Undetectable virus? Or? 1

[VBAjedi]

I'm sure this is a well-known virus/bug:

Trying to fix my dad's Win98 box - when he boots up a bunch of randomly named .exe's start, and keep multiplying until the system chokes and hangs. They start faster than I can kill them with Ctrl-Alt-Delete. They are mostly stored in the Windows directory, with some shortcuts to them in the Startup directory. Hard to say but doesn't *appear* to be deleting or overwriting legitimate files. . .

The latest version of McCaffe antivirus runs fine but detects nothing, and the latest AdAware deletes the usual spam cookies but doesn't solve the problem.

I tried manually deleting suspicious files out of the Windows directory, but had a hard time telling the difference between bogus files and legitimate system files.

Any advice appreciated!


VBAjedi

 

[carrr]

Run through this faq608-4650
That failing, post a log here for examination.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger

 

[vop]

Additional suggestions:

Delete all your temp files (go to My Computer and enter %TEMP% to retrieve your temp folder).

Delete your Temporary Internet Files (suggest that you do a file find for 'Content.ie5' and delete it). This ensures that all the temporary content is eliminated. Other procedures such 'Disk Cleanup' only seems to delete 'expired' content only.

The reason for the above suggestions is remove any possible 'source' content that may be called upon from a trigger source such as your registry.

 

[one4play]

go into safemode and use MSconfig. OR go into dos and remove the temp files

 

[diogenes10]

vop

Isn't it misleading to a user to suggest that clearing temp and temporary internet files folders removes "any possible 'source' content that may be called upon from a trigger source"?

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?

 

[crackn101]

As one4play mentioned,
As you boot the computer hit the F8 key and boot into safemode.
This loads windows with a minimal set of drivers.
This should let you get into windows without the
virus/malware loading and giving you all of the screens.
Then you can run hijack-this and remove malicious entries.
Becarefull though, cause hijack-this shows you ALL of your
boot entries. Good ones and the bad ones.
If you're not sure which ones are the bad ones, post your
log file here.

 

[VBAjedi]

Didn't realize this thread was still active. We ended up buying a new HD and installing WinXP (along with all patches and Norton AntiVirus). Then we set up the old HD as a slave and pulled across all his important files. Lastly we nuked the old drive and set it up as a secondary/backup drive.

Much faster than salvaging Win98, and he got a better HD and Windows XP as well.

Thanks all for the suggestions!



VBAjedi

 

[vop]

diogenes10

Was away several weeks. You said:

Isn't it misleading to a user to suggest that clearing temp and temporary internet files folders removes "any possible 'source' content that may be called upon from a trigger source"? Yes, the use of 'any possible source' is too all inclusive and was not intended.


The intent of my comment was to eliminate any easily clearable stray EXE or HTML links that could become a source of and for re-installation, updating, or phone home antics. I have often noticed exception items in those locations from most spyware tools. I have even seen 'Scheduler' items pointing to those TEMP locations. I suspect that recurring URL scripts also check for such content.