JS1864
asked on
WIN 98 Major Problems - start/programs missing among other things
These symptoms seem like a virus, but I have not been able to detect it. One problem is when Norton opens it does not have the option for me to scan drive anymore. I ran NAVDX.exe from command prompt and found nothing and downloaded and ran KLEZ removal from Mcafee, found nothing. May still be a virus but I need help finding it if it is.
My other symptoms are:
-Desktop shortcuts all gone
-Recycle Bin icon shows full, but no files are listed, but when I say "empty recycle bin" it confirms there are 139 files in there. (I've looked at this folder in DOS and have "show hidden files" checked - it shows no files in there)
-Desktop background gone (plain green screen) but under siplay properties the usual background is there and I can see it loaded in WIN.ini
-All shortcuts/programs are gone from Start/Programs. Only Startup is listed with no files under it.
- There are 2 folders under C: that I am not sure where they came from - Config.msi which contains .rbs and .rbf files, and C_DILLA.
- In the config.msi folder, and other folders also, there are files where the icon next to the file name is grayed out. Files that should have the Application icon have the generic Windows icon (i.e. *.doc should have the Word icon)
Sorry for the length, one more point - I have kids and am not sure what they may have done. I think that at boot up, the system registry may have been restored to a backup from what they are telling me. Thanks all for any help
My other symptoms are:
-Desktop shortcuts all gone
-Recycle Bin icon shows full, but no files are listed, but when I say "empty recycle bin" it confirms there are 139 files in there. (I've looked at this folder in DOS and have "show hidden files" checked - it shows no files in there)
-Desktop background gone (plain green screen) but under siplay properties the usual background is there and I can see it loaded in WIN.ini
-All shortcuts/programs are gone from Start/Programs. Only Startup is listed with no files under it.
- There are 2 folders under C: that I am not sure where they came from - Config.msi which contains .rbs and .rbf files, and C_DILLA.
- In the config.msi folder, and other folders also, there are files where the icon next to the file name is grayed out. Files that should have the Application icon have the generic Windows icon (i.e. *.doc should have the Word icon)
Sorry for the length, one more point - I have kids and am not sure what they may have done. I think that at boot up, the system registry may have been restored to a backup from what they are telling me. Thanks all for any help
ASKER
I've looked through the registry and hard drive for any indications of the YAHA worm (per the Symantec doc), but can not find any. Maybe another type of virus, but none have been detected per my steps above. Could the restore of a Registry backup cause all these problems I wonder.
Try this:
Startup in command mode
scanreg /restore - you should have several started
RB*.cab files If you see on with a date when you know the system was good, restore it, and reboot.
Startup in command mode
scanreg /restore - you should have several started
RB*.cab files If you see on with a date when you know the system was good, restore it, and reboot.
ASKER
I did the scanreg /restore and there was one .cab file from before the problem, but I could not restore to it - the restore failed. When I look now, that older .cab is gone from the list. Almost ready to Format c:/
Do a virus scan at http://housecall.antivirus.com
Maybe it can find what others are missing.
You may also want to try an in-place install of 98. Boot from the 98 CD and run SETUP. Install in the same directory where Windows now resides.
Maybe it can find what others are missing.
You may also want to try an in-place install of 98. Boot from the 98 CD and run SETUP. Install in the same directory where Windows now resides.
Did you install a program like TweakMaster Pro ? kind of program that give you headache when you uninstall it ! Same thing with Zone Alarm : before you do the uninstall, you have to hook everything back,Locate the file "Hosts" (no extension) in C:\Windows and make a copy of it. then copy this hosts file back into the windows directory after you uninstall TWEAKMASTER. That should replace all your former entries. For more information, go see this link : http://www.tweakmaster.com/kb/qa0077.php
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Points to MoNsPoT! I had to run scandisk from a command prompt and I've never seen so many errors in my life. I have no idea how all the directory errors happened, I run it regularly, but C/Windows was damaged and a ton of folders in it. They were replicated/repaired by creating folders named DIR00001 through DIR00096. Looking at the files in these folders, I realized they were my desktop settings and Start Programs. I copied them into the appropriate C/Windows folders and I was able to restore a lot of the missing data. Needed to run MS Office again and the Quick Launch bar is still missing (error: Cannot create toolbar for "), but I'm on the way, I think. Will probably try a reinstall of WIN 98 anyway. Maybe just get XP. Thanks all for the help. Wish I knew the root cause. I ran the virus detector from Housecall, thanks Slink9, but there was none.
ASKER
see my comments in the Question. Wish I knew root cause.
Hi,
Thank you for the generous points. Hope you'll find the root of the problem soon.
I may suggest you to perform a thorough scandisk from within windows. There may be surface errors on the harddisk, which are causing the trouble.
Sincerely,
MoNsPoT
Thank you for the generous points. Hope you'll find the root of the problem soon.
I may suggest you to perform a thorough scandisk from within windows. There may be surface errors on the harddisk, which are causing the trouble.
Sincerely,
MoNsPoT
Here is a link on how to remove it. This is pretty detailed so pay close attention and do it the way it is outlined.
http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha@mm.html
http://www.symantec.com/avcenter/venc/data/w32.yaha.h@mm.html
or
http://www.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html