Bizarre Configuration “Restoration” – REPOST

1070 pts.
Tags:
Desktops
Hardware
Help Desk
Installation
Tech support
Windows 95/98
Windows client administration and maintenance
Once again, here I am on the outskirts of reason with problem. Machine in question is an HP Pavilion, running Windows 98. It's a customer's machine so upgrading the O/S is not an option. The situation is that the machine has a bunch of stuff that I don't want on it - so I removed it - like: - Configurations for long-gone network adapters - NetBEUI for all adapters - OLD version of McAfee Anti-Virus At one point, I had to re-install all the O/S - and all the stuff listed above CAME BACK. I've ghosted the hard drive, so this afternoon, I'm going to wipe the disk and see what happens, but I'm really puzzled as to WHERE this "removed" configuration info is coming back from on a re-install. Just for jollies, I've done this now 3 times in a row - each time uninstalling and deleting more stuff. Any ideas what process/product/whatever might be responsible for restoring the older configuration? I'll also follow up with another post if wiping the hard disk doesn't work - we'll see on that.. Bob

Answer Wiki

Thanks. We'll let you know when a new response is added.

OK, have you done in-place upgrades/resinstalls only? or have you uninstalled+new install. If this keeps going retro on you, you might want to wipe. Are you going to do a fresh reinstall of everything? Sounds like lots of work. There are config backups in Win98, but I don’t recall path off top of my head (I’m sure another reply will). I’d backup any important stuff, drivers, apps to a thumb drive or burn a CD to make reinstall less horrible.

On a bad note, I’ve seen spyware that will auto-undelete, poly-morphic, stealth, dynamic file rename/relocate (but probably not to restore Win98 %-O ). Be sure system is real clean, not just AV, but anti-adware/spyware also.

Discuss This Question: 8  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Bobkberg
    Thanks for the followup - this afternoon I plan to wipe the drive. However, I'm also REALLY hoping to learn something concrete from this. As for taking a lot of time, I agree - In terms of per-hour rate for this job, I'm probably below minimum wage right now. BUT - tackling bizarre and/or difficult problems is one of my joys in life - that's the only way I learn things. Bob
    1,070 pointsBadges:
    report
  • Amitrajit
    I think most of these system files that are reappearing come bundled with Win 98 so if you uninstall only the programs and then reinstall Win98 you get back all the old stuff. You have to format the HDD and do a fresh custom install of the OS. MAke a backup of only the data required and not of the whole system because that will save the old config files, registry settings etc.
    0 pointsBadges:
    report
  • Cookie20
    From my personal experience If it is a major problem with win98 that you believe re installation is the only solution than copy the data you need to save and start new instalation with: fdisk /mbr to clear mbr, just in case... fdisf - to delete all partitions and create new ones... format... if re installation is an option it might save a lot of time !in some cases!
    0 pointsBadges:
    report
  • PeterMac
    As I think that your best option is to wipe, and reload from scratch the following is only for thinking about. Regards Reinstall, did you do this from standard Win98 install disk, or from a System Restore, or OEM Install Disk. Either of latter may have specific drivers, and other software bundled with them, to fit in with original hardware configuration. Regards Old Driver removal, Did you simply uninstall drivers, or delete drivers etc. Win98 will remember old hardware, and simply re-install the drivers, unless you also remove devices from Hardware Manager.
    15 pointsBadges:
    report
  • Bobkberg
    Thanks for all the responses. I'm definitely dealing with some sort of persistent virus here. One of its signs is the creation of (literally) thousands of zero length files with names like apinn32.dll. Additionally, there are hundreds of copies of files with names like appnzi.exe. (size 66 KB) in the Windows, Windowssystem and Windowssystem32 directories. After wiping all of them, they were restored on one reboot. I'm going to try the fdisk /mbr this afternoon. I was also talking with friend who got something similar - it was an infected MBR, so reformatting had no effect. This may NOT be the same as the one I've got, but he noted in his case that Norton failed to notice it. However, PC-cillin did find it for him. I'm usually a Norton user, so I stopped by the store last night and bought a copy of PC-cillin. We'll see what happens.... Bob
    1,070 pointsBadges:
    report
  • ItDefPat1
    I restate that a multiple anti vrus & spy should be done. I would start with av+as even again after wipe and reinstll OS. two security lessones: you can never be too safe; 2- it always gets worse.
    15 pointsBadges:
    report
  • Smitch
    If you haven't removed "system.dat" and "user.dat" you will "import" items from the old registry in Win98. These reside in the c:windows directory. If for some reason (data retrieval?!?) you don't want to or can't scrub the drive: Boot into a command prompt mode CD to c:windows enter at c:> "attrib -s -h -r system.dat" "attrib -s -h -r user.dat" "del system.dat" "del user.dat" Leaving out the "'s (this will eliminate the old active registry. You can also del any system.bak or user.bak files) Proceed with your O/S reload, you will have a virgin registry afterwards. ******* P.S. If you just want a clean registry without reloading the O/S you can recover the original Win98 registry by(after eliminating the system and user.dat files)entering at the command prompt: "attrib -s -h -r c:system.1st" "copy c:system.1st c:windowssystem.dat" "attrib +s +h +r c:system.1st" gl
    0 pointsBadges:
    report
  • Bobkberg
    Thanks for all your help everyone. Much as I hate to go there, in this case, I did a complete low-level format of the entire disk - and then verified the cleanliness of the MBR with a free tool I just discovered (on download.com) called MBRtool. Then I did a complete re-install from the original HP CD's (which the owner originally thought he had lost). Next step was to do a file extraction from the ghost image onto a clean machine - and then clean those up with Norton. It seems to be working just fine now. Thanks again all. Bob
    1,070 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following