Infected Windows 98 system.... etqueze.exe ???

I am working on a client machine, Windows 98.  I have disinfected the hard drive on a test system as a slave hard drive.  

Primary symtoms are:

Windows screen appears to be at lowest resolution, but not booting to safe mode.
No problems with boot up observed.
ANY attempt to do anything responds with a windows error box.  

Title: Program Not Found


Windows cannot find etquez.exe
This program is needed to open files of type 'Application'

Location of etquez.ese
"here is a dialog box to browse for a file"

booted to DOS and looked and the Autoexec.bat file and do not see anything out of the ordinary there

Attempted safe mode and same symptoms.

Searched all over the internet for etquez.exe

Any ideas?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi Capt_Lee,

don't know about the low resolution but try this to solve the program not found error: make sure the registry key HKEY_CLASSES_ROOTexefile\shell\open\command contains the following value -  "%1" %*


Capt_LeeAuthor Commented:
First comment will not work, because any attempt to do anything comes up with this error.  SO I cannot run the ad ware hunting software without getting the error, or even bring up a browser.

The Registry idea is interesting, I am attempting to reboot to windows to see if I can run regedit.

regedit will not run also.

Is there a way to edit a registry file when this drive is a slave on another system?
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Luc FrankenEMEA Server EngineerCommented:
You might want to try to do a windows installation on top of the existing one, just boot from your win98 cd-rom and let it install (in c:\windows, not c:\windows.000 as it might suggest to you) Afterwards, you should be able to run the ad-ware scanners and virusscanners again.

rename regedit.exe to that should work
rename regedit.exe to that should work
Boot the system to msdos and run a virus software for dos like
You could also try PEBuilder at This program will start computer with windows interface however it will not start actual windows. You can run registry editor from there and edit whatever you want.
Capt_LeeAuthor Commented:
Thanks for the idea about PEBuilder, and I will most likely use this tool someday in the future, however it will not run in a windows 98 environment.

From the help file:

PE Builder (pebuilder.exe) runs on Windows 2000/XP/2003. It does not run on Windows NT4/ME/9x.

This tool would allow you to inspect the 2 .dat files that compried the old registry on the drive that is now the slave, or from any source if you can copy those files out into another functional machine:

MiTeC Windows Registry File Viewer Version 1.8:

Fixed Unicode character decoding
Values of type REG_MULTI_SZ are now displayed as strings
Searching now processes all value types including REG_BINARY
Possibility of save binary data to file


Viewer for standalone files containing Windows registry hives (e.g. NTUSER.DAT, SYSTEM.1ST, SAM, etc.).

It features extended registry searching, registry dumping and exporting to REGEDIT4 format and detailed key information including security (NT) and hash values.
For NT registry value of type REG_RESOURCE_LIST here's Resource information in Data View.
Target platforms
MS Windows 9x, MS Windows ME, MS Windows NT 4.x, MS Windows 2000, MS Windows XP, MS Windows Server 2003


MiTeC Windows Registry File Viewer 1.8


Registry Viewer 2.0

Viewer for REGEDIT4 and REGEDIT5 files and local or remote registry.
It supports bookmarks, searching and registry exporting.
Target platforms
MS Windows 9x, MS Windows ME, MS Windows NT 4.x, MS Windows 2000, MS Windows XP, MS Windows Server 2003

There is also one tool that would allow you to obtain a report of your system from DOS.

The well known AIDA32 Windows Diagnostics reporting utility:

has an equivalent 16-bit "sysinfo" tool that will run from a floppy.

Swap the slave drive back to Master without rebooting, boot to a win98 boot floppy, and then swap it for the floppy with the 16-bit AIDA program on it.

Just call it with the command:


Usage:  AIDA  [/S]
             AIDA  [/R [filename]]  [/S]  [/D]
             AIDA  [/RC [filename]]  [/S]  [/D]
             AIDA  [/RS [filename]]  [/S]  [/D]
             AIDA  [/F5 filename]  [/S]  [/D]

  /R    Make text report to <filename>
  /RC   Make CSV report to <filename>
  /RS   Make report summary to <filename>
  /F5   Append to <filename> if F5 key pressed
  /S    Activate safe mode
  /D    Disable debug information

or to create a report, run the batch file


which equates to:

aida /r %1 %2 %3 %4 %5

It might help to obtain some details of those system files.

You might also want to force it to boot in "LOGGED" mode (F8 during boot > select "Logged" option) to create C;\bootlog.txt.

