Guest MM Posted May 6, 2008 Posted May 6, 2008 Windows 98SE PC was working fine. I had been downloading some files, e.g. RealPlayer. No apparent problems. Powered down. Later on, started it up again. There was some kind of error message at the DOS level where it said Abort, Retry, Fail. I said Abort. Then: Invalid System Disk etc etc. Drive C buggered. However, I booted up to DOS from a floppy and most (95%) of the folders and files on C appeared intact. But here's the important thing, certain key parts of the OS were gone! The VMM32 folder in Windows\System no longer existed, neither IOSUBSYS. Also, no MSDOS.SYS in drive C. But I had a very recent TrueImage image, so I just restored it. Since then I have been running virus checkers like there's no tomorrow on both PCs, but all come up clean. What could totally trash those folders, yet leave most of the hard drive files intact? My suspicion is a virus. MM
Guest MM Posted May 6, 2008 Posted May 6, 2008 Re: Did I have a virus? On Tue, 6 May 2008 08:00:22 -0700 (PDT), Fan924 <a924fan@yahoo.com> wrote: >Can you boot from C: now? Oh, it's fixed because I restored a TrueImage image from three days ago. But I don't know what caused the problem, that's the worry I have. This was not just one file that got trashed, but all or most of the essential OS that Windows needs in order to load. Exactly the kind of payload one might expect from a virus, I should think. MM
Guest Gary S. Terhune Posted May 6, 2008 Posted May 6, 2008 Re: Did I have a virus? A virus/spyware/malware forum is where you need to ask this kind of question. There are many such forums out there. I think perhaps Aumha.net might be a good place to start. http://aumha.net/viewforum.php?f=27 -- Gary S. Terhune MS-MVP Shell/User http://www.grystmill.com "MM" <kylix_is@yahoo.co.uk> wrote in message news:ji1124p8eu624h65rt5dd0l45fuu7l9bf0@4ax.com... > On Tue, 6 May 2008 08:00:22 -0700 (PDT), Fan924 <a924fan@yahoo.com> > wrote: > >>Can you boot from C: now? > > Oh, it's fixed because I restored a TrueImage image from three days > ago. But I don't know what caused the problem, that's the worry I > have. This was not just one file that got trashed, but all or most of > the essential OS that Windows needs in order to load. Exactly the kind > of payload one might expect from a virus, I should think. > > MM
Guest philo Posted May 6, 2008 Posted May 6, 2008 Re: Did I have a virus? "MM" <kylix_is@yahoo.co.uk> wrote in message news:s4q024lrs7uc8l9dt80klkfvj8umi3tqfd@4ax.com... > Windows 98SE PC was working fine. I had been downloading some files, > e.g. RealPlayer. No apparent problems. Powered down. Later on, started > it up again. There was some kind of error message at the DOS level > where it said Abort, Retry, Fail. I said Abort. Then: Invalid System > Disk etc etc. Drive C buggered. However, I booted up to DOS from a > floppy and most (95%) of the folders and files on C appeared intact. > > But here's the important thing, certain key parts of the OS were gone! > The VMM32 folder in Windows\System no longer existed, neither > IOSUBSYS. Also, no MSDOS.SYS in drive C. > > But I had a very recent TrueImage image, so I just restored it. Since > then I have been running virus checkers like there's no tomorrow on > both PCs, but all come up clean. > > What could totally trash those folders, yet leave most of the hard > drive files intact? My suspicion is a virus. > > MM If you listed all the stuff you downloaded...someone may know if it was potentially something dangerous. Here is some info on Real Player http://www.ibtimes.com/articles/20080131/realplayer-badware-spyware-networks.htm What else were you downloading?
Guest MM Posted May 7, 2008 Posted May 7, 2008 Re: Did I have a virus? On Tue, 6 May 2008 15:32:00 -0500, "philo" <philo@privacy.net> wrote: > >"MM" <kylix_is@yahoo.co.uk> wrote in message >news:s4q024lrs7uc8l9dt80klkfvj8umi3tqfd@4ax.com... >> Windows 98SE PC was working fine. I had been downloading some files, >> e.g. RealPlayer. No apparent problems. Powered down. Later on, started >> it up again. There was some kind of error message at the DOS level >> where it said Abort, Retry, Fail. I said Abort. Then: Invalid System >> Disk etc etc. Drive C buggered. However, I booted up to DOS from a >> floppy and most (95%) of the folders and files on C appeared intact. >> >> But here's the important thing, certain key parts of the OS were gone! >> The VMM32 folder in Windows\System no longer existed, neither >> IOSUBSYS. Also, no MSDOS.SYS in drive C. >> >> But I had a very recent TrueImage image, so I just restored it. Since >> then I have been running virus checkers like there's no tomorrow on >> both PCs, but all come up clean. >> >> What could totally trash those folders, yet leave most of the hard >> drive files intact? My suspicion is a virus. >> >> MM > > >If you listed all the stuff you downloaded...someone may know if it >was potentially something dangerous. > >Here is some info on Real Player >http://www.ibtimes.com/articles/20080131/realplayer-badware-spyware-networks.htm Alleged "badware", maybe. But hardly a contender for erasing one's key Windows OS files ! >What else were you downloading? nclip.exe (network clipboard) SAPI4SDKSUITE.exe (Microsoft Speech) iview410_setup.exe (Irfan View) irfanview_plugins_410_setup.exe All checked with an anti-virus program. MM
Guest philo Posted May 7, 2008 Posted May 7, 2008 Re: Did I have a virus? <snip> > > > >If you listed all the stuff you downloaded...someone may know if it > >was potentially something dangerous. > > > >Here is some info on Real Player > >http://www.ibtimes.com/articles/20080131/realplayer-badware-spyware-network s.htm > > Alleged "badware", maybe. But hardly a contender for erasing one's key > Windows OS files ! > > >What else were you downloading? > > nclip.exe (network clipboard) > SAPI4SDKSUITE.exe (Microsoft Speech) > iview410_setup.exe (Irfan View) > irfanview_plugins_410_setup.exe > > All checked with an anti-virus program. > > True, Real Player is not a virus nor does it look like you were attempting to download any malware. There are of course some very unsafe websites out there... you know the kind I'm talking about... but obviously you know better than to go there... So was it a virus??? I don't know. Did the machine ...possibly... "hang" at shut down and did scan disk "repair" errors upon start up? That could have been what caused your situation... but I'm pretty sure you would have mentioned that... had that been the case. The bottom line is that you were wise to have a good back-up... so it looks like you are not the type of person to "let 'em get you down".
