I'm hoping someone out there can help me with a problem I've had since August. I'm still not back online with this computer and I'm about ready to throw it out the window.
I'll try and make this as brief as possible, but there are 6 months of info to cull through so please bear with me.
I have a Dell Dimension 4100 / Pentium III 866 Mhz / 20.4 Gb HD / 128 Mb RAM / Win98SE (OEM, factory loaded) / dial-up internet at the time, on a 2nd phone line so always plugged in. It's a stand alone computer and I'm the only user.
I'd had AOL connection problems and Norton AV had found and removed JS Seeker (similar to William Closure's problem) right before I - quite accidentally - discovered I'd been hacked in August. The registry, and all my files (personal as well as system) had been ransacked and changed around. They had hacked into my AOL connection, and because of this, other files I found, and strange things happening online, I suspect my computer had been made into some sort of server on their network.
I tried fdisking, formatting & flashing my bios, but all the "altered" registry and system files came back with the Windows reinstall. Manually editing the registy didn't work either - as soon as I rebooted, the changes I'd made were gone. (In the registry, in a file named "Unmoveable files" I found 5 files, including GoBack.IO (which might explain why my changes don't stick) and Bootlok.lk).
I changed ISP's and installed Norton Securities, but the MINUTE I got back online I was hit with 3 netbus attempts. Norton says this doesn't mean it was a trojan attempt, that it coud just be someone on your network trying to gain access to your computer. But I'm not on network! And when I got offline soon after, I discovered new .cab files had been added to my Windows folder despite m firewall (another reason I suspect I'm on their network).
I did find something concrete recently though: with no OS installed and booting into DOS with a "good" Win98 bootdisk, both Norton Disk Doctor and Scandisk tell me drive A:\ root directory is corrupted, starting with cluster 2, IO.SYS, and going through the entire drive. Please note: neither is reading the FLOPPY drive as drive A:\, the floppy disk contents are shown under DIR B:\. Neither utility is able to correct the corruption either: I get an error when I try to edit it and the message I get when they try to move the damaged cluster is: "Can't move damamged damaged cluster. No space on Drive".
One other weird thing I want to mention is that MS System Information is reading my computer as "Genuine Intel, x86 Famiy 6 Model 8 Stepping 3". ?? I have no clue what that is. Dell says it's just a mistake, but both my isp's were reading it the same way.
Anyway, there are lots more details but hopefully this will suffice (it's LONG enough). My questions about all of this are:
1) What and where could this drive A:/ be? I suspect it's ROM (probably in DOS and loading into UMB with on a Windows boot)
2) If it is ROM/UMB, can I access this at all? Clear it? Replace it with a "good" root directory? Edit it with "counter" commands?
3) I read just yesterday that if your HD is FAT32 (mine is) and/or you don't uninstall Win98 with Uninstall.exe (which is the file JS Seeker destroyed, although its name had been changed), you can NEVER totally get rid of Win98. Is this true?
ANY help, advice or comments would be sooo appreciated....
Thanks in Advance,
Ellen Williamson
Visit our website regularly for FAQs,
articles, how-to's, tech tips and much more
http://freepctech.com
|