Did I have a virus?

[MM]

Windows 98SE PC was working fine. I had been downloading some files,
e.g. RealPlayer. No apparent problems. Powered down. Later on, started
it up again. There was some kind of error message at the DOS level
where it said Abort, Retry, Fail. I said Abort. Then: Invalid System
Disk etc etc. Drive C buggered. However, I booted up to DOS from a
floppy and most (95%) of the folders and files on C appeared intact.

But here's the important thing, certain key parts of the OS were gone!
The VMM32 folder in Windows\System no longer existed, neither
IOSUBSYS. Also, no MSDOS.SYS in drive C.

But I had a very recent TrueImage image, so I just restored it. Since
then I have been running virus checkers like there's no tomorrow on
both PCs, but all come up clean.

What could totally trash those folders, yet leave most of the hard
drive files intact? My suspicion is a virus.

MM

 

[Fan924]

Can you boot from C: now?

 

[MM]

On Tue, 6 May 2008 08:00:22 -0700 (PDT), Fan924 <a924fan@yahoo.com>
wrote:

>Can you boot from C: now?

Oh, it's fixed because I restored a TrueImage image from three days
ago. But I don't know what caused the problem, that's the worry I
have. This was not just one file that got trashed, but all or most of
the essential OS that Windows needs in order to load. Exactly the kind
of payload one might expect from a virus, I should think.

MM

 

[Gary S. Terhune]

A virus/spyware/malware forum is where you need to ask this kind of
question. There are many such forums out there. I think perhaps Aumha.net
might be a good place to start. http://aumha.net/viewforum.php?f=27

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"MM" <kylix_is@yahoo.co.uk> wrote in message
news:ji1124p8eu624h65rt5dd0l45fuu7l9bf0@4ax.com...
> On Tue, 6 May 2008 08:00:22 -0700 (PDT), Fan924 <a924fan@yahoo.com>
> wrote:
>
>>Can you boot from C: now?
>
> Oh, it's fixed because I restored a TrueImage image from three days
> ago. But I don't know what caused the problem, that's the worry I
> have. This was not just one file that got trashed, but all or most of
> the essential OS that Windows needs in order to load. Exactly the kind
> of payload one might expect from a virus, I should think.
>
> MM

 

[philo]

"MM" <kylix_is@yahoo.co.uk> wrote in message
news:s4q024lrs7uc8l9dt80klkfvj8umi3tqfd@4ax.com...
> Windows 98SE PC was working fine. I had been downloading some files,
> e.g. RealPlayer. No apparent problems. Powered down. Later on, started
> it up again. There was some kind of error message at the DOS level
> where it said Abort, Retry, Fail. I said Abort. Then: Invalid System
> Disk etc etc. Drive C buggered. However, I booted up to DOS from a
> floppy and most (95%) of the folders and files on C appeared intact.
>
> But here's the important thing, certain key parts of the OS were gone!
> The VMM32 folder in Windows\System no longer existed, neither
> IOSUBSYS. Also, no MSDOS.SYS in drive C.
>
> But I had a very recent TrueImage image, so I just restored it. Since
> then I have been running virus checkers like there's no tomorrow on
> both PCs, but all come up clean.
>
> What could totally trash those folders, yet leave most of the hard
> drive files intact? My suspicion is a virus.
>
> MM


If you listed all the stuff you downloaded...someone may know if it
was potentially something dangerous.

Here is some info on Real Player
http://www.ibtimes.com/articles/20080131/realplayer-badware-spyware-networks.htm


What else were you downloading?

 

[MM]

On Tue, 6 May 2008 15:32:00 -0500, "philo" <philo@privacy.net> wrote:

>
>"MM" <kylix_is@yahoo.co.uk> wrote in message
>news:s4q024lrs7uc8l9dt80klkfvj8umi3tqfd@4ax.com...
>> Windows 98SE PC was working fine. I had been downloading some files,
>> e.g. RealPlayer. No apparent problems. Powered down. Later on, started
>> it up again. There was some kind of error message at the DOS level
>> where it said Abort, Retry, Fail. I said Abort. Then: Invalid System
>> Disk etc etc. Drive C buggered. However, I booted up to DOS from a
>> floppy and most (95%) of the folders and files on C appeared intact.
>>
>> But here's the important thing, certain key parts of the OS were gone!
>> The VMM32 folder in Windows\System no longer existed, neither
>> IOSUBSYS. Also, no MSDOS.SYS in drive C.
>>
>> But I had a very recent TrueImage image, so I just restored it. Since
>> then I have been running virus checkers like there's no tomorrow on
>> both PCs, but all come up clean.
>>
>> What could totally trash those folders, yet leave most of the hard
>> drive files intact? My suspicion is a virus.
>>
>> MM
>
>
>If you listed all the stuff you downloaded...someone may know if it
>was potentially something dangerous.
>
>Here is some info on Real Player
>http://www.ibtimes.com/articles/20080131/realplayer-badware-spyware-networks.htm

Alleged "badware", maybe. But hardly a contender for erasing one's key
Windows OS files !

>What else were you downloading?

nclip.exe (network clipboard)
SAPI4SDKSUITE.exe (Microsoft Speech)
iview410_setup.exe (Irfan View)
irfanview_plugins_410_setup.exe

All checked with an anti-virus program.

