I hope that I am not intruding here, or using incorrect etiquette or posting but I am really in need of help. If I am please direct me to the appropriate place. I used the find function to show my msdos.sys file. I am showing two, one hidden and the other is not hidden. But they are both different....Can anyone explain the why I would have two and have them different? Please help. I use windows 98se. C:\Windows [Paths] WinDir=C:\WINDOWS WinBootDir=C:\WINDOWS HostWinBootDrv=C [Options] BootMulti=0 BootGUI=1 DoubleBuffer=1 C:\ (hidden file) [Paths] WinDir=c:\windows WinBootDir=c:\windows HostWinBootDrv=c [Options] BootMulti=1 BootGUI=1 DoubleBuffer=1 My Explorer.exe has also been hijacked by the W32/invictus security risk....I cannot access the internet without granting Windows Explorer access through ZAfree. EZAV and Avast and Adaware and HijackThis are not showing anything. House Calls showed nothing also. F-Prot could not change the extension or delete the file....It is my main Explorer.exe. I tried replacing it using the SFC but when I tried to reboot my machine locked down. Also there is an empty blue box in my Msconfig file which I cannot find when I have the box unchecked. But when I check the box,, In the registry under HCLM Run it is showing *"* as the default..Can I delete the default key? to see if it will get rid of the box. Also, my system information under startup programs shows blank under program name and command but Registry shows (per user run). Running tasks in the system info, I have DSL and my dial up networking seems to be running? Kernel32.dll MSGSRV32.EXE Mprexe.exe MSGLOOP.EXE Vsmon.exe Msg32.exe MMTASK.TSK Why capital letters? Hpsysdrv.exe Vetmsg9x.exe Wmiexe.exe Ddhelp.exe Explorer.exe Systray.exe Vettray.exe Zlclient.exe Rnaapp.exe ?????? Tapisrv.exe Msinfo32.exe Any help would be greatly appreciated to help me here...Its been months of struggling with this. Can I go into safe mode or perhaps through DOS? (which I would need step by step instructions as I am not familiar with either. Every time I try safe mode, I never know how to exit. I have an HP 8550C Pavilion. Many thanks for your time and help.

Some files that are running are protected by Windows. If you can start the PC in safe mode and the rogue file is not running, you may be able to delete it. To exit safe mode, you only have to restart the PC. According to Symantec.com..... To remove W32.Invictus.dll Run LiveUpdate to make sure that you have the most recent virus definitions. Start Norton AntiVirus (NAV), and run a full system scan. Be sure that NAV is configured to scan all files. Delete all files that are detected as W32.Invictus.dll. This bug has been around since Aug 2001. You may be able to run Norton without having to update it first. If this is the case, when you can get onto the Internet, update your AV and run another scan. If the worst came to the worst and you ever have to re-install Windows, I think Microsoft are no-longer offering any updates for Win98. You may wish to search the net for the updates to save onto a CD-R as someone else may have them before no-one saves them. I have used F-Prot with Windows running but was not sure how to run it in just in DOS. I tried using a start-up disk and at the prompt C:\WINDOWS\DESKTOP\FROT(folder)\F-ROT.exe (or something like this but it did not run). If I find more info, I will post back. Sorry this is fragmented and not much use.

Here is the text of a small batch file I wrote to start f-prot.exe and disinfect or delete files.Delete is performed on back door files and other dangerous files.Disinfect restores a file to normal.A file can be infected by one or more virus at a time and f-prot will see to it that it gets bvack to normal.Use Word Pad to create the file and save the file as fprot.bat and run from a diskette dos prompt.In this example the files are stored on C drive but they can be on any other drive if you make the change to the batch file.The swiches used make the scanning completely automatic.You get a short summary at the end of the work performed.When you go to f-prot site to download the update you copy and paste the new definitions (of virus)in your fprot folder and say Yes to replace old files.This antivirus is used on FAT partitions. fprot.bat file: c: cd fprot f-prot /hard /auto /disinf /delete When you wish to run the f-prot.exe switch your dos prompt to your path and type fprot and press return. http://www.f-prot.com/download/home_user/ Good luck.

Do the msdos.sys files have lines containing just x's? The files you posted are incomplete.

Thank you all for your responses. DAVEINCAPS: I deleted all the x's to save space. Would the x's tell us something?? I have the current Fprot exe and virus files. I update it regularly. It already contains settings for the bat file Petite Jean mentioned. Petite Jean....are you saying to create the batch file and move it to a floppy....then restart in DOS mode and use the floppy to clean/disinfect my Explorer.exe file??? Michael2.....We can go to the FProt website to see if we can find out how to run from DOS. The W32/Invictus in my case is not a DLL file. But somehow got incorporated into my "main" Explorer.exe file. Fprots report and the blue box may be two different problems. I will keep searching and hope to hear from anyone in the forum for suggestions. Thank you all.

As long as all the 'x' lines are there in the actual files then they should be OK. These are the first few lines of mine: [Paths] UninstallDir=C:\ WinDir=C:\WINDOWS WinBootDir=C:\WINDOWS HostWinBootDrv=C [Options] BootGUI=1 DoubleBuffer=1 AutoScan=0 WinVer=4.10.1998 The 'bootmulti' line must have been added when you installed a second OS for a dual boot setup. The original must have been copied to your windows directory. I don't think your msdos.sys is a factor in the problems you're having.