[insipid]

grotting, I must be getting old, I completely forgot about the cab files in 98, nice work. I feel I must tell you, a format may be in the future, but not if I can help it. I've been at this a good while, and I've yet to recommend a reformat, but as I said, you have a very sick machine on your hands. One thing I can promise, I won't give up before you .

The regfix you ran from my first post should have restored your desktop, it's designed to do exactly that. The blue screen is an earmark of the smitfraud infection. I suggest we try the regfix again to try to get some semblance of control of your computer, now that you have a working explorer.exe. If it works, we can continue from there.

Please run smitfraud.reg any way you can, and let me know if you encounter problems, we'll work around them.

By the way, C:\!submit\wp.exe is not part of your problem, it's created to allow easy submission of malware files to the experts that figure out how to fix these problems. Note that wp.exe is one of the files we tried to killbox.

[Advertisements]

insipid, your optimism is refreshing , as far as giving up, I'll keep on going as long as you stay with me.

As far as reformating, I wouldn't want to do that except as a last resort. There are about 4 years of irreplaceable family photos on the system. When I first got involved with this machine, I asked my niece when was the last time she had done a backup. She said she had never done a backup since she bought the machine. I believe, after this incident, she has learned two valuable lessons, having good antivirus protection installed and performing frequent backups.

I down loaded a fresh copy of smitfraud.reg and installed it. The system indicated that the file was successfully entered into the registry. After reboot, there is no change, still have the blue screens.

[grotting]

insipid, your optimism is refreshing , as far as giving up, I'll keep on going as long as you stay with me.

As far as reformating, I wouldn't want to do that except as a last resort. There are about 4 years of irreplaceable family photos on the system. When I first got involved with this machine, I asked my niece when was the last time she had done a backup. She said she had never done a backup since she bought the machine. I believe, after this incident, she has learned two valuable lessons, having good antivirus protection installed and performing frequent backups.

I down loaded a fresh copy of smitfraud.reg and installed it. The system indicated that the file was successfully entered into the registry. After reboot, there is no change, still have the blue screens.

[insipid]

Reformatting is always the last resort. As for optimism, I've yet to take on a problem that couldn't be fixed, personally, but I've seen them happen.

I think it's a good time to try to save those pictures, I have a family myself and I would hate to lose mine. I have stacks of backup CDs. Do you have a spare harddrive around? If not, a small one can be had for very little money, and it's worth it to save your memories. Even a 4GB drive will suffice, 98 takes up very little storage space. I suggest installing a hardrive formatted with Windows 98 as the master drive, switching the one we're working on to slave, and rescuing your files. Burn them to CD, and save them.

If you're not comfortable with working on the inside of the box, tell me I'll help you. It's not as hard as it seems. We just need to save your files. In the meantime, I'm still soliciting help on this case.

Oh, and don't be too hard on your niece, the smitfraud trojan has spread faster than the plague recently, she's not alone. Backups are crucial, but it doesn't appear that any anti-virus program was equipped to stop it, so she most likely couldn't have prevented this.

[grotting]

insipid, I'm having a problem locating a small harddrive, the smallest one I can find in my local computer store is 100 GB. I'll keep looking, I may be able to find a used one.

I've been studying the cabs directory on this machine, and it looks like all the necessary files are there, including 5 extra cab files, which I belive are the compaq proprietary files. If I were to run the setup.exe that is in this directory, would that not reinstall windows over the top of the existing windows files and overwrite any files that were corupt, including any that are associated with explorer.exe?

[insipid]

grotting, I think the priority here is to save your family pictures. Computers come and go, those photos are irreplaceable. I suggest pulling the harddrive from the machine we're working on and installing it in a working 98 or ME system (XP can't read FAT32 files systems), then copy the pictures from it. You won't be loading the OS, so the possibility of infection is very slim.

As for your idea of using Windows Setup from the CAB files, that's an interesting thought. You've already used SFC, so your system files should be ok (although SFC didn't come into it's own until XP). Also, you're using a restore disk, I've never done so, but it should run Windows Setup normally. It may be worth a shot, but I suggest you watch what it's doing, don't let it run any 'Restore' functions. It's your data we're trying to protect at this point, before we do anything that puts it at risk.

By the way, have you tried to load explorer.exe from the Taskmanager? I've asked around about this case, and that's the best suggestion I've gotten. Hence, my desire to get your data files off of this disk.

I surely wish I had better advice, but this machine was unusable when I got to it.

[grotting]

insipid, I've asked around and can't find a working system with windows 98 installed, both my desktop and my laptop are runing XP and everyone else I know, has upgraded to XP also.

I tried to copy all of the files in the cabs directory to CD, but the program that enables writing to CD apparently has to run from explorer or control panel, of wich I have neither. I can read from the CD, but I can't write to it, so there is no way to copy files, except the floppy. The recovery CD does not have the cab files on it. I'm not sure that I can even format a new drive from the CD. I'll probably have to use the boot disk and transfer the system files from it to the new drive.

Yes, I have tried loading explorer from both program manager and file manager, I get the same error message as before.

I'm going to be out of town until next monday or tuesday. I'll be going up to Seattle, WA. There is a Frys Electronic Store there, and I'll be able to get the harddrive that you had recommended and bring it back with me, then maybe I can put it in as the master and change the other drive to slave and install a fresh copy of windows 98 onto the new drive.

[insipid]

Ok, good idea, you can get the files that wayn for sure . Let me know how things go.

[grotting]

insipid, I do belive we have a working system again . I picked up a 40 GB harddrive in Seattle, installed it as the master, switched the old drive to slave, then working in DOS from the boot disk I partitioned and formatted the drive. the old drive was redesignated as drive D. I created the same directory structure for windows on drive C, copied all the files in the cabs directory of drive D to the cabs directory of drive C, ran setup.exe from C:\windows\options\cabs, the system installed without a hitch, no errors. Now all I have to do, is get with my neice and set up the internet connection, install the printer, and reinstall the programs that she was using, I'll do that this weekend. I'll post here when we have it all working normal.

[insipid]

That's great news, grotting . I gather you've saved your pictures, that's what's important here. Keep me updated.

I urge you to advise your neice to install Anti-virus and firewall applications before installing the internet connection, then post a new HijackThis log here. When you get it all clean and stable, I will recommend a proven security strategy that will go a long ways towards preventing this from happening again.

If you don't have AV or Firewall apps readily at hand, check my signature below. AVG is free (and better than many paid Anti-virus programs) and so are the firewalls I list. You can easily transfer the downloaded installation files, then update them when she gets online. She won't be surfing unprotected.

You don't know how pleased I am that this is going to work out, I don't think I've seen a system this far gone before.