«

Well, it took almost 20 years but it finally happened. It's
amazing what a small batch file (maybe not so small - it has
vaporized... read on) can do.

Those bored with my gargantuan posts can just skip over most of
it (please read the SUMMARY paragraphs), but I would really
appreciate specific answers to the four numbered questions, as
well as general advice. (My KF is disabled, so go for it,
denizens of aforementioned

Using Compaq EVO-D510 SFF. One 80GB HD, one CD burner, a riser
card with two horizontal PCI slots, and (re: a post from a
couple of months ago) the Compaq BIOS does not allow for more
than one device per IDE channel, I checked - relevance below.

I was running 98SELite, as always, using Opera, on two or three
sites requiring javascript etc. - otherwise I would have been
using OffByOne and this /probably/ would NOT have happened.

The firewall was on, of course, but the ESET internet
monitor/file monitor were /not/, as I do not believe that is
REALLY necessary - I /may/ have to reconsider that position ;-[

Script sentry was on, but it does nothing with batch files, just
scripts of all kinds. And it works great.

>>>SUMMARY (2 paragraphs)

So, everything was fine, when all of a sudden my mouse and
keyboard became possessed.

Basically, it was like the left and right mouse buttons and Ctl
and Alt keys were being randomly activated, FAST. I turned off
the ADSL modem, and ran TaskInfo. There was a batch file in my
temp (either c:\temp or C:\win\temp) directory which was NOT
supposed to be there. It was running. I shut down the machine. I
can't remember the file's exact name, but it was short, 5 or so
letters, no weird numbers or figures.

Boring (yet important if you don't want to ask about stuff I
*already DID*) details:

When I restarted, the same thing was happening. (And it remains
the current situation, although one might say the virus is /less
active/ than it was (as if it had a built-in downward slope).
But the machine is unusable, plus, while the virus appears
fairly non-malignant, just annoying (ALL user control is NOT
affected, you just have to click and move the mouse a lot - and
fast, to get in between the virus activity bursts) - who knows
what it will do next? So far my data appears intact [AOT the
system] but FUD are definitely having a big party at the lair of
thanatoid at the moment.

So after the reboot, I ran TaskInfo again - no batch file
running.

I searched for batch files on the C: drive and only found the
few I wrote myself and have always had. /Nothing new./

I ran Restoration (still the only undelete program that is not
5-20 MB and actually works BETTER than any of /those/),
searching for a bat file, nothing. I thought the file might have
deleted itself after doing whatever it was supposed to do. It
must have, since it is NOWHERE to be found, deleted or present.

I rebooted, deleted the swap file in DOS, and rebooted again.
Virus still active.

I thought, OK, I'll reboot to XP - XP should be OK, right? Same
thing. Then I realized XP reads several files on C. Then I tried
to boot Damn Small Linux into memory, it would not (I /have/
successfully run it in the past).

I went back to 98, and, since I just happened to update the ESET
NOD32 signatures a couple of hours earlier, I ran it. The virus
seemed to be paused by ESET running, but while ESET scans boot
sectors and all memory, as well as everything else, it found
nothing.

I went back to XP and ran MalwareBytes Anti-Malware (or whatever
it's called - I only see 8.3 names now...) - nothing on either
C: or the XP partition. While running MBAM, virus activity
appeared to pause as well.

To make a long story a /little/ shorter, I removed the battery,
cleared the CMOS (several times, different hard- and soft-
methods), first restored an old saved MBR, then (when that did
not help) created a new MBR, and finally restored an Acronis
image after moving current C: data to another partition.

I should mention that the virus /appears/ inactive in DOS. Well,
who knows - but nothing weird /seems/ to be happening AFAICT.

Well, when the restored Acronis image (which I believe contains
the MBR in the first sector - I am extremely ignorant about some
basics) exhibited exactly the same behavior, I started thinking
WHAT the damn thing could have infected ELSEWHERE than the HD...
Unless it is hidden /somewhere/ and ****s up the MBR every time
I boot - I don't know much about viruses and what they are
capable of.

