I'm dying to follow this thread. I mean, how can a HD get formatted, have
the OS reinstalled (clean) and still have the registry altered? I don't
know but I look forward to hearing some more educated prognoses.
Brian
<<< you wrote... >>>
Subject: [PCBUILD] Editing/clearing Rom (UMB?)?
I'm hoping someone out there can help me with a problem I've had since
August. I'm still not back online with this computer and I'm about ready to
throw it out the window.
I'll try and make this as brief as possible, but there are 6 months of info
to cull through so please bear with me.
I have a Dell Dimension 4100 / Pentium III 866 Mhz / 20.4 Gb HD / 128 Mb RAM
/ Win98SE (OEM, factory loaded) / dial-up internet at the time, on a 2nd
phone line so always plugged in. It's a stand alone computer and I'm the
only user.
I'd had AOL connection problems and Norton AV had found and removed JS
Seeker (similar to William Closure's problem) right before I - quite
accidentally - discovered I'd been hacked in August. The registry, and all
my files (personal as well as system) had been ransacked and changed around.
They had hacked into my AOL connection, and because of this, other files I
found, and strange things happening online, I suspect my computer had been
made into some sort of server on their network.
I tried fdisking, formatting & flashing my bios, but all the "altered"
registry and system files came back with the Windows reinstall. Manually
editing the registy didn't work either - as soon as I rebooted, the changes
I'd made were gone. (In the registry, in a file named "Unmoveable files" I
found 5 files, including GoBack.IO (which might explain why my changes don't
stick) and Bootlok.lk).
I changed ISP's and installed Norton Securities, but the MINUTE I got back
online I was hit with 3 netbus attempts. Norton says this doesn't mean it
was a trojan attempt, that it coud just be someone on your network trying to
gain access to your computer. But I'm not on network! And when I got
offline soon after, I discovered new .cab files had been added to my Windows
folder despite m firewall (another reason I suspect I'm on their network).
I did find something concrete recently though: with no OS installed and
booting into DOS with a "good" Win98 bootdisk, both Norton Disk Doctor and
Scandisk tell me drive A:\ root directory is corrupted, starting with
cluster 2, IO.SYS, and going through the entire drive. Please note: neither
is reading the FLOPPY drive as drive A:\, the floppy disk contents are shown
under DIR B:\. Neither utility is able to correct the corruption either: I
get an error when I try to edit it and the message I get when they try to
move the damaged cluster is: "Can't move damamged damaged cluster. No space
on Drive".
One other weird thing I want to mention is that MS System Information is
reading my computer as "Genuine Intel, x86 Famiy 6 Model 8 Stepping 3". ?? I
have no clue what that is. Dell says it's just a mistake, but both my isp's
were reading it the same way.
Anyway, there are lots more details but hopefully this will suffice (it's
LONG enough). My questions about all of this are:
1) What and where could this drive A:/ be? I suspect it's ROM (probably in
DOS and loading into UMB with on a Windows boot)
2) If it is ROM/UMB, can I access this at all? Clear it? Replace it with a
"good" root directory? Edit it with "counter" commands?
3) I read just yesterday that if your HD is FAT32 (mine is) and/or you don't
uninstall Win98 with Uninstall.exe (which is the file JS Seeker destroyed,
although its name had been changed), you can NEVER totally get rid of Win98.
Is this true?
ANY help, advice or comments would be sooo appreciated....
Thanks in Advance,
Ellen Williamson
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.307 / Virus Database: 168 - Release Date: 12/11/01
Visit our website regularly for FAQs,
articles, how-to's, tech tips and much more
http://freepctech.com
|
