All.. Never thought I'd be asking for PC help, but here goes!

A friend of mine has nacked his PC (technical phrase) by downloading loads of crap and accepting dodgy emails etc. I ran an online (CA) virus check and it found nothing.. I downloaded Ad-Aware, and Spybot Search and Destroy.. Ad-Aware wouldn't run, just kept crashing after scanning about 127 files, and SS&D looked to have found about 7 problems and fixed them. Also, he has some files on the root of his C drive that are impossible to delete!! You delete them, and they pop right back up! They're all MS-DOS files named under something I won't post on a family forum!

I downloaded a couple of worm removal tools from Symantec but they didn't detect anything. I booted up in Safe mode, ran Ad-aware again and it found about 340 critical objects!! I cleaned the lot and then ran a ScanDisk, which said it had fixed a couple of errors. I then deleted the rather rudely named files from his C drive, and they went for good.. Or so I thought.

I rebooted Windows as normal, and after loading all the processes.. It gave me the blue screen of death, saying an error had been detected in part of the memory module (didn't say memory module... Just said 000000x000001400 blah blah). Rebooted in Safe mode and the files had re-appeared on the C drive. I booted back up as normal, and same problem occured with the B.S.O.D!!

Could it be that a batch file is running on boot-up, that is overloading part of the memory module with x amount of data, causing it to crash (Windows 98 grrrr!!!)?

Without rebuilding the sucker, can anyone offer any advice.. or any software I can download and put on CD to run whilst his machine is in safe mode.. that may fix the problem?

Thanks in advance,

GazB

Hiya Gaz :)

First we need to run some basic online scans. I'd recommend Panda active scan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) and Windows security Trojan scan (http://www.windowsecurity.com/trojanscan/).
It's also worth installing CWShredder (http://www.spywareinfo.com/~merijn/downloads.html). Install and update it, then run it in safe mode.

Try this to get rid of the files that keep coming back:

Make a new file on the desktop. Name it 'Scumbucket' :) or something similar. Now go to the files in question and try moving them to 'scumbucket' (right click and select move to). Then delete 'Scumbucket' and it's contents.

If this doesn't work, i recommend (unless one of the other fine members knows a remedy :) ). Register at the forum in my signature and post a HijackThis (http://www.download.com/HijackThis/3000-8022_4-10307556.html?tag=lst-0-1) log in the relevant section. Me or someone else will soon come along and analyze it and give further instructions on how to remove it ;).

PS. Try uninstalling Ad-Aware and re-installing it again. It sometimes works!. Also try Microsoft's spyware removal tool (sorry i don't have the link).

Hope this helps. If not just shout up and we'll try again :)

Don't forget to run a copy of Network Associates Stinger first as that deals with many of the initial virii that will cause other scanners to fail.

Either way, to be honest... I would recommend he reinstall from scratch... and advise him NOT to download all the rubbish again...

Win98 is fast approaching "do not bother" time though IMHO.

Ahh, of course....Sorry GazB.

You can find stinger Here (http://vil.nai.com/vil/stinger/)

The ad-aware did work when run in safe mode, and found over 340 new critical objects! I then removed them all.

He can't download/run any of the online software that's been suggested as, as soon as windows loads, and then the processes begin to load (don't know which is causing it) it gives him the memory error..

Will the CD drive work in safe mode? I didn't try it, but I can download all of the suggested software, bang it on CD and run it on his computer!

This just reminds me of part of the Southpark movie...

Army General: F***ing Windows 98! Get Bill Gates in here!
(Bill Gates comes in)
Army General: You told us Windows 98 would be faster and more efficient with better access to the Internet!
Bill Gates: It is faster! Over 5 million. . .
(Army General shoots him in the face)

I would try downloading them, updating them and then burn them to CD. I don't see why the CD drive won't work in safe mode :)

Originally posted by vidster
I would try downloading them, updating them and then burn them to CD. I don't see why the CD drive won't work in safe mode :)


Windows 98 doesn't allow access to a CD in safe mode on this pc??


BTW (to the OP): has the contents of the hosts file been changed?



You could also have a look @ msconfig and deselect anything that looks "odd"?

And check system.ini and delete anything after "shell=explorer.exe".

These ops can be performed in safe mode;).


I'd also have a look in the registery (HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/ [Run, Run-, Runonce, RunServices, RunServicesOnce] & HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/ [Run, , Runonce, RunOnceEx, RunServices, & RunServicesOnce]) and work through the start up keys.