Guest MM Posted May 7, 2008 Posted May 7, 2008 Re: Did I have a virus? On Wed, 7 May 2008 07:08:34 -0500, "philo" <philo@privacy.net> wrote: ><snip> >> > >> >If you listed all the stuff you downloaded...someone may know if it >> >was potentially something dangerous. >> > >> >Here is some info on Real Player >> >>http://www.ibtimes.com/articles/20080131/realplayer-badware-spyware-network >s.htm >> >> Alleged "badware", maybe. But hardly a contender for erasing one's key >> Windows OS files ! >> >> >What else were you downloading? >> >> nclip.exe (network clipboard) >> SAPI4SDKSUITE.exe (Microsoft Speech) >> iview410_setup.exe (Irfan View) >> irfanview_plugins_410_setup.exe >> >> All checked with an anti-virus program. >> >> > > >True, Real Player is not a virus nor does it look like you >were attempting to download any malware. > >There are of course some very unsafe websites out there... >you know the kind I'm talking about... >but obviously you know better than to go there... > > >So was it a virus??? > >I don't know. > >Did the machine ...possibly... "hang" at shut down >and did scan disk "repair" errors upon start up? No. While I do occasionally get a hang on Windows shutdown on either PC, it is rare and scandisk always fixes it. >That could have been what caused your situation... >but I'm pretty sure you would have mentioned that... >had that been the case. > > >The bottom line is that you were wise to have a good back-up... >so it looks like you are not the type of person >to "let 'em get you down". The main thing I *always* back up are my data files. If I am working on developing software (my chosen language is classic VB, but also Delphi) then I will zip the entire folder I'm working on and whack the zip onto a memory stick. Every day or two I then transfer the memory stick to a CD or DVD. But since I came across TrueImage (for free, on a magazine cover DVD) I use it all the time (having previously found Ghost to be a right PITA). TI is amazing! With my exchangable drive racks it means I can have umpteen experimental installations, including Ubuntu, SuSE etc, with just four physical drives. Also, TI makes an image in a matter of minutes (18gb hard drive), so I can run it while making a couple of tea. Nothwithstanding the above, it's a bit disconcerting to be hit with such a catastrophic problem for the first time in literally years. Almost like having one's home burgled. MM
Guest philo Posted May 7, 2008 Posted May 7, 2008 Re: Did I have a virus? <snip> >> >>Did the machine ...possibly... "hang" at shut down >>and did scan disk "repair" errors upon start up? > > No. While I do occasionally get a hang on Windows shutdown on either > PC, it is rare and scandisk always fixes it. > Aha!!! When scandisk "fixes" problems what it does is correct logical errors on the drive. Most of the time...there is no harm done... however...if you have ever noticed that .chk files are being written... that means file fragments are simply being assigned as a file. In some cases the file fragments are actually parts of necessary files that are now rendered useless...and in other situations they are merely unneeded or redundant information. So, if scandisk had run, converted some needed system file fragments to .chk files... your system would only have had logical errors corrected . >>That could have been what caused your situation... >>but I'm pretty sure you would have mentioned that... >>had that been the case. >> >> >>The bottom line is that you were wise to have a good back-up... >>so it looks like you are not the type of person >>to "let 'em get you down". > > The main thing I *always* back up are my data files. If I am working > on developing software (my chosen language is classic VB, but also > Delphi) then I will zip the entire folder I'm working on and whack the > zip onto a memory stick. Every day or two I then transfer the memory > stick to a CD or DVD. But since I came across TrueImage (for free, on > a magazine cover DVD) I use it all the time (having previously found > Ghost to be a right PITA). > > TI is amazing! With my exchangable drive racks it means I can have > umpteen experimental installations, including Ubuntu, SuSE etc, with > just four physical drives. Also, TI makes an image in a matter of > minutes (18gb hard drive), so I can run it while making a couple of > tea. > > Nothwithstanding the above, it's a bit disconcerting to be hit with > such a catastrophic problem for the first time in literally years. > Almost like having one's home burgled. > > MM Yes... so you were very smart for backing up your system!
Recommended Posts