Boot to a win98 boot floppy, swap it for a blank, and issue the commands:

attrib -h  c:\bootlog.txt
copy c:\bootlog.txt  a:\bootlog.txt
attrib  +h  c:\bootlog.txt

On an operational computer, download the Bootlog Text Analyser (BLA.EXE)

Extract from web page and readme:

Boot Log Analyzer for Windows 95/98 from Gemini Affinitas Ltd    (v1.22)

FREE Boot Log Analyzer utility to help in identifying Windows95/98 boot-up problems.
Looks at your Windows95 BOOTLOG.TXT file and calculates the time taken to load each driver etc, in order to help in locating any cause of lengthy boot-up times. The displayed result can be sorted by loading duration, filtered to show only those items with long durations or which reported failure, and saved to a text file.

Please note: This utility is intended for use by PC Support Personnel and Advanced Users only - interpreting the results requires in-depth technical knowledge.

Download latest BOOT LOG ANALYZER
BLA Screenshot
Home Page (Gemini Affinitas Ltd)

It will sit happily on a floppy, and just ensure that you direct it to inspect a:\bootlog.txt or it will analyse the default on the C:\ drive.

It has a checkbox  "Show failures" to filter out only load failures, and then export to a text file.
Capt_LeeAuthor Commented:

All suggestions and tool ideas have been helpful, however, I have not been able to resolve my problem.

1)  Review of the Windows directory idicates the problem was introduced on 11/7/03 at 5 AM
2)  Discovered file in Windows directory call COMPUTER.BAT.  In Computer.BAT the lines were
     @Echo off
      IF NOT "%1" == ""  etquez.exe %1
3)  Reference from R_Rajesh
      don't know about the low resolution but try this to solve the program not found error: make sure the registry key HKEY_CLASSES_ROOTexefile\shell\open\command contains the following value -  "%1" %*.  Helped me with the hint...  So I rem'ed the line and some functions came back but not all.
4)   Noticed a very large file called NULL was created on the date and time that this file was created.

Since this is an old system and there is not much user data, which I can capture anyway, I am going to declare this problem closed.  I appreciate ALL the feedback, especially R_Rajesh & BillDL
Capt_LeeAuthor Commented:
Final Note, I just discovered that this problem appears to have been proporgated by a virus infection by the name of  W32.Swen.A@mm.  Please reference this url.....

Pay particular attention on how it installs itself....  Mascarades as an Internet Security update from Microsoft, including a pretty good mock up of Microsoft's install screens and messages.

Symantec adivce indicates that if the install actually gets to run on the system, a quarentine and deletion is not sufficient.... I think that is where I am now....  MANY registry changes done by this virus.....

Thanks again team....  It is great to not feel so alone out here.....  ;-)
Luc FrankenEMEA Server EngineerCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Capt_LeeAuthor Commented:
Final word on fix ---  working through Symatec instructions, and all going fine so far.  

Earilier note on Regedit4 also were on target.  A repiar file is created to repair the registry in DOS to allow programs to run from shell again as first step,  refer to Symantec link above to see how this is done.
type sfc in the run box you may be prompted for windows cd this repairs windows files
That would account for the randomly generated filename that didn't come up with anything in a google search.

My advice?

F8 at boot - Command Line Option

POWER OFF and leave it for a few minutes.

Reboot to windows 98 boot floppy with CD Rom support and reinstall Windows.

Run a full virus scan as soon as possible afterwards.

Personally, I would format the drive and reinstall, but then again I have full backups of all my essential stuff on a partition.

Luc FrankenEMEA Server EngineerCommented:
BillDL, isn't that the same link I've posted, I assume you did this accidentely, but still, please read previous posts before you submit.
You're quite right, LucF, and my apologies.  I typed my comment offline after reading the question and failed to reload it before I posted.  Ironically, I posted the wrong url anyway, it was supposed to be the direct download url:

What I was merely indicating was my personal view that you can spend an immense amount of time messing around fixing registry values and restoring files after running the fix, whereas a dirty install after the infection is cleared SHOULD work and save some time.

I notice now that this process is well under way, so perhaps a bit of time might save a reinstall or Format and Reinstall.

I also meant to add details of the actual vulnerability that can cause such Worms to be activated by merely reading an email containing one:

w32.swen.a@mm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message.  See:

This update is already included in Internet Explorer 5.01 Service Pack 2, but the downloadable patch has been superseded by that discussed on:

Similar updates apply to later versions of Outlook and Outlook Express.
Luc FrankenEMEA Server EngineerCommented:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.