I tried Damn Small Linux again - this time it DID boot and ran
in memory...

Get ready for this...

Sigh...

DSL /appeared to exhibit/ - although to a CONSIDERABLY smaller
degree - a little of the SAME behavior - a DOS-like window
(whatever they're called in Linux) would highlight some lines of
the window depending on mouse movement, and I /think/ a menu or
two popped up without any clicking on my part. And the mouse
appeared to be malfunctioning. (OTOH, having only ran DSL a
couple of times before, and for a VERY short period of time, and
already being in a somewhat altered state of mind, my perception
/may/ have been mistaken - I don't know.)

So...

Having never had to deal with this kind of thing before (I got a
virus in a POP email once, but it could not do anything, maybe
because I had all scripting disabled at the time - it was hell
to remove though), I thought the following:

>>>QUESTION 1. It could not have messed up the processor -
first, I do not believe that is /possible/, second, DOS seems to
run fine.

>>>QUESTION 2. AFAIK, the level1 and level2 caches clear upon a
reboot, just like RAM does. I considered whether a batch file
could alter properties of RAM and stay in it ANYWAY, but I do
NOT believe that is possible. Also, there are NO RAM cleaning
utilities on the Hiren's disk which would lead me to believe RAM
is irrelevant as long as one reboots.

>>>QUESTION 3. Since I wiped the CMOS/BIOS (I still do NOT
understand the difference between them, although some people
have tried to explain to me), and have restored (a few times)
and then /written/ a new MBR, PLUS restored a perfect Acronis C:
image, I have NO idea where this damn thing is living.

I have the option of removing the CD burner, deleting all the
root files on the /current/ booting 80GB drive ("drive Z") using
XTreeGold, putting drive Z on the CD drive's IDE channel, and
putting in my old 40GB ("drive X") on the other - booting - IDE
channel. (I believe I don't have to physically move the Z drive,
just deleting all c:\root files will make the machine boot from
the X drive, but just in case...)

BUT - since what is happening is quite inexplicable, I am afraid
of contaminating my X drive. If the virus /is/ somewhere on the
Z drive, and neither ESET nor AntiMalware can find it, I would
imagine it is quite capable of infecting the X drive even if the
computer boots from the X drive and the virus is somewhere on Z
which one would /think/ would then just contain data - and a
disabled OS (well, two disabled OS's 98SELite and XPSP3).

Further infection /might not happen/ if I just use a LFN utility
in DOS and copy stuff to the other HD, or copy to Flash drives
using a DOS USB driver from Hiren's, but then again it MIGHT.
IOW - ATM I am afraid to put the X drive on the other IDE
channel or use Flash sticks.

No one likes this kind of stuff, even I am no exception... I am
VERY seriously considering running BeOS/Haiti or some Linux [for
all internet access, but ultimately for everything, possibly]
from a flash stick (fortunately, my BIOS allows booting from a
USB device) but ATM I am not putting /anything/ in the possessed
computer.

[Although - apart from the indignity and misery of being screwed
and humbled in my arrogance - I have really enjoyed being
internet-free for a few days... Do y'all think internet use
might be addictive? ;-#)

(I spent an enjoyable 6 hours destroying a fourth old phone in
two years while trying to fix it. Soldering isn't as easy at 55
as it was at 25... But getting soldering iron /burns/ sure is...
Fortunately I know about the "run for the freezer and press the
burn against something at -18° Celsius" instant cure.)]

But I digress...

I have /heard/ of viruses which resulted in "the entire computer
going in the trash" but I am not ready to accept that - although
I might /have/ to accept it /eventually/.

>>>QUESTION 4:
IF the infected computer /is/ history, and I build a new one and
using a Linux version which can read FAT32 Windows partitions,
copy various standard format data from the infected HD into
Linux - I am risk free, aren't I?

I am sorry this was so long but I thought I might as well
provide ALL the information I could think of.

I am writing this on my trusty 1997-built PI 166MHz running 95B
and sending it via a 33.6 modem.

I will do some Googling and look around some security sites but
I thought I might as well humbly ask for suggestions.

IOW...