MM

 

[philo]

<snip>
> >
> >If you listed all the stuff you downloaded...someone may know if it
> >was potentially something dangerous.
> >
> >Here is some info on Real Player
>
>http://www.ibtimes.com/articles/20080131/realplayer-badware-spyware-network
s.htm
>
> Alleged "badware", maybe. But hardly a contender for erasing one's key
> Windows OS files !
>
> >What else were you downloading?
>
> nclip.exe (network clipboard)
> SAPI4SDKSUITE.exe (Microsoft Speech)
> iview410_setup.exe (Irfan View)
> irfanview_plugins_410_setup.exe
>
> All checked with an anti-virus program.
>
>


True, Real Player is not a virus nor does it look like you
were attempting to download any malware.

There are of course some very unsafe websites out there...
you know the kind I'm talking about...
but obviously you know better than to go there...


So was it a virus???

I don't know.

Did the machine ...possibly... "hang" at shut down
and did scan disk "repair" errors upon start up?

That could have been what caused your situation...
but I'm pretty sure you would have mentioned that...
had that been the case.


The bottom line is that you were wise to have a good back-up...
so it looks like you are not the type of person
to "let 'em get you down".

 

[MM]

On Wed, 7 May 2008 07:08:34 -0500, "philo" <philo@privacy.net> wrote:

><snip>
>> >
>> >If you listed all the stuff you downloaded...someone may know if it
>> >was potentially something dangerous.
>> >
>> >Here is some info on Real Player
>>
>>http://www.ibtimes.com/articles/20080131/realplayer-badware-spyware-network
>s.htm
>>
>> Alleged "badware", maybe. But hardly a contender for erasing one's key
>> Windows OS files !
>>
>> >What else were you downloading?
>>
>> nclip.exe (network clipboard)
>> SAPI4SDKSUITE.exe (Microsoft Speech)
>> iview410_setup.exe (Irfan View)
>> irfanview_plugins_410_setup.exe
>>
>> All checked with an anti-virus program.
>>
>>
>
>
>True, Real Player is not a virus nor does it look like you
>were attempting to download any malware.
>
>There are of course some very unsafe websites out there...
>you know the kind I'm talking about...
>but obviously you know better than to go there...
>
>
>So was it a virus???
>
>I don't know.
>
>Did the machine ...possibly... "hang" at shut down
>and did scan disk "repair" errors upon start up?

No. While I do occasionally get a hang on Windows shutdown on either
PC, it is rare and scandisk always fixes it.

>That could have been what caused your situation...
>but I'm pretty sure you would have mentioned that...
>had that been the case.
>
>
>The bottom line is that you were wise to have a good back-up...
>so it looks like you are not the type of person
>to "let 'em get you down".

The main thing I *always* back up are my data files. If I am working
on developing software (my chosen language is classic VB, but also
Delphi) then I will zip the entire folder I'm working on and whack the
zip onto a memory stick. Every day or two I then transfer the memory
stick to a CD or DVD. But since I came across TrueImage (for free, on
a magazine cover DVD) I use it all the time (having previously found
Ghost to be a right PITA).

TI is amazing! With my exchangable drive racks it means I can have
umpteen experimental installations, including Ubuntu, SuSE etc, with
just four physical drives. Also, TI makes an image in a matter of
minutes (18gb hard drive), so I can run it while making a couple of
tea.

Nothwithstanding the above, it's a bit disconcerting to be hit with
such a catastrophic problem for the first time in literally years.
Almost like having one's home burgled.

MM

 

[philo]

<snip>
>>
>>Did the machine ...possibly... "hang" at shut down
>>and did scan disk "repair" errors upon start up?
>
> No. While I do occasionally get a hang on Windows shutdown on either
> PC, it is rare and scandisk always fixes it.
>


Aha!!!

When scandisk "fixes" problems what it does is correct logical errors on the
drive.
Most of the time...there is no harm done...
however...if you have ever noticed that .chk files are being written...
that means file fragments are simply being assigned as a file.
In some cases the file fragments are actually parts of necessary files
that are now rendered useless...and in other situations they are merely
unneeded or redundant
information.


So, if scandisk had run, converted some needed system file fragments to .chk
files...
your system would only have had logical errors corrected .





>>That could have been what caused your situation...
>>but I'm pretty sure you would have mentioned that...
>>had that been the case.
>>
>>
>>The bottom line is that you were wise to have a good back-up...
>>so it looks like you are not the type of person
>>to "let 'em get you down".
>
> The main thing I *always* back up are my data files. If I am working
> on developing software (my chosen language is classic VB, but also
> Delphi) then I will zip the entire folder I'm working on and whack the
> zip onto a memory stick. Every day or two I then transfer the memory
> stick to a CD or DVD. But since I came across TrueImage (for free, on
> a magazine cover DVD) I use it all the time (having previously found
> Ghost to be a right PITA).
>
> TI is amazing! With my exchangable drive racks it means I can have
> umpteen experimental installations, including Ubuntu, SuSE etc, with
> just four physical drives. Also, TI makes an image in a matter of
> minutes (18gb hard drive), so I can run it while making a couple of
> tea.
>
> Nothwithstanding the above, it's a bit disconcerting to be hit with
> such a catastrophic problem for the first time in literally years.
> Almost like having one's home burgled.
>
> MM


Yes...
so you were very smart for backing up your system!