedded virus since the original was only like 49kb. Wow!!!!

So the new atapi.sys for sp3 is 48.8kb (52.0 kb on disk) and the old one for sp2 is 48.3 kb (also 52.0 kb on disk). So I feel better now. I just need to figure out how to get rid of an embedded virus or simply copy over that file in Linux with the OLD sp2 original version which I've now extracted. Then I can install sp3. So I should just go into Linux now and do the copy. This should work - copying a fresh old sp2 first and then working up to sp3.

 

[Fred176]

One minor comment - the files I've extracted for this problem troubleshoot do NOT have version tabs on their properties, the one in system32\drivers DOES have a version tab. So I guess I'll have to add the version tab later somehow - no big deal I guess. Or perhaps the installation of sp3 will do this. Could Winzip have missed this? I don't know.

 

[Fred176]

Wow, this story gets funnier. I just went into Linux and replaced the supposed infected file with the supposed old sp2 atapi.sys file. But when I rebooted, the boot process failed while loading drivers. So I had to go back into Linux and copy the old supposed infected file back just so I can run windows.

So now I have to come up with some sort of file that will work when I boot. Funny one.

 

[Fred176]

I'll have to investigate this problem further - I would have expected the problem to iron itself out when I copied the original sp2 file over the supposed infected file. Strange problem I have.

 

[Fred176]

I believe I am infected with something called Win32/Olmarik.SJ but I need to prove this.

 

[Fred176]

I scanned the file atapi.sys but totalvirus found nothing. It's obvious that there IS a virus in there so I will need another way to find it - I don't see the usual registry corruption with Olmarik though so it might be a different virus or different version than seen before or just it passed for some reason. But the file is 93kb+ in size which is way wrong.

 

[Fred176]

I ran Kaspersky labs tdsskiller.exe (renamed to run it), but it scanned 334 objects and found nothing wrong.

 

[Fred176]

I am running malware antibytes but I will uninstall it since it won't let me turn off the checkbox that makes it start at startup of windows. I don't want it to run when Windows starts.

 

[hang-the-9]

Not sure why are you going through all this, reboot the computer, re-download a new copy of SP3 from Microsoft, run the setup for it. If it's stuck on a file, it's not an issue with the download, you may have a RAM or a hard drive issue.