If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Shell Dump in Win98(se)?
My computer froze while downloading an mp3 file. When I rebooted two
files appeared in the folder where the mp3 was being saved. (I'll call this Folder A.)One file was called: 40-5081-.101 The other had the word "shell" in it. One of the files was about 222,000KB. I tried to delete the above files but could not. At first I got an "access denied, the disk is full or write protected" message and then a freeze due to an "exception in crypt32.dll" On the next reboot the files were no longer visible in windows explorer, but I could not remove Folder A in windows or from a DOS window or a DOS "command only" prompt because windows and DOS reported Folder A contained files. On the next reboot, I tried to copy the files and folders on the same level as Folder A (2nd level) to a new first level folder. The files and folders wound up in the Folder A. I rebooted and was able to move the other second level files and folders to an external drive, except for one (an older wav file) which showed about a 300,000KB in windows explorer but winamp reported had 0 minutes. Yet, I was now able to move Folder A to the recycle bin, which I emptied. On the next reboot, I restored my registry to a few days before the crash. The recycle bin icon was full but when I opened it, the list showed no files. When I emptied it, it asked if I wanted to remove 2 files, which I assume were mysterious files in Folder A. Then I tried to scan the partition Folder A was on with a utility called System Suite, but it could not access the partition that had contained the now deleted Folder A. Is there any way that I can check to see if these files are still on my system and, if so, remove them? Perhaps a low-level formatting program? Or would they show up in a registry entry? Or can they be made visible with a windows or DOS command? I'm uneasy about using the computer. BTW, TrojanHunter found no trojans in Folder A. Thanks for any help. Ellen |
#2
|
|||
|
|||
Shell Dump in Win98(se)?
My computer froze while downloading an mp3 file.
strange. shouldn't happen even if the disk went completly full by that download. I imagine some webbrowser could perhaps hang but the whole win98? (btw, what web browser do you use?) When I rebooted two files appeared in the folder where the mp3 was beingsaved. (I'll call this Folder A.)One file was called: so instead of c:\somewhere\A\nicemusic.mp3 (5 MB) you ended up with c:\somewhere\A\40-5081-.101 (222000 KB) c:\somewhere\A\shell sort of? I tried to delete the above files but could not. At first I got an "access denied, the disk is full or write protected" message and then a freeze due to an "exception in crypt32.dll" hmm... if we assume that your disk isn't full then perhaps those two files is perhaps part of some ugly spywarething, but you have checked for that so.... On the next reboot the files were no longer visible in windows explorer, but I could not remove Folder A in windows or from a DOS window or a DOS "command only" prompt because windows and DOS reported Folder A contained files. if you start windows in dos only mode (or boot from a dos floppy) and go the the directory (in my example c:\somewh~1\A\) you could perhaps run the dos command attrib to see hidden files and in that directory use attrib /s -S -H -R *.* to unhide/unprotect them. you could allso try run scandisk too se if the filesystem is broken somehow. On the next reboot, I tried to copy the files and folders on the same level as Folder A (2nd level) to a new first level folder. The files and folders wound up in the Folder A. so when you did copy c:\somewhere\A\*.* c:\newplace (or same thing in windows explorer) the files where copied to where....? I rebooted and was able to move the other second level files and folders to an external drive, except for one (an older wav file) which showed about a 300,000KB in windows explorer but winamp reported had 0 minutes. is that 300000KB (=300MB sort of) or 300KB ? and yeah if the wav-file is broken (isn't really a wav-file) then it will be 0 minutes Then I tried to scan the partition Folder A was on with a utility called System Suite, but it could not access the partition that had contained the now deleted Folder A. yeah I assume there are better programs than windows builtin scandisk, I haven't tried any called SystemSuite though, do you have a link to that program? btw did windows scandisk say the disk was ok? Is there any way that I can check to see if these files are still on my system and, if so, remove them? Perhaps a low-level formatting program? hehe... you don't have to "low-level" format a partition to delete all files on it. just formatting will be enough. (low level isn't even possible on modern harddisk I believe). if you have some evil stuff in the MBR (partitiontable) of the hard disk, then perhaps repartition it too is nice. (or just fdisk /mbr). Booting from some floppy that you know is absolutely clean of malware of course. remember to verify that you have backupped everthying important and allmost-important like bookmarks and stuff to an dvd or usb-memory first before you wipe everything on you harddisk. Allso write down what hardware you have, and win98-serial, it will simplify when you reinstall windows98 after the formatting. now I don't think you have to format & reinstall windows... you shouldn't jump to that 'solution' before you know that you *have* too.... about finding if the files is still there... if your computer is new enough to handle it (at least 256MB memory) then you could boot on a linux livecd (like Ubuntu) and look for files with its filemanager. perhaps easier than just using dos commands from a dos floppy. Or would they show up in a registry entry? Or can they be made visible you mean if the files are refered (loaded) from the registry? just search with regedit for the filenames and see... with a windows or DOS command? I'm uneasy about using the computer. if you feel uneasy using the computer, and allready have backupped all files on the computer to cd/dvd/usb, and have all drivers for that motherboard/graphics/network/soundcard/printer in good order on cd... ....well then it could be nice to repartition&reformat and a clean reinstall of win98... You know the "this time I will do everything right and no disorder" ;-) (98lite is a good tool for getting rid of internetexplorer during install for example. and (assuming you have another noninfected computer) you could perhaps check out the win98-projets at msfn.org to install new bugfixes&patches, usbdrivers etc) BTW, TrojanHunter found no trojans in Folder A. Thanks for any help. it is allways nice to use more than one spyware-searcher. spybot search&destroy http://www.safer-networking.org/en/home/ is a nice one. |
#3
|
|||
|
|||
Shell Dump in Win98(se)?
