Windows Legacy OS forum

General discussion

Restore Windows fix Windows after trogan attack, DOS

by missy_wms / December 15, 2005 11:09 AM PST

I notice some strange programs running when I hit task manager cntrl+alt+del and I was trying to delete them. The files were associated with a trojan containg PowerScan and Sidefind. When I went to add/delete progams to uninstall a file associated with Sidefind, it asked if I was sure I wanted to delete it, I hit yes and all of my programs suddenly had the default windows icon, I couldn't access any of my programs or file nor my recycle bin. I restarted my system the windows 98 set up wizard appeared and required me to log in and provide my product key. It was caused by the trogan (I don't have the product key). I can't log on to windows. In safe mode I get the error that explorer has caused an ivalid page fault in module explorer.exe. When I go to my task manager theres nothing there to end task. So I only have access to DOS. I need to know if theres a way to restore my system because when I check my directory all of my files are there but masked by the trogan. I would like to know how to delete the files in DOS associated with the trogan. I have a HP Provillion with windows 98 OS and I'm unable to restore using my HP restore disk (I get errors). Is there anyone fimiliar with this virus and the masking it causes is there a way to do this? Apparently the virus has changed my windows boot priority. Is there a way to get it back to the default settings? I'm open to any suggestion short of reformatting my hard drive.

Discussion is locked
You are posting a reply to: Restore Windows fix Windows after trogan attack, DOS
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Restore Windows fix Windows after trogan attack, DOS
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
My old Windows 98 had no restore option!!
by Earth911 / December 15, 2005 4:11 PM PST
Collapse -
Product key lmao
by majesticr / December 23, 2005 4:05 AM PST

I DONT HAVE THE PRODUCT KEY -- it is in a facility exacty 900 miles away from me. I moved and left some things in storage.

Collapse -
Also some more info for Sidefind!!!
by Earth911 / December 15, 2005 4:15 PM PST
Collapse -
TY
by majesticr / December 23, 2005 4:08 AM PST

Thanks... it might be helpful when I can actually get into Windowa

Collapse -
Re: trojan tragedy
by Kees Bakker / December 15, 2005 7:27 PM PST

There's a remote chance that restoring the registry to a state before this unfortunate uninstall will help, but I doubt it, because the uninstall presumably deleted files needed by the old version of the registry. But it's worth a try: boot into MS-DOS and type scanreg /restore (followed by enter). Then choose a suitable date to go back to.

You should have been given the Windows 98 product key when you bought the machine, and if the system is up and running again you can find it in the registry (look in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion or print it with free Belarc program).
But even in MS-DOS you can find it with Find "ProductKey" c:\windows\system.dat

To reinstall the OS after the format (quite likely that it will be necessary, I'm afraid) you preferably use HP's recovery CD. If that doesn't work either find out why it doesn't work, or get a full Windows 98 CD with product key and use that.

Good luck,


Kees

Collapse -
RE: "MS-DOS"
by Cursorcowboy / December 15, 2005 8:55 PM PST
In reply to: Re: trojan tragedy
But even in MS-DOS you can find it with Find "ProductKey" c:\windows\system.dat

Doesn't work on my Win98FE machine, but:

find /i "productkey" c:\system.1st >c:\key.txt

and then by typing <b>edit KEY.txt</b> and pressing Enter does.
Collapse -
I am the one who had this problem...
by majesticr / December 23, 2005 4:01 AM PST
In reply to: RE: "MS-DOS"

I had my friend type the message here for me --now I have the use of another computer.

Thank you for the replies but none of them has helped thus far.

Problems:

1. When I attempt to find the product key from dos... I get ---------- (ten dashes) back. So it isn't there or it has been modified

2. I feel my master boot record has been changed, and I would like to restore it to default. I tried Fdisk/mbr and then scandisk... that doesn't work.

3. I can locate some of my files thru Dos (I have limited knowledge) and the file extensions have been changed from .doc (for example) to .LST.

4. I only have access to MS DOS MODE. When I try to boot normally I get the Windows98 setup wizard. And in safemode, my explorer.exe crashes and then I have a blank task manager box. There is no desktop or any menus.

Someone has got to know how to get around this without a total reformat. I need help navigating thru DOS to find the malignant files or to somehow change the windows boot priority. Or even if someone could tell me how to find registry entries in dos mode -- that would help. I'm going crazy -- all I can find on the net is people who knew they had it and used a hijack this log. I tried to "uninstall" -- obviously that gave this virus/trojan what it wanted. ISTbar, Powerscan, Sidefind, Surf Accuracy are all names within the bundle that hibernated, nested and hatched within my Windows98 system. PLEASE HELP. Thanks.

