Virus?

  • Thread starter Thread starter Newbie64
  • Start date Start date
N

Newbie64

I have a AMD K6-500MGHZ that has been running strong for the last fe
years using windows 98 SE. It obviously has it's limitations but fo
what my kids are using it for it's been running fine until recently.
It suddenly would only boot in safe mode for no apparent reason.
reset the BIOS along with repeated attempts changing a variety of th
settings but in trying to reboot in 'normal' it would only 'hang' u
during the process. A step by step boot indicated a fil
$SYS$AVI.vxd that was trying to load. I did some reading about i
and determined that this was a bad file that didn't need to be there
Booted in safe mode and removed this file from the registry alon
with the file aries.vxd. Performed a step by step reboot and th
file was no longer there and the reboot worked to a degree sans an
USB ports available. Rebooted and checked the BIOS settings agai
only to find that in the PNP settings the USB ports were disabled.
enabled them, saved the settings, and rebooted. Then it continuall
asked for a 'boot disk' no matter what configuration I put in th
BIOS. Used the boot disk, performed scandisk, a lot of errors wer
found in file names and directories which were fixed but now all
can do when I reboot is a quick flash of the windows 98 scree
followed by the C:\ prompt. I looked in the directory but it look
like all there is in the listing is 'directory001' throug
"directory031" it doesn't look right but can't be sure. I don'
think I've done anything major but can't determine if there's som
sort of file that's missing on the boot that I need to put back in o
a setting that I've changed to make it miss windows. I wa
convinced that there was a virus on this computer but was never abl
to track it down because it just seemed that some of the setting
were changing on their own. When I performed scandisk the error
that were found had odd characters within them (like smiley faces).
The hard drive is there and is recognized through FDISK and it boot
up as it always did but I'm left with the c-prompt. Any ideas o
thoughts would be greatly appreciated.
Thanks,
Mar
 
I have a AMD K6-500MGHZ that has been running strong for the last few
years using windows 98 SE. It obviously has it's limitations but for
what my kids are using it for it's been running fine until recently.
It suddenly would only boot in safe mode for no apparent reason. I
reset the BIOS along with repeated attempts changing a variety of the
settings but in trying to reboot in 'normal' it would only 'hang' up
during the process. A step by step boot indicated a file
$SYS$AVI.vxd that was trying to load. I did some reading about it
and determined that this was a bad file that didn't need to be there.
Booted in safe mode and removed this file from the registry along
with the file aries.vxd.

....

"Aries.sys" is a component of the Sony "root kit" DRM software that
has been in the news of late. It's possible that "aries.vxd" is the
version for Win9x products. Also, the cloaked files of the root kit
all start with "$sys$." Sounds like you have the Sony root kit, and
possibly a virus that exploits the root kit. Take a look at:

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

for further information. Since you are using a Win9x-based system
instead of an NT-based system, the specific file names and the
specific removal procedure may be different. Just deleting the files
results in a trashed system, as you discovered.
 
I have a AMD K6-500MGHZ that has been running strong for the last few
years using windows 98 SE. It obviously has it's limitations but for
what my kids are using it for it's been running fine until recently.
It suddenly would only boot in safe mode for no apparent reason. I
reset the BIOS along with repeated attempts changing a variety of the
settings but in trying to reboot in 'normal' it would only 'hang' up
during the process. A step by step boot indicated a file
$SYS$AVI.vxd that was trying to load. I did some reading about it
and determined that this was a bad file that didn't need to be there.
Booted in safe mode and removed this file from the registry along
with the file aries.vxd. Performed a step by step reboot and the
file was no longer there and the reboot worked to a degree sans any
USB ports available. Rebooted and checked the BIOS settings again
only to find that in the PNP settings the USB ports were disabled. I
enabled them, saved the settings, and rebooted. Then it continually
asked for a 'boot disk' no matter what configuration I put in the
BIOS. Used the boot disk, performed scandisk, a lot of errors were
found in file names and directories which were fixed but now all I
can do when I reboot is a quick flash of the windows 98 screen
followed by the C:\ prompt. I looked in the directory but it looks
like all there is in the listing is 'directory001' through
"directory031" it doesn't look right but can't be sure. I don't
think I've done anything major but can't determine if there's some
sort of file that's missing on the boot that I need to put back in or
a setting that I've changed to make it miss windows. I was
convinced that there was a virus on this computer but was never able
to track it down because it just seemed that some of the settings
were changing on their own. When I performed scandisk the errors
that were found had odd characters within them (like smiley faces).
The hard drive is there and is recognized through FDISK and it boots
up as it always did but I'm left with the c-prompt. Any ideas or
thoughts would be greatly appreciated.
Thanks,
Mark

$SYS$AVI.vxd smells like Sony's rootkit. The easiest way out? Copy
the data of value to another computer / CDs /whatever, and then ...
FORMAT C:/U. Restoring the original system will take a lot more time,
not guaranteed to be successful, and, after all, Windows tend to
degrade with the time passing, so a fresh install will make things run
better. And it would be a good idea to upgrade to XP or at least 2k -
it's 21st century.
Good luck
NNN
 