P L E A S E H E L P!

--
You know, that viruses never really sleep
And that hackers never blink their eyes
And that, you know, cats are the only ones who blush
And that the ****in' web... is just to die
- thanatoid (with /profound/ apologies to Lou Reed)

thanatoid <> pinched out a steaming pile
of<Xns9DC3A257384F2thanexit@81.169.183.62>:

> Well, it took almost 20 years but it finally happened. It's
> amazing what a small batch file (maybe not so small - it has
> vaporized... read on) can do.
>
> Those bored with my gargantuan posts can just skip over most of
> it (please read the SUMMARY paragraphs), but I would really
> appreciate specific answers to the four numbered questions, as
> well as general advice. (My KF is disabled, so go for it,
> denizens of aforementioned
>
> Using Compaq EVO-D510 SFF. One 80GB HD, one CD burner, a riser
> card with two horizontal PCI slots, and (re: a post from a
> couple of months ago) the Compaq BIOS does not allow for more
> than one device per IDE channel, I checked - relevance below.
>
> I was running 98SELite, as always, using Opera, on two or three
> sites requiring javascript etc. - otherwise I would have been
> using OffByOne and this /probably/ would NOT have happened.
>
> The firewall was on, of course, but the ESET internet
> monitor/file monitor were /not/, as I do not believe that is
> REALLY necessary - I /may/ have to reconsider that position ;-[
>
> Script sentry was on, but it does nothing with batch files, just
> scripts of all kinds. And it works great.
>
> >>>SUMMARY (2 paragraphs)
>
> So, everything was fine, when all of a sudden my mouse and
> keyboard became possessed.
>
> Basically, it was like the left and right mouse buttons and Ctl
> and Alt keys were being randomly activated, FAST. I turned off
> the ADSL modem, and ran TaskInfo. There was a batch file in my
> temp (either c:\temp or C:\win\temp) directory which was NOT
> supposed to be there. It was running. I shut down the machine. I
> can't remember the file's exact name, but it was short, 5 or so
> letters, no weird numbers or figures.
>
> Boring (yet important if you don't want to ask about stuff I
> *already DID*) details:
>
> When I restarted, the same thing was happening. (And it remains
> the current situation, although one might say the virus is /less
> active/ than it was (as if it had a built-in downward slope).
> But the machine is unusable, plus, while the virus appears
> fairly non-malignant, just annoying (ALL user control is NOT
> affected, you just have to click and move the mouse a lot - and
> fast, to get in between the virus activity bursts) - who knows
> what it will do next? So far my data appears intact [AOT the
> system] but FUD are definitely having a big party at the lair of
> thanatoid at the moment.
>
> So after the reboot, I ran TaskInfo again - no batch file
> running.
>
> I searched for batch files on the C: drive and only found the
> few I wrote myself and have always had. /Nothing new./
>
> I ran Restoration (still the only undelete program that is not
> 5-20 MB and actually works BETTER than any of /those/),
> searching for a bat file, nothing. I thought the file might have
> deleted itself after doing whatever it was supposed to do. It
> must have, since it is NOWHERE to be found, deleted or present.
>
> I rebooted, deleted the swap file in DOS, and rebooted again.
> Virus still active.
>
> I thought, OK, I'll reboot to XP - XP should be OK, right? Same
> thing. Then I realized XP reads several files on C. Then I tried
> to boot Damn Small Linux into memory, it would not (I /have/
> successfully run it in the past).
>
> I went back to 98, and, since I just happened to update the ESET
> NOD32 signatures a couple of hours earlier, I ran it. The virus
> seemed to be paused by ESET running, but while ESET scans boot
> sectors and all memory, as well as everything else, it found
> nothing.
>
> I went back to XP and ran MalwareBytes Anti-Malware (or whatever
> it's called - I only see 8.3 names now...) - nothing on either
> C: or the XP partition. While running MBAM, virus activity
> appeared to pause as well.
>
> To make a long story a /little/ shorter, I removed the battery,
> cleared the CMOS (several times, different hard- and soft-
> methods), first restored an old saved MBR, then (when that did
> not help) created a new MBR, and finally restored an Acronis
> image after moving current C: data to another partition.
>
> I should mention that the virus /appears/ inactive in DOS. Well,
> who knows - but nothing weird /seems/ to be happening AFAICT.
>
> Well, when the restored Acronis image (which I believe contains
> the MBR in the first sector - I am extremely ignorant about some
> basics) exhibited exactly the same behavior, I started thinking
> WHAT the damn thing could have infected ELSEWHERE than the HD...
