Home > IT Answers > Microsoft Windows > Bizarre Configuration "Restoration" - REPOST
Help

Question

  Asked: Jun 16 2005   1:29 PM GMT
  Asked by: bobkberg

Bizarre Configuration "Restoration" - REPOST


Tech support, Help Desk, Hardware, Desktops, Windows 95/98, Windows client administration and maintenance, Installation

Once again, here I am on the outskirts of reason with problem.

Machine in question is an HP Pavilion, running Windows 98. It's a customer's machine so upgrading the O/S is not an option.

The situation is that the machine has a bunch of stuff that I don't want on it - so I removed it - like:
- Configurations for long-gone network adapters
- NetBEUI for all adapters
- OLD version of McAfee Anti-Virus

At one point, I had to re-install all the O/S - and all the stuff listed above CAME BACK.

I've ghosted the hard drive, so this afternoon, I'm going to wipe the disk and see what happens, but I'm really puzzled as to WHERE this "removed" configuration info is coming back from on a re-install.

Just for jollies, I've done this now 3 times in a row - each time uninstalling and deleting more stuff.

Any ideas what process/product/whatever might be responsible for restoring the older configuration?

I'll also follow up with another post if wiping the hard disk doesn't work - we'll see on that..

Bob

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Jun 16 2005  1:54 PM GMT  by ItDefPat1




OK, have you done in-place upgrades/resinstalls only? or have you uninstalled+new install. If this keeps going retro on you, you might want to wipe. Are you going to do a fresh reinstall of everything? Sounds like lots of work. There are config backups in Win98, but I don't recall path off top of my head (I'm sure another reply will). I'd backup any important stuff, drivers, apps to a thumb drive or burn a CD to make reinstall less horrible.

On a bad note, I've seen spyware that will auto-undelete, poly-morphic, stealth, dynamic file rename/relocate (but probably not to restore Win98 %-O ). Be sure system is real clean, not just AV, but anti-adware/spyware also.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Microsoft Windows and DataCenter.

Looking for relevant Microsoft Windows Whitepapers? Visit the SearchWinIT.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

bobkberg  |   Jun 16 2005  2:27PM GMT

Thanks for the followup - this afternoon I plan to wipe the drive.

However, I’m also REALLY hoping to learn something concrete from this.

As for taking a lot of time, I agree - In terms of per-hour rate for this job, I’m probably below minimum wage right now.

BUT - tackling bizarre and/or difficult problems is one of my joys in life - that’s the only way I learn things.

Bob

 

amitrajit  |   Jun 17 2005  3:45AM GMT

I think most of these system files that are reappearing come bundled with Win 98 so if you uninstall only the programs and then reinstall Win98 you get back all the old stuff. You have to format the HDD and do a fresh custom install of the OS. MAke a backup of only the data required and not of the whole system because that will save the old config files, registry settings etc.

 

cookie20  |   Jun 17 2005  4:02AM GMT

From my personal experience
If it is a major problem with win98 that you believe re installation is the only solution than copy the data you need to save and start new instalation with:
fdisk /mbr to clear mbr, just in case…
fdisf - to delete all partitions and create new ones…
format…
if re installation is an option it might save a lot of time !in some cases!

 

PeterMac  |   Jun 17 2005  4:54AM GMT

As I think that your best option is to wipe, and reload from scratch the following is only for thinking about.

Regards Reinstall, did you do this from standard Win98 install disk, or from a System Restore, or OEM Install Disk. Either of latter may have specific drivers, and other software bundled with them, to fit in with original hardware configuration.

Regards Old Driver removal, Did you simply uninstall drivers, or delete drivers etc. Win98 will remember old hardware, and simply re-install the drivers, unless you also remove devices from Hardware Manager.

 

bobkberg  |   Jun 17 2005  10:45AM GMT

Thanks for all the responses.

I’m definitely dealing with some sort of persistent virus here. One of its signs is the creation of (literally) thousands of zero length files with names like apinn32.dll.
Additionally, there are hundreds of copies of files with names like appnzi.exe. (size 66 KB) in the Windows, Windowssystem and Windowssystem32 directories. After wiping all of them, they were restored on one reboot.

I’m going to try the fdisk /mbr this afternoon. I was also talking with friend who got something similar - it was an infected MBR, so reformatting had no effect. This may NOT be the same as the one I’ve got, but he noted in his case that Norton failed to notice it. However, PC-cillin did find it for him. I’m usually a Norton user, so I stopped by the store last night and bought a copy of PC-cillin. We’ll see what happens….

Bob

 

ItDefPat1  |   Jun 17 2005  12:43PM GMT

I restate that a multiple anti vrus & spy should be done. I would start with av+as even again after wipe and reinstll OS. two security lessones: you can never be too safe; 2- it always gets worse.

 

Smitch  |   Jun 19 2005  10:26PM GMT

If you haven’t removed “system.dat” and “user.dat” you will “import” items from the old registry in Win98. These reside in the c:windows directory. If for some reason (data retrieval?!?) you don’t want to or can’t scrub the drive:
Boot into a command prompt mode
CD to c:windows
enter at c:>
“attrib -s -h -r system.dat”
“attrib -s -h -r user.dat”
“del system.dat”
“del user.dat”
Leaving out the “’s (this will eliminate the old active registry. You can also del any system.bak or user.bak files)
Proceed with your O/S reload, you will have a virgin registry afterwards.

*******
P.S. If you just want a clean registry without reloading the O/S you can recover the original Win98 registry by(after eliminating the system and user.dat files)entering at the command prompt:
“attrib -s -h -r c:system.1st”
“copy c:system.1st c:windowssystem.dat”
“attrib +s +h +r c:system.1st”

gl

 

bobkberg  |   Jun 20 2005  1:10PM GMT

Thanks for all your help everyone.

Much as I hate to go there, in this case, I did a complete low-level format of the entire disk - and then verified the cleanliness of the MBR with a free tool I just discovered (on download.com) called MBRtool. Then I did a complete re-install from the original HP CD’s (which the owner originally thought he had lost).

Next step was to do a file extraction from the ghost image onto a clean machine - and then clean those up with Norton.

It seems to be working just fine now.

Thanks again all.

Bob