Collapse -
Bad news. " ISTbar, Powerscan, Sidefind, Surf Accuracy "
by R. Proffitt Forum moderator / December 23, 2005 4:10 AM PST

These are all known pests. You may be an user of Internet Explorer which allows such pests to plague Windows.

Next time, after you get it cleaned up, arm yourself to the teeth by keeping those product ID (CD Key) numbers handy, the restore CDs and backups so you don't find yourself locked up. Also consider using alternatives to IE and OE to help in pest control.

Sorry to hear about your CD Key loss but just like losing your car keys, it can be annoying and costly.

Bob

Collapse -
Where have u been all my life Bob?
by majesticr / December 23, 2005 4:16 AM PST

I was hoping you'd respond. You are always bluntly honest.

Collapse -
Still need the key...
by R. Proffitt Forum moderator / December 23, 2005 4:24 AM PST

If Windows runs, you can try BELARC ADVISOR, but without those CDs (and key), we may have to explore using Linux or what other OS?

Bob

Collapse -
the key... the troublesome key.
by majesticr / December 23, 2005 4:27 AM PST
In reply to: Still need the key...

Hmmm...okay... well... I may have to travel or find a key,i.e purchase one. but u do understand that the wizard popping up is the Trojan, right? It isn't microsoft.

Collapse -
Please follow the forum rules. Please...
by R. Proffitt Forum moderator / December 23, 2005 5:53 AM PST

I won't tell Santa about that post that just went missing, but please don't do that.

Bob

Collapse -
SECOND OFFENSE!
by R. Proffitt Forum moderator / December 23, 2005 6:47 AM PST

Santa was told and I must lock the post since it's a policy violation.

Sorry,

Bob

Collapse -
What do you think?
by majesticr / December 23, 2005 4:24 AM PST

I sorta expected that you could help me with my cleanup. Is it possible that running a virus scan thru dos might work? It would probably have to be on and old skool floppy... the ones I have handy can't seem to handle a whole program though.

Collapse -
If I have to resort to floppy and DOS cleanup...
by R. Proffitt Forum moderator / December 23, 2005 4:26 AM PST
In reply to: What do you think?

I usually save the owner's files to the network, then we wipe the machine and reinstall the OS proper. The hours (days?) it takes to cleanup manually outstrips most pocketbooks.

It also would overflow this small space.

Bob

Collapse -
Thanks Bob
by majesticr / December 23, 2005 4:29 AM PST

Okay... gotcha. I'll just get that done. Thanks for the replies.

Collapse -
RE: trojan tragedy
by majesticr / December 23, 2005 4:14 AM PST
In reply to: Re: trojan tragedy

Thank you for your time, responses, and suggestions...

System restore doesn't work... there are no dates prior to the "unfortunate incident". Not because I didn't back up...but because this apparently is no dumb trojan.

No key -- not now, not for a while.

the recovery disk -- not sure why it isn't working... it has worked before. I'm guessing that the genius trojan is blocking it from doing something. WHO KNOWS? apparently NO one. But I really don't want to try to reformat and then discover that the trojan isn't so brilliant after all and have to drop some more dollaz to HP for yet another set of recovery CDs. Their customer service absolutely sucks.

Collapse -
If you boot from the recovery disk ...
by Kees Bakker / December 23, 2005 5:00 AM PST
In reply to: RE: trojan tragedy

there's no way the trojan can interfere, in my opinion, because only code from the CD is running. Same goes for booting from a boot diskette and doing destructive things like fdisk /mbr to write a master boot record, fdisk to delete the main partition and create a new one or even simply formatting the old one.

A problem with a new hard disk (we agree that that wouldn't contain the malware, don't we), is that the recovery CD might refuse to be installed on it. And moreover, some recovery CD's depend on data on hidden partitions of the original hard disk.

Good luck,


Kees

Collapse -
okay
by majesticr / December 23, 2005 5:39 AM PST

I hear ya, I can't explain it then.

Collapse -
I have an idea....
by TONI H / December 23, 2005 7:18 AM PST
In reply to: okay

I unlocked the thread long enough to give you a tip...look at the back and bottom of the case itself and see if HP didn't tack on a label that actually has your Product Code Key printed on it. Many vendors do this now when they use recovery/restore disks instead of full install disks like they used to give you.

TONI

Collapse -
Product key
by Blue_Zee / December 15, 2005 8:26 PM PST

Here's a premade batch file that will get it for you from the DOS prompt.

Unzip it to your startup disk, boot to the A:\> prompt and simply type KEY and press Enter.

You will see your key after the words ''ProductKey''.

http://www.angelfire.com/va3/vic3/key.zip

See if this helps.

Zee

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!