> Unless it is hidden /somewhere/ and ****s up the MBR every time
> I boot - I don't know much about viruses and what they are
> capable of.
>
> I tried Damn Small Linux again - this time it DID boot and ran
> in memory...
>
> Get ready for this...
>
> Sigh...
>
> DSL /appeared to exhibit/ - although to a CONSIDERABLY smaller
> degree - a little of the SAME behavior - a DOS-like window
> (whatever they're called in Linux) would highlight some lines of
> the window depending on mouse movement, and I /think/ a menu or
> two popped up without any clicking on my part. And the mouse
> appeared to be malfunctioning. (OTOH, having only ran DSL a
> couple of times before, and for a VERY short period of time, and
> already being in a somewhat altered state of mind, my perception
> /may/ have been mistaken - I don't know.)
>
> So...
>
> Having never had to deal with this kind of thing before (I got a
> virus in a POP email once, but it could not do anything, maybe
> because I had all scripting disabled at the time - it was hell
> to remove though), I thought the following:
>
> >>>QUESTION 1. It could not have messed up the processor -
> first, I do not believe that is /possible/, second, DOS seems to
> run fine.
>
> >>>QUESTION 2. AFAIK, the level1 and level2 caches clear upon a
> reboot, just like RAM does. I considered whether a batch file
> could alter properties of RAM and stay in it ANYWAY, but I do
> NOT believe that is possible. Also, there are NO RAM cleaning
> utilities on the Hiren's disk which would lead me to believe RAM
> is irrelevant as long as one reboots.
>
> >>>QUESTION 3. Since I wiped the CMOS/BIOS (I still do NOT
> understand the difference between them, although some people
> have tried to explain to me), and have restored (a few times)
> and then /written/ a new MBR, PLUS restored a perfect Acronis C:
> image, I have NO idea where this damn thing is living.
>
> I have the option of removing the CD burner, deleting all the
> root files on the /current/ booting 80GB drive ("drive Z") using
> XTreeGold, putting drive Z on the CD drive's IDE channel, and
> putting in my old 40GB ("drive X") on the other - booting - IDE
> channel. (I believe I don't have to physically move the Z drive,
> just deleting all c:\root files will make the machine boot from
> the X drive, but just in case...)
>
> BUT - since what is happening is quite inexplicable, I am afraid
> of contaminating my X drive. If the virus /is/ somewhere on the
> Z drive, and neither ESET nor AntiMalware can find it, I would
> imagine it is quite capable of infecting the X drive even if the
> computer boots from the X drive and the virus is somewhere on Z
> which one would /think/ would then just contain data - and a
> disabled OS (well, two disabled OS's 98SELite and XPSP3).
>
> Further infection /might not happen/ if I just use a LFN utility
> in DOS and copy stuff to the other HD, or copy to Flash drives
> using a DOS USB driver from Hiren's, but then again it MIGHT.
> IOW - ATM I am afraid to put the X drive on the other IDE
> channel or use Flash sticks.
>
> No one likes this kind of stuff, even I am no exception... I am
> VERY seriously considering running BeOS/Haiti or some Linux [for
> all internet access, but ultimately for everything, possibly]
> from a flash stick (fortunately, my BIOS allows booting from a
> USB device) but ATM I am not putting /anything/ in the possessed
> computer.
>
> [Although - apart from the indignity and misery of being screwed
> and humbled in my arrogance - I have really enjoyed being
> internet-free for a few days... Do y'all think internet use
> might be addictive? ;-#)
>
> (I spent an enjoyable 6 hours destroying a fourth old phone in
> two years while trying to fix it. Soldering isn't as easy at 55
> as it was at 25... But getting soldering iron /burns/ sure is...
> Fortunately I know about the "run for the freezer and press the
> burn against something at -18° Celsius" instant cure.)]
>
> But I digress...
>
> I have /heard/ of viruses which resulted in "the entire computer
> going in the trash" but I am not ready to accept that - although
> I might /have/ to accept it /eventually/.
>
> >>>QUESTION 4:
> IF the infected computer /is/ history, and I build a new one and
> using a Linux version which can read FAT32 Windows partitions,
> copy various standard format data from the infected HD into
> Linux - I am risk free, aren't I?
>
> I am sorry this was so long but I thought I might as well
> provide ALL the information I could think of.
>
> I am writing this on my trusty 1997-built PI 166MHz running 95B
> and sending it via a 33.6 modem.
>
> I will do some Googling and look around some security sites but
> I thought I might as well humbly ask for suggestions.
>
> IOW...
>
> P L E A S E H E L P!
>
>
<Nelson Muntz voice mode>

