WTF Office 2003 killed my partition?
MJO
Denmark New
I installed Office 2003, and once it was done Windows was complaining about some files being changed.
I tried to feed windows the windows installation CD.
But no, it wouldn't use it, I rebooted and was greeted by a screen telling me hal.dll had gone FUBAR.
Oh well I installed a new XP on top of the old one, tried repairing.
Then all my old directories were empty oh horror I had some important stuff there.
Seems office 2003 messed op the filesystem, I just love that.
:banghead:
Easy Recovery is salvaging the remains at the moment.
I just had to write this, I am not in a good mood at the moment.
But now I have to reinstall Windows, and I was planning to do that soon.
I tried to feed windows the windows installation CD.
But no, it wouldn't use it, I rebooted and was greeted by a screen telling me hal.dll had gone FUBAR.
Oh well I installed a new XP on top of the old one, tried repairing.
Then all my old directories were empty oh horror I had some important stuff there.
Seems office 2003 messed op the filesystem, I just love that.
:banghead:Easy Recovery is salvaging the remains at the moment.
I just had to write this, I am not in a good mood at the moment.
But now I have to reinstall Windows, and I was planning to do that soon.
0
Comments
Are you sure it wasn't something else? I've never heard of something like that happening. My first thought was "screwy hard drive or bad cable".
Did you run memtest?
But the error occurred right after Office 2003 was installed.
I received no other errors except the one from windows regarding a modified system file. Office didn't report anything.
I then rebooted and was greeted by a screen telling me that hal.dll was missing.
Everything is "fine" now, and I have installed Office 2003 again.
This time around it didn't ruin anything, I think.
BTW: My previous Windows installation was updated and I was using NAV2004.
I got the Sasser virus as on top of all this, apparently the new version bundled with another virus.
Sasser shut down the machine a couple of times, and then I discovered that my freshly installed NAV2004 couldn't update.
Actually I couldn't access www.symantec.com at all.
Sasser's companion had edited my hosts file, it had blocked every single AV software company in existence.
Well I deleted the entries and now my NAV2004 is running fine.
But OMG, I am having problems today.
Good thing I am going to watch Van Helsing in the Cinema tonight.
http://www.kellys-korner-xp.com/xp_haldll_missing.htm
I doubt that OFFICE fubared the HAL but it's a crapper when you get infected. Always put on a condom when emailing or surfing the net. I say wipe the drives and reinstall everything. That's why I love ghost so much.
I cannot explain the missing hal.dll either, but it is odd that it happened right after a bad office install.
Regarding the virus spread on my rig, I guees I was vulnarable with a freshly installed windows. It had no protection, and Sasser got in before I was done updating from windowsupdate.com and before I had installed/updated NAV2004.
The companion mentioned earlier is gaobot, it was also gaobot that changed my hosts file.
You should have been safe. :banghead: Dunno?
Install Windows.
Install AV
Reboot\restart if needed or told to
Update AV (your AV CD image has defs that are as old as the CD master burn date is, or EARLIER by up to a month)
Reboot\Restart
Now open a web pipe of browsing type and go to WindowsUpdate.
Why??? there are so many viruses out there that can randomly rename or which target specific system files by folder and can rername ANY file in that folder and\or infect and rename it, that even before you can get the new WindowsUpdate software that creates this link connection linking builtin and form the link, that worms like Blaster can infect the box and randomly rename at least one system file (including the HAL.DLL) before you even get the updates much less install them.
There are so many copies of these things, and I have seen so many boxes infected this way, that it is very likely that as soon as IE opens its first web pipe, that viruses will come in through a combo of an unpatched windows and unpatched IE before you even install and update the AV software if you do anything open on the web first before installing and updating NAV in particular that you get infected while the pipe is open to get the WidnwosUpdate patches. Any worm infected box can feed this virus (Blaster specifically) to you and all the time the box is up Blaster will be working from arrival of blaster onward until you scan with updated AV ADN have updated.
This happened to me twice myself. And at least 15 times to clients I work with down here-- in the last 9 months.
The only other ways I know for this to happen are:
Firstly this-- you have a box, and if you try to relaod Widnwos without zero-packing the drive, Blaster specifically and other now, can stay on the HD. there are also boot sector viruses that can open trojan pipes these days.
Second way, you do not have the security patches on CD that close the blaster hole and others when you clean install, and the viruses hit while the update secure pipe is being formed.
Third way, the file HAL.DLL does not get written right in the first place, gets indexed with a bad name or is corruptly written to HD due to a misdetect or hardware fault or scratched CD-- in this instance, I strongly doubt this and almost bet the box is virused.
If you have a February 2004 security CD, which is avilable free from Microsoft to any user, you can oprevent a blaster infection by installing the security patches on that CD before you even let the box get online and this is an alternative.
Second alternative way to reinstall without having AV present before you open a normal browser pipe is to recover from an install image with security packs on it, and doing this with same box you installed a licensed Windows onto in first place is within the license scope and not a DMCA violate as recovery is allowed for by Microsoft in license terms and the way they designed Windows. A fully scripted install is within the license, and an XP install script can pull things from media used on that same box you install to in the first place. one of the things allowed fro but not speciifcally publicized, is this-- recovery can in fact be doen from a saved backup that results in a rewrite of almost everything. That is how automated system recovery works, and a script can run the Automated system recovery script and\or call a backup recovery-- data can be on a DVD or a seperate HD from the boot physical HD. So long as you follow a one-box, one license basis, you are fully legally able to do this.
I hate doing this, but there are too many unprotected or vulnerable boxes out there now that are infected with viruses that are doing this to folks that one of these three processes is best way to get an XP load without immediate infection. Every time since Blaster first went wild that I have tried not AV securing a box before opening a normal port 80 or 8080 pipe before WindowsUpdating, I have had a Blastered box at first AV full scan time with updated defs for AV present. Half the time, I have had more than one virus on the box.
Best fix: Get the February 2004 security updates CD, apply patches on it before you even take box browsing. NAV does not use a port 80 or port 8080 connect to update. Thus you can install, register, and update it without opening a pipe for Blaster to come in.
Sorry this was long, but this logic is not in plain english in one chunk on the web AFAIK. AND it needs to be, IMHO, given how many folks's boxes I have had to reload within a week of install that HAD updated AV on tham AND were blastered to death.
Gobbles
I have absolutely no idea why it happened right after Office 2003 was installed.
But I do suspect that Office killed my partition.
To my knowledge I didn't have any virusses nor did I have any problems, other than mediaplayer not being able to play DivX.
I had all available updates for windows, and my AV was up to date yesterday it told me that it had updated definitions.
Therefore I do not suspect a viral attack, but my filesystem may have had a hole/flaw/unrepaired something. Maybe Office triggered it somehow?
NTFS isn't bulletproof to my knowledge?
The virus attacks, occurred after reinstalling windows.
And I do believe that I have repelled all invaders.
It is indeed easier to kill one virus, it is much harder getting rid of two at the same time.
And I got most of my files back, thanks to Easy Recovery.
Some files got messed up, but all things considered I am pleased with my salvage operation. I could have lost all of them.