Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Virus, Worm or some one with too much time?

Nov 18, 2003 3:44AM PST

Good Afternoon All:
This forum has changed a bit since the last time I logged in. Still I bet that there is someone out there who has incountered the problem that I would like to describe.
Operating system Win 98 SE
MB Micronics 200
Socket 7 AMD @ 550 CPU
128 MB 133 Sdram
2- Western Digital Hard Drives
Sony 8 X Cdrom
When brought in this computer would not boot to windows or safe mode. It went through the POST ok.
The hardware test were all good but when I started the software tests C:\windows\system Directory was changed to a file (big) and renamed system.bad. In debug it looked as though DOS copy command had been used to conconate it. I was able to use DOS to save his data, it wasn't changed.
I used DOS file scanners from Computer Associates and MacAffe and both said no virus. I can think of no way that these changes can be accidental. Can anyone name a Virus or Worm that behaves this way?
Thanks,
B.K.

Discussion is locked

- Collapse -
Cuervo, Are You Sure ???
Nov 18, 2003 4:02AM PST

....that the "system.bad" file is the C\Windows\System directory??? During a registry restore, there is frequently a "System.bad" file made from the old "system.dat" file and likewise with a "user.bad" from "user.dat".

Have you tried to do a "Scanreg /restore" while in DOS?

Or maybe physically renaming and using an older "System.dat" and "User.dat" files, like this:

c:

cd\windows
attrib -r -h -s system.dat
attrib -r -h -s system.da0
ren system.dat system.bad
ren system.da0 system.dat
attrib -r -h -s user.dat
attrib -r -h -s user.da0
ren user.dat system.bad
ren user.da0 uder.dat

Hope this helps.

Grif

- Collapse -
Re:Cuervo, Are You Sure ???
Nov 18, 2003 10:24PM PST

I'm not sure of of what caused it. The \windows\system directory was gone. Scanreg /restore returned a message about missing .dll's and the system.bad file was approximately ten times as big as the system.dat.
Thanks,
B.K.

- Collapse -
Cuervo, Not Much Left To Do....
Nov 19, 2003 2:58AM PST

...except to reformat and reinstall the entire system. If the "Windows\System" folder is gone or renamed, then I'm not familiar with any virus that will perform that type of operation. There are many that will delete files and folders such as the "System" folder, or maybe even the entire drive, but I haven't seen what you're describing. In addition, it would need to be performed in DOS. Just a thought here, have you checked the "autoexec.bat" file to see if there are any additional lines that may have been added which would delete the "System" folder during start up? It might be worth a look.

Just in case there is a memory resident virus, make sure to disconnect the machine from power, then reformat the drive and reinstall the operating system. At least, that's what I would do.

Hope this helps.

Grif

- Collapse -
Re:Cuervo, Not Much Left To Do....
Nov 28, 2003 7:38AM PST

Thanks Grif:
I reformated, reinstalled and sent it home. If it comes back I will spend more time on it.
B.K.