My computer froze while downloading an mp3 file.
strange. shouldn't happen even if the disk went completly full by that download. I imagine some webbrowser could perhaps hang but the whole win98? (btw, what web browser do you use?) When I rebooted two files appeared in the folder where the mp3 was beingsaved. (I'll call this Folder A.)One file was called: so instead of c:\somewhere\A\nicemusic.mp3 (5 MB) you ended up with c:\somewhere\A\40-5081-.101 (222000 KB) c:\somewhere\A\shell sort of? I tried to delete the above files but could not. At first I got an "access denied, the disk is full or write protected" message and then a freeze due to an "exception in crypt32.dll" hmm... if we assume that your disk isn't full then perhaps those two files is perhaps part of some ugly spywarething, but you have checked for that so.... On the next reboot the files were no longer visible in windows explorer, but I could not remove Folder A in windows or from a DOS window or a DOS "command only" prompt because windows and DOS reported Folder A contained files. if you start windows in dos only mode (or boot from a dos floppy) and go the the directory (in my example c:\somewh~1\A\) you could perhaps run the dos command attrib to see hidden files and in that directory use attrib /s -S -H -R *.* to unhide/unprotect them. you could allso try run scandisk too se if the filesystem is broken somehow. On the next reboot, I tried to copy the files and folders on the same level as Folder A (2nd level) to a new first level folder. The files and folders wound up in the Folder A. so when you did copy c:\somewhere\A\*.* c:\newplace (or same thing in windows explorer) the files where copied to where....? I rebooted and was able to move the other second level files and folders to an external drive, except for one (an older wav file) which showed about a 300,000KB in windows explorer but winamp reported had 0 minutes. is that 300000KB (=300MB sort of) or 300KB ? and yeah if the wav-file is broken (isn't really a wav-file) then it will be 0 minutes Then I tried to scan the partition Folder A was on with a utility called System Suite, but it could not access the partition that had contained the now deleted Folder A. yeah I assume there are better programs than windows builtin scandisk, I haven't tried any called SystemSuite though, do you have a link to that program? btw did windows scandisk say the disk was ok? Is there any way that I can check to see if these files are still on my system and, if so, remove them? Perhaps a low-level formatting program? hehe... you don't have to "low-level" format a partition to delete all files on it. just formatting will be enough. (low level isn't even possible on modern harddisk I believe). if you have some evil stuff in the MBR (partitiontable) of the hard disk, then perhaps repartition it too is nice. (or just fdisk /mbr). Booting from some floppy that you know is absolutely clean of malware of course. remember to verify that you have backupped everthying important and allmost-important like bookmarks and stuff to an dvd or usb-memory first before you wipe everything on you harddisk. Allso write down what hardware you have, and win98-serial, it will simplify when you reinstall windows98 after the formatting. now I don't think you have to format & reinstall windows... you shouldn't jump to that 'solution' before you know that you *have* too.... about finding if the files is still there... if your computer is new enough to handle it (at least 256MB memory) then you could boot on a linux livecd (like Ubuntu) and look for files with its filemanager. perhaps easier than just using dos commands from a dos floppy. Or would they show up in a registry entry? Or can they be made visible you mean if the files are refered (loaded) from the registry? just search with regedit for the filenames and see... with a windows or DOS command? I'm uneasy about using the computer. if you feel uneasy using the computer, and allready have backupped all files on the computer to cd/dvd/usb, and have all drivers for that motherboard/graphics/network/soundcard/printer in good order on cd... ....well then it could be nice to repartition&reformat and a clean reinstall of win98... You know the "this time I will do everything right and no disorder" ;-) (98lite is a good tool for getting rid of internetexplorer during install for example. and (assuming you have another noninfected computer) you could perhaps check out the win98-projets at msfn.org to install new bugfixes&patches, usbdrivers etc) BTW, TrojanHunter found no trojans in Folder A. Thanks for any help. it is allways nice to use more than one spyware-searcher. spybot search&destroy http://www.safer-networking.org/en/home/ is a nice one. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WIN98 Shell | pjhjones | General | 10 | November 15th 08 10:46 PM |
you must all DUMP Windows 98 ... | RJK | General | 18 | March 20th 05 01:52 PM |
Beginning dump of physical memory htoskrnl.exe brings blue screen | Rasoul Khoshravan Azar | Internet | 1 | July 12th 04 02:00 PM |
How do I dump my computer? | Aaron Smith | General | 1 | June 28th 04 08:03 PM |
dump hard drive to start over | Rick | Disk Drives | 1 | June 27th 04 04:29 PM |