Bev and Jerry:

With a "clean" WinXP installation, with NONE of the earlier Critical Updates, you have a statistical 50% (or higher) chance of "infection" within the first hour of connection to the internet, based on tests recently conducted by reputable labs. With a good AV program working, you might extend the 50-50 odds point a little longer, but quite a lot of malware out there (technically not all are viruses) can get in past any AV, at least temporarily. With good AV and a decent firewall, you might survive a little longer – or not. Ports that you NEED to have open can be accessed from outside your machine, and your firewall has to allow "legitimate" access to them. Known vulnerabilities in unpatched WinXP can be exploited, by junk entering via those ports disguised as "legitimate" accesses, to put crud on your machine, and to use it for malicious purposes, often without you even knowing it's there.

Installing all the patches doesn't necessarily prevent everything from getting in, but if something does get in, there's little it can do before you have a chance to find and remove it if the hole it's designed to exploit has been patched. Some malware is packaged so that technically it isn't a virus when it arrives. It may reveal it's viral components later when it tries to execute on your machine, or in some cases may run as a script to download crudware later. Your AV may intercept it once its malware components appear, but it may be too late to prevent some damage. Many such "devices" execute at startup, and may get started before your AV can be loaded. If this happens, they can do some damage before there is an operable AV to intercept them. Even if your AV deletes the "malware" when the AV starts, it may not remove "programs" or other artifacts installed by the malware.


Your shop should have had no difficulty extracting the missing/corrupt file from the SP2 CD or copying it from the C:\Windows\ServicePackFiles\i386 folder on your machine to the working location in C:\Windows\System32. (They should not be attempting to install SP2 from downloads, since all the prior Critical Patches must be installed ahead of SP2, and the CD is the only practical way to assure that, unless they have unlimited "connect time" for each customer. Unless they only have one customer, they'll be working on machines with a variety of incomplete prior patch installations.)

In fairness to them, they may or may not have tried to address the symptom you indicated or they may have found other problems, and the reformat and reinstall is often done to avoid spending a lot of "research" time in the shop. You took them a "dead" machine, which does complicate things. It's seldom the best solution, but it's their call - or yours.

A corrupted .exe file should ALWAYS suggest the possibility of malware on the system. While it's possible that a single copy of the SP2 install might be a "bad copy," it's much more likely that the file was "corrupted" on the machine, unless both you and your shop used the "same" corrupted copy of the update. Another drive, or partition, that was not reformatted could be a source of an infection. There are a few other possible causes, but your shop needs to know why this file "disappeared," especially if it did so after they reinstalled from their own source media, if only to verify that it's not due to malware.

There are numerous known difficulties with SP2 installation, but most of them, for home machines, relate to specific software installed on the machine, or to "specific hardware" connected to it. WinXP SP2 usually works, but individual programs and/or functions don't. A very few individual programs lack full fixes, although even for most of these there are known "workarounds." It is possible someone might have hardware for which no good driver is available. SP2 can be "set back" to lower security levels to accommodate most of these, which is still significantly more secure than running a machine with none of the old holes patched.

Given a "clean" machine, with reformatted drive, and a new installation of WinXP, there should be very few cases where the SP2 installation shouldn't be successful if properly done. Properly done in this case SPECIFICALLY means that all prior Critical Updates must be installed before SP2. The only practical way of getting the required prior updates is from the SP2 CD, since the total "download" approaches 800 MB. (About 700 MB if you omit SP2 itself.) It's unlikely you can connect long enough to get the earlier updates without having one of the "still unpatched" holes being exploited.

One step in the SP2 instructions that's often skipped is to scan for viruses and other malware immediately before installing. If you intend to install from downloads, you need to scan carefully and thoroughly before the download, since the installation files themselves could be compromised by malware already on your machine.

Another recommended step that's often skipped is to check for program and driver "SP2 compatible" updates for your stuff before you install, and check the lists of known problem software to be sure there are fixes or workarounds for things you have. There are updates to Microsoft's own programs that are helpful, and in some cases "almost imperative." The majority of Microsoft programs that really need updates are server versions, but visiting Office Updates is suggested.

Sorry to hear of your problems. Take a deep breath and think about it for a bit.

John