Tuesday, July 21, 2009

Using the Recovery Console to fix "validation failed for C:\WINDOWS\system32\VSINIT.dll" error

Jump To Solution - How to manually disable Zone Alarm

From time to time files get corrupted. If you're lucky this happens in an innocuous place like a text file or a picture that you're never going to need.

If you're unlucky, it can happen in internal data files needed by some software running on your computer.

If you're extremely unlucky, it can happen in files needed by software that embeds itself in practically every operation that executes on your computer.

If you're astronomically unlucky, that particular file will be so important to that particular piece of software that it will refuse to run if the file has been changed. Since corruption counts as change, corruption prevents this piece of software from running.

Unfortunately this piece of software, AntiVirus software from Zone Labs, is then faced with a conundrum. If its data files were tampered with then it can't be sure that it's operating properly. But if it doesn't operate properly, because it embeds itself in practically every action you take on your computer, then the user won't be able to use their computer (not easily anyway).

To make matters worse, the AntiVirus software has to run to uninstall itself. But it can't do that when it thinks one of its critical files has been compromised. So you're left with a PC that crashes everytime explorer executes one of its shell hooks (e.g., you open a context menu to, say, delete a folder).

AntiVirus software, being rationally defensive, isn't easy to uninstall manually. Otherwise viruses would just uninstall it before wreaking havoc on the infected machines. Sometimes AntiVirus software embeds itself so deeply into the PC that you can't uninstall it manually even from safe mode.

How does it do that? I'm not exactly sure, but I believe in this case, a virtual device driver (vsdatant.sys) has something to do with it.

Since Safe Mode wasn't safe enough to uninstall the AntiVirus device driver or monitoring service (vsmon), I decided to give the recovery console a try.

The recovery console is an option that appears when you boot from the Windows XP setup disk. After slowly loading enough drivers to provide basic functionality, the setup disk displays a blue screen with a few options. One of the options is to, of course, install Windows XP. Another option, selected via R, is to enter the recovery console.

It's a stripped down environment with only a command prompt and a few commands. But those commands are precious! The disable and enable commands can be used to disable or enable both services AND device drivers. So all it takes to disable a crippled Zone Alarm (so that it can be manually uninstalled then reinstalled) is:

disable vsdatant
disable vsmon

That's it. After a reboot Zone Alarm can be manually uninstalled, the certificate store updated and Zone Alarm reinstalled.

To make this easier in the future I installed the recovery console as a boot option using the handy winnt32.exe /cmdconsole command in the i386 directory of the XP Setup CD.

No comments :

Post a Comment