I have a AMD K6-500MGHZ that has been running strong for the last few
years using windows 98 SE. It obviously has it's limitations but for
what my kids are using it for it's been running fine until recently.
It suddenly would only boot in safe mode for no apparent reason. I
reset the BIOS along with repeated attempts changing a variety of the
settings but in trying to reboot in 'normal' it would only 'hang' up
during the process. A step by step boot indicated a file
$SYS$AVI.vxd that was trying to load. I did some reading about it
and determined that this was a bad file that didn't need to be there.
Booted in safe mode and removed this file from the registry along
with the file aries.vxd. Performed a step by step reboot and the
file was no longer there and the reboot worked to a degree sans any
USB ports available. Rebooted and checked the BIOS settings again
only to find that in the PNP settings the USB ports were disabled. I
enabled them, saved the settings, and rebooted. Then it continually
asked for a 'boot disk' no matter what configuration I put in the
BIOS. Used the boot disk, performed scandisk, a lot of errors were
found in file names and directories which were fixed but now all I
can do when I reboot is a quick flash of the windows 98 screen
followed by the C:\ prompt. I looked in the directory but it looks
like all there is in the listing is 'directory001' through
"directory031" it doesn't look right but can't be sure. I don't
think I've done anything major but can't determine if there's some
sort of file that's missing on the boot that I need to put back in or
a setting that I've changed to make it miss windows. I was
convinced that there was a virus on this computer but was never able
to track it down because it just seemed that some of the settings
were changing on their own. When I performed scandisk the errors
that were found had odd characters within them (like smiley faces).
The hard drive is there and is recognized through FDISK and it boots
up as it always did but I'm left with the c-prompt. Any ideas or
thoughts would be greatly appreciated.

I think Gary nailed it - here's a list of Sony/BMG XCP protected CDs:
http://cp.sonybmg.com/xcp/english/titles.html.

The best place to start might be to reinstall the Sony software and then
use their uninstall procedures available from the above site.
 
That machine running XP would be a dog, why not just put Gnu/linux or a
bsd on that bad boy. Then you would not have to worry about a root kit,
or most viri, it would also run faster.

Just use fluxbox with Rox-filer, Rox-session and you have a good setup
easy to use and lots faster.

Gnu_Raiz
 
That machine running XP would be a dog, why not just put Gnu/linux or a
bsd on that bad boy. Then you would not have to worry about a root kit,
or most viri, it would also run faster.

Just use fluxbox with Rox-filer, Rox-session and you have a good setup
easy to use and lots faster.

Gnu_Raiz

Not necessarily that bad - just behind me sits a k6-2+, OCed to 600,
running XP. As long as it doesn't swap to the disk (very seldom,
because 500MB RAM is enough to support even 2 concurrent sessions),
it's good enough for almost everything except FPU-heavy stuff. Well,
M$ media player stutters on divx movies, but I don't use it for
watching - I have an Opteron box for that.
 
The best place to start might be to reinstall the Sony software and then
use their uninstall procedures available from the above site.

Does that actually work now? The last I read on the Sony Rootkit
debacle, their uninstall doesn't actually work.
 
Does that actually work now? The last I read on the Sony Rootkit
debacle, their uninstall doesn't actually work.

It does work, sort of. From what I've read, it closes the original
hole the size to run an 18-wheeler through. But in the process of
doing so, it introduces another hole big enough to fly a 747 through.
In other words, if one's got it, and has no clue as to how to use
regedit, regsvr32, and such, the best way out is FORMAT C:/U.
;-)
NNN
 
It does work, sort of. From what I've read, it closes the original
hole the size to run an 18-wheeler through. But in the process of
doing so, it introduces another hole big enough to fly a 747 through.
In other words, if one's got it, and has no clue as to how to use
regedit, regsvr32, and such, the best way out is FORMAT C:/U.
;-)
NNN

I like to go a little further than that. I use a little utility
called "ZAP", which overwrites the first 128 logical blocks of the
drive with 00h. Then fdisk, then format, and you KNOW it's clean.

But basically, I'm in agreement with the rest of the advice here. It
doesn't even matter if he has a virus / trojan / rootkit / whatever.
Wiping the hard drive and reinstalling the operating system is the
best answer. If there is valuable data to be saved, then attach the
hard drive as a secondary drive on another computer and copy the data,
then reinstall the hard drive in the original computer and start from
scratch reinstalling the OS.
 
Does that actually work now? The last I read on the Sony Rootkit
debacle, their uninstall doesn't actually work.

It was my impression that it works well enough that, in conjumnction with
their un-hide, it gets you to a point where final clean-up is easier. Then
you run Root Kit Revealer etc. Since he has a FAT32 file system, he can
also boot from floppy and that allows removal of folders which won't go
away while the OS is running.
 
Back
Top