HA HA!

Run linux from a usb stick without the hdd hooked up and see if the
crazy stuff still happens.

That should give yu som klewz.

^_^
--
http://www.youtube.com/watch?v=COaoYqkpkUA
cageprisoners.com|www.snuhwolf.9f.com|www.eyeonpalin.org
_____ ____ ____ __ /\_/\ __ _ ______ _____
/ __/ |/ / / / / // // . . \\ \ |\ | / __ \ \ \ __\
_\ \/ / /_/ / _ / \ / \ \| \| \ \_\ \ \__\ _\
/___/_/|_/\____/_//_/ \_@_/ \__|\__|\____/\____\_\

Steve <> wrote in
news: :

> In article <Xns9DC3A257384F2thanexit@81.169.183.62>,
> lid says...
> <snip>
>>
>> IOW...
>>
>> P L E A S E H E L P!
>
> Is your mouse usb or ps2?
>
> Is your keyboard usb or ps2?

Both ps2. It's a 2003(IIRC) model. I use an old clicky keyboard
and an equally old rubber wheel mouse.


--
You know, that viruses never really sleep
And that hackers never blink their eyes
And that, you know, cats are the only ones who blush
And that the ****in' web... is just to die
- thanatoid (with /profound/ apologies to Lou Reed)

§ñühw¤£f <> wrote in
news:i2r3jp$1o6$:

> <Nelson Muntz voice mode>
>
> HA HA!
>
> Run linux from a usb stick without the hdd hooked up and
> see if the crazy stuff still happens.
>
> That should give yu som klewz.

I /knew/ something was NOT going to occur to me...

No - actually it DID, but IIRC the machine "says no HD found"
and won't boot further, so I didn't try it, also not having a
way to put Linux on a USB (this machine does not have USB
working - and it would be more trouble to get it to work than to
build a new computer).

But if the USB stick is PREVIOUS to the HD in "boot order", then
it SHOULD boot, right? Now I only have to wait for the 3 days it
will take me to DL a Linux distro via a 33.6 modem... JK... I
know one person who will let me DL/install to USB at his place.

You /don't/ believe I will be throwing the USB stick in the
trash, apparently? Please confirm.

--
You know, that viruses never really sleep
And that hackers never blink their eyes
And that, you know, cats are the only ones who blush
And that the ****in' web... is just to die
- thanatoid (with /profound/ apologies to Lou Reed)

Steve <> wrote in
news: :

> In article <Xns9DC4109D58A7Dthanexit@81.169.183.62>,
> lid says...
>>
>> Steve <> wrote in
>> news: :
>>
>> > In article <Xns9DC3A257384F2thanexit@81.169.183.62>,
>> > lid says...
>> > <snip>
>> >>
>> >> IOW...
>> >>
>> >> P L E A S E H E L P!
>> >
>> > Is your mouse usb or ps2?
>> >
>> > Is your keyboard usb or ps2?
>>
>> Both ps2. It's a 2003(IIRC) model. I use an old clicky
>> keyboard and an equally old rubber wheel mouse.
>
> Ok, as snuh suggested, disconnect the hard drive and boot a
> linux distro from a cd or flash drive. Problem is, if I
> remember correctly, those PCs got part of their boot
> program off of a hidden partition on the hard drive. Guess
> where I suspect your virus to be hiding.

