Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Ok...so one of my kids went to a lyrics site and bam..this PC got infected...I started my normal procedure to clean out by using Spybot S&D. It id'd and removed several mal/adware/etc buggers, but said that others needed to be removed after restart. I restarted and that is when my problems began:
Here is what I've done so fare:
A) NORMAL BOOT: 1) get request to install MS DirectX 5.0 exe file - which can't be found (looks like it is gone from file location), 2) shows Windows updating settings, then get message 3) Explorer error illegal ops, "invalid page fault in explorer.exe", 4)when I open the close program box and only "asp4setp" appears.
B) SAFE MODE BOOT fails at the "explorer error."
c) this is the worst news...SCANREG/RESTORE fails to bring back any prior restore point....I really don't want to do a W98 over the top reinstall...is there any other steps I can take to fully restart windows?? Thanks to all who have ideas!!!
I doubt that an over the top install will fix this problem. The malware will still be there as will the registry instructions to reinstall it. This seems to be what is causing your problems.
Explorer.exe is a very important part of windows, it is the shell or interface. The solution might be to use another shell. See the information on Microsoft's knowlege base. Of course this may not be the exact error message you are getting.
0 
Some of that malware will mess with your explorer.exe file. Boot to dos and at the prompt type
dir c:\windows\explorer.exe and enter. Post back its date, time and file size.
0
Responding to DAVE - this is an orignal explorer file looks like: Size:180,224, Date 05-11-98, 8:01 PM
Responding to Rimfire - not sure what to search under at MS..their site is often not that helpful....
Thanks to both of you for helping.
0
Rimfire, thanks for pointing that out..I passed over your highlight before since this site underlines words that connect to advert sites...I made an assumption...I did connect to the MS site have done some research, so we'll see if it works!
0 0
To anyone who can help... went to MS KB article #296211 because the page fault matched mine. After doing step 6 (extracting files from w98 cd and placing them into "c:\windows base4cab explorer.exe"), got back an error message: cannot open file:base4cab.
Have any ideas about next steps? Thanks!!
0
Maybe you typed it wrong in your post above, but it would be base4.cab and not base4cab.
However it looks like you have the correct explorer.exe. I'd had some problems with some malware changing my explorer.exe to one with a size of 184,320 bytes.
Did you get the other files extracted OK?
0
DAVEINCAPS - thanks for returning. I did finally extract all files according to MS KB article instructions but still get the same page fault error.
I am thinking that my only option at this point is to perform an over the top reinstall of w98...what do you think?
0
That may be all you can do.
Assuming you have a full version cd, the general process is to bootup with a 98 bootdisk and choose cdrom support. Take note of the cdrom drive letter which will show in the last few lines that load prior to the a:\>. Some bootdisks temporarily change that letter.
Then at the prompt type
ren c:\windows\win.com win.old and enter. That renames the win.com file so you can use a full version cd.Then with the 98 cd in the cdrom, type x:\setup and enter, where x: is the cdrom drive letter shown when you booted up.
As part of the installation it will ask where to install windows. Since it will see you already have a directory named 'windows' it will suggest using windows.000. Choose 'other directory' and change that back to just 'windows' so that everything installs in your old directory.
The rest of the installation should proceed normally.
The installation will revert your directX back to the version on the 98 cd. So you may need to upgrade that, as well as other OS updates. I believe your IE version will not be affected.
0
Those advertising links are green, for that reason, I never make my links that colour. Perhaps I should also avoid red as it is a common colour blind similarity.
As this fault seems to be caused by the presence of malware, an over the top install will probably not help. The malware will still be there. Still, it's worth a try, it will replace all of the system files.
0
DAVEINCAPS - in progress with reinstall..your point about IE may have caused my first error message during final Win set up - "Java Package Manager unable to install Java Packages from c:\windows\java\classes\win32ie4.cab" Note the ie4, I was running ie6,so is this error a result of that?
0
I've never know of anyone having problems with an over-the-top reinstallation due to IE6.
As Rimfire says, the existing malware may cause problems since it's still there. If the reinstallation will at least allow you to get to the desktop we can work on the other problems then.
0
DAVEINCAPS and Rimfire - I am still working...but at least I've got windows back and I've just updated a few items. Questions 1)this is a dell machine, I guess I'll have to reinstall the video drivers and some other things off of the dell disks, since the video is still showing 640x480.. 2)once I get things back to normal what do I do with the renamed file called "win.old"...can I delete it? Finally, I'd like to notify everyone about the lyrics website that caused all of these malwares to download onto the PC...any ideas how to alert people?? Thanks for you help throughout...
0
You should be able to reinstall the drivers by simply double clicking on the adaptor in device manager, and updating drivers. Your computer should find them since they are still there. If not, use the disk.
You can delete win.old. The only reason you renamed it rather than deleting it, is in case something went wrong and you needed it back.
As to letting people know about the website, you can only tell people who want to listen. It's quite acceptable to publish the name of the site here.
0
DAVEINCAPS and Rimfire - thanks for all your help!! looks like i am basically up and running again...some way to spend a weekend..
It looks like the sites that caused all the problems are as follows:
wwww.anysonglyrics.com and network.aptimus.com. Definitely bad actors. As far as I can tell it was one or both of these addresses that downloaded a torrent of mal/adware that ruined my machine and weekend.Best to all.
0
DAVEINCAPS and Rimfire - thanks for all your help!! looks like i am basically up and running again...some way to spend a weekend..
It looks like the sites that caused all the problems are as follows:
wwww.anysonglyrics.com and network.aptimus.com. Definitely bad actors. As far as I can tell it was one or both of these addresses that downloaded a torrent of mal/adware that ruined my machine and weekend.Best to all.
0
Ruined your weekend? Think about all the other things you didn't have to do because you were busy fixing the computer!
Now that you are back on track, lets look at a couple of other things.
With Spybot S&D, are you running the latest version (1.4) and the latest definitions (last Friday)? Also, have you immunised?
To get rid of most of the things Spybot misses, I recommend another program AdAware. If you don't already have it, you'll find a link at the top of this forum.
0
Yeah, we're glad you got it going again.
I usually run adaware and haven't had the problem of it seeming to delete some necessary files. Both adaware and spybot have restore functions but you need to be able to get to the desktop in either normal or safe mode in order to initiate it.
0
DAVEINCAPS and Rimfire - I have both Spybot and Adaware and used both after getting back up and running. Adaware found a bunch of files, Spybot found nothing, now running McAfee and it has found more reminants. Hopefully this will clear all out. Not sure if there is anything else to do to further assure cleaning. (you mentioned immunized..not sure what that is)
Since this PC has wide use by kids, may try using Mozilla Firefox as a browser, rather than IE...
Thanks again for your help throughout!!!!
0
Immunize is a feature of Spybot S&D, you'll find it in the left pane. What it does is prevents spyware from getting on your computer in the first place. Many recommend 'Spyware Blaster' instead to do this job.
Firefox is a nice little browser, I use it on my notebook. On my desktop, I use the full Mozilla. Firefox feels more like IE to me.
0  |
 Printer won't print in bl...
|
Themida causing a problem...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