I am using a HD I put in myself - it was bought used, checked
(took 45 minutes) with a factory cert. software (rated factory
fresh), and I partitioned and formatted it myself. So I don;t
/think/ there are no hidden partitions (just 11 regular ones)
UNLESS the BIOS created one upon the first reboot after
partitioning/formatting.

[I HATE brand name machines... but I had NO other option... I
was lucky to find this used EVO... and *only* at triple the
price it was selling for in the US the /very same day/...]

Hmmm... I DO sort of remember reading about that... Again -
UNLESS the BIOS /creates/ a hidden partition on **any new
drive** /without the innocent user being aware of it/...

But if the drive is NEW, ***NOT*** the one that came with the
machine, how could the BIOS - part of which is ON the original
factory installed HD - boot **without access** to the then-
nonexistent "hidden partition"? Chicken-egg thing...

> Linux doesn't pay much attention to the bios so you should
> be able to get around the no hard drive problem.

Actually, there /is/ a weird BIOS setting and it is suggested it
be changed if using non-Windows OS's, specifically Linux or
Unix. I have not messed with it, since so far I have only run
DSL in/from memory...

I really appreciate your help and still being awake - wherever
you are...

I'll try it, but first:

Can you please confirm that IYO there is NO way the damn thing
can be anywhere BUT the hard drive? I am afraid of infecting the
USB stick - it's only ten bucks, but still...

Also... if the hidden partition exists - and I am willing to
accept that in SOME bizarre manner it does - is there any way to
*see* it and destroy it? Like with some program of the kind you
find on Hiren's buoottsavers?


--
You know, that viruses never really sleep
And that hackers never blink their eyes
And that, you know, cats are the only ones who blush
And that the ****in' web... is just to die
- thanatoid (with /profound/ apologies to Lou Reed)

On Wed, 28 Jul 2010 20:11:02 -0700, Steve wrote:

> In article <Xns9DC3A257384F2thanexit@81.169.183.62>,
> lid says...
> <snip>
>>
>> IOW...
>>
>> P L E A S E H E L P!
>
> Is your mouse usb or ps2?
>
> Is your keyboard usb or ps2?

I doubt he has a mouse.

multiposted crap. Post the problem instead of the novel
Read the following

http://www.blakjak.demon.co.uk/mul_crss.htm
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect

"thanatoid" <> wrote in message
news:Xns9DC3A257384F2thanexit@81.169.183.62...

<snip>

thanatoid wrote:

> DSL /appeared to exhibit/ - although to a CONSIDERABLY smaller
> degree - a little of the SAME behavior

I don't believe this part of the report is correct. That is, you need
to boot DSL off the CD again to see for yourself.

> - a DOS-like window
> (whatever they're called in Linux) would highlight some lines of
> the window depending on mouse movement, and I /think/ a menu or
> two popped up without any clicking on my part. And the mouse
> appeared to be malfunctioning. (OTOH, having only ran DSL a
> couple of times before, and for a VERY short period of time, and
> already being in a somewhat altered state of mind, my perception
> /may/ have been mistaken - I don't know.)

I believe that your perception was faulty.

>>>> QUESTION 1. It could not have messed up the processor -
> first, I do not believe that is /possible/, second, DOS seems to
> run fine.

Malware needs to have a OS to run, such as XP or Win9x.

>>>> QUESTION 2. AFAIK, the level1 and level2 caches clear upon a
> reboot, just like RAM does. I considered whether a batch file
> could alter properties of RAM and stay in it ANYWAY, but I do
> NOT believe that is possible. Also, there are NO RAM cleaning
> utilities on the Hiren's disk which would lead me to believe RAM
> is irrelevant as long as one reboots.

Correct.

>>>> QUESTION 3. Since I wiped the CMOS/BIOS (I still do NOT
> understand the difference between them, although some people
> have tried to explain to me), and have restored (a few times)
> and then /written/ a new MBR, PLUS restored a perfect Acronis C:
> image, I have NO idea where this damn thing is living.

If it is bootsector, there is 'room' in the bootsector separate from the
MBR. Most MBR restorers do not zero the entire bootsector; in fact,
hardly any do that. In order to zero the bootsector, you need to
specifically and consciously do that under 'direct observation'.

> I have the option of removing the CD burner, deleting all the
> root files on the /current/ booting 80GB drive ("drive Z") using
> XTreeGold, putting drive Z on the CD drive's IDE channel, and
> putting in my old 40GB ("drive X") on the other - booting - IDE
> channel. (I believe I don't have to physically move the Z drive,
> just deleting all c:\root files will make the machine boot from
> the X drive, but just in case...)

Instead of doing that, I would use the CD to boot an OS to clean things
up. You should prove to your mental satisfaction that DSL works
perfectly fine and you can boot up a Hiren's a do a lot.

> BUT - since what is happening is quite inexplicable, I am afraid
> of contaminating my X drive. If the virus /is/ somewhere on the
> Z drive, and neither ESET nor AntiMalware can find it, I would
> imagine it is quite capable of infecting the X drive even if the
> computer boots from the X drive and the virus is somewhere on Z
> which one would /think/ would then just contain data - and a
> disabled OS (well, two disabled OS's 98SELite and XPSP3).

I don't know what your X and Z drives are.

>>>> QUESTION 4:
> IF the infected computer /is/ history, and I build a new one and
> using a Linux version which can read FAT32 Windows partitions,
> copy various standard format data from the infected HD into
> Linux - I am risk free, aren't I?

Don't forget how many different forms Win executables can take; here's a
list of 45 from A to X
http://antivirus.about.com/od/securi...ileextview.htm Executable
file extensions

Use a CD to boot, demonstrate to your satisfaction that DSL and Hiren's
can work, format the HDD, zero the boot sector (by visually examining
the boot sector's bits with a Hiren's tool), make a brand new boot
sector, and install the OSes of your choice.


--
Mike Easter

"Peter Foldes" <> wrote in
news:i2rpuh$k99$:

> multiposted crap. Post the problem instead of the novel
> Read the following
>
> http://www.blakjak.demon.co.uk/mul_crss.htm

Top posted crap.

eternalseptember won't let me crosspost. I've tried twice in the
past and could not, so I didn't bother trying this time.

4 groups! Please come over and just kill me!!!

Now, about my problem... I POSTED the problem with *all the
details* to avoid wasting YOUR and everyone elses's time with
posts ASKING FOR THOSE DETAILS and for what I did or did not do
to try and fix the problem.

If you are too lazy to read a comprehensive post, I suggest you
go back to watching the Simpsons reruns.

And if you can't or won't help, please don't bother with top-
posted attacks EITHER.

Thank you and have a nice computer.


--
You know, that viruses never really sleep
And that hackers never blink their eyes
And that, you know, cats are the only ones who blush
And that the ****in' web... is just to die
- thanatoid (with /profound/ apologies to Lou Reed)

thanatoid wrote:
> "Peter Foldes"<> wrote in
> news:i2rpuh$k99$:
>
>> multiposted crap. Post the problem instead of the novel
>> Read the following
>>
>> http://www.blakjak.demon.co.uk/mul_crss.htm
>
> Top posted crap.
>
> eternalseptember won't let me crosspost. I've tried twice in the
> past and could not, so I didn't bother trying this time.
>
> 4 groups! Please come over and just kill me!!!
>
> Now, about my problem... I POSTED the problem with *all the
> details* to avoid wasting YOUR and everyone elses's time with
> posts ASKING FOR THOSE DETAILS and for what I did or did not do
> to try and fix the problem.
>
> If you are too lazy to read a comprehensive post, I suggest you
> go back to watching the Simpsons reruns.
>
> And if you can't or won't help, please don't bother with top-
> posted attacks EITHER.

PF is one taco short of a combo plate.