Long story short,step son loaded a bunch of virus's on my computer, thought i cleaned them all but then slowly things started going wrong. First couldn't get online now I can't even get booted up. Can't even get into safe mode. Anything I can try???

Can you get yourself a set of Norton AntiVirus emergency rescue diskettes or similar - McAffee - AVG, etc.)?

Make sure they are write-protected (you can see thru the square hole after you slide the tab down) - boot from them and run the virus scanner...

Which OS and which format are the partitions. If they are FAT then you could try one of the DOS a/v scanners from http://www.pcguide.com/vb/showthread.php?t=15179 but I'd have my doubts that they will be all that successful.

If you are running Win2K/XP (especially under NTFS) then a repair installation might work long enough to get your system cleaned up.

It sounds like much more malware than just viruses has got on board and the inability to even boot to safe mode is bad news.

So what are your priorities - to retrieve data, to repair stuff or to do a clean reinstallation/restore.

My priority is to save data, I could care less about the rest of it, once I save the data, I'll just buy whatever I need to. I did get a new message now when I try to boot up, once it goes through the Windows 98 screen it gives me:EMM386 has detected an error #(with a little triangle)4 in an application at memory address 0000:03BA. To minimize the chance of data loss, EMM386 has halted your computer. Then it says to check my documentation and hit enter to restart...... Any ideas on what I can try???

If EMM386.EXE locks up the computer, follow these troubleshooting steps:

1. If the DEVICE=EMM386.EXE in the CONFIG.SYS file contains the HIGHSCAN parameter, remove HIGHSCAN from the command, save the CONFIG.SYS file, and restart your computer. (HIGHSCAN cannot be used on some computers.)

2. Start EMM386.EXE with the exclude option.

EMM386.EXE may have incorrectly identified an area being used by the system as a "hole" (a region that can be used as a UMB or an EMS page frame). As a result, EMM386.EXE overwrites a portion of memory that is used by a hardware adapter in your computer.

By excluding addresses in the range A000-EFFF, EMM386.EXE does not use any part of the excluded region for a UMB or EMS page frame. Identifying the correct region(s) to exclude requires experimentation. Start by excluding a large region and then reducing the size of the region. For example:

DEVICE=EMM386.EXE NOEMS X=A000-EFFF

DEVICE=EMM386.EXE NOEMS X=C000-DFFF

DEVICE=EMM386.EXE NOEMS X=C800-CFFF

You can use multiple exclusions on the EMM386.EXE device line. For example:

DEVICE=EMM386.EXE NOEMS X=C000-C7FF X=E000-EFFF

Refer to the documentation included with your hardware device(s) for information on the upper memory addresses the adapter card uses. Examples of devices that use upper memory addresses include network cards, SCSI adapters, video cards and scanners.

3. If your computer has a SCSI disk controller and requires a device driver for the SCSI adapter, be sure the DEVICE= line for the SCSI driver appears before the DEVICE=EMM386.EXE line. Examples of SCSI device drivers include ASPI4DOS.SYS and USPI14.SYS.

4. If you are experiencing problems with the computer hanging, try loading the SMARTDrive double buffer driver.

NOTE: The SMARTDrive double buffer driver line should appear before the DEVICE=EMM386.EXE line in the CONFIG.SYS file.

Don't know if this will help but worth a go

You may also want to look at this sounds like it is a Overflow interrupt scroll to bottom of page for a work around
http://64.233.161.104/search?q=cache:9y4k9xk3aP8J:www.kisser.net.au/tontodan/Emm386.html+EMM386+has+detected+an+error+%234&hl=en

*****BEGIN HIJACK OF THREAD*****

Hey Yoda! Nice to see you! ;)


*****END THREAD HIJACKING*****


(Ok, carry on) :p

If the priority is to reclaim data then I would suggest that you stop booting up to this HDD. Each boot-up increases the likelihood of a virus activating more, or worse and worse, payloads and so the risk of losing data increases.

IMHO, the best way of retrieving data would be to slave the drive to a working system and simply copy and paste your data files onto something like a USB pen drive or burn them to a CD. Then scan those files with an up-to-date antivirus before re-using them. As long as nothing is run or opened on the slave drive then the only real risk of infecting the working system is a boot-sector virus, which though possible, is relatively unlikely these days, whence most infections get in via a network/internet and not via a floppy diskette.

If this were me I would attach a new hdd on its own and install an operating system onto it. Then having installed a decent antivirus (AND UPDATED IT) I would attach the problem drive as a slave and recover data from it. You are likely to get it all back simply without running any specialist recovery programs but such problems can be bridged later. You could then wipe the problem drive clean and use it as a useful second HDD.

You could of course take the hdd out and bring it to someone else's computer to do this and there are a variety of "Emergency CDs" that could access your system and save the data that way. You could even burn an image file of the drive to CD's using a program like Drive Image from floppy diskettes and then clean up your hard drive and do a clean reinstallation and then later restore your data files from the image file on the CD(s).

So many different approaches should work. Post back for further clarification and others may have other suggestions as well. It may of course be possible to fix your current system but that is not going to be easy from DOS when you cant get into windows.

Two final thoughts. (1) If there are only a few small files that you want to retrieve then they could probably be copied to a floppy from a dos prompt and then do a clean installation. (2) If there is enough space on you current drive (1.5 to 2 GB or so) you could do a parallel/additional installation of Win2K/XP onto the HDD. You could then boot into this new installation and access your files that way before deleting all the old files and cleaning things up.

I appreciate all of the responses, but most of the info is greek to me.Can someone give me some step by steps to try. The only screen I can get to is where it asks me how I want to boot up, like Safe Mode, Step by Step etc.....(safe mode does not work).

If the data involved is very valuable then I suggest taking the box to someone who can help you retrieve that data (which is likely to be recoverable). If you want to tackle this yourself then the easiest way, IMHO, is going to be to first install a new hard drive and get it working. Once you have got hold of a hard drive we can help you to install it (step by step) and guide you on from that point on. The second stage would be to add your current hard drive (as a slave to the newly installed one) and access your data that way.

The basic problem is getting access to a system that is keeping you out without being destructive to the data inside it. There are other ways of "skinning this particular cat" but they are either more difficult technically or more likely to cause you to lose data.

If you decided to lose all the data it would be relatively easy to show you how to get your system back with a clean/restore installation.

****Hijack thread 2****

YODA! This is the second post I've seen of yours lately! So good to see you! :D Hope you stick around for awhile, I'll treat you to a few of your choice beverages in the After Hours Club anytime! Just stop on by! We'll have one to the good times or complain about how bad things are nowadays, whatever, just hold still for a minute and say hello!

****/Hijack thread 2****

Shelley,
We could prescribe a more precise fix for your infected pc if we knew just what it is comprised of and what you have with it. Is it a prebuilt or something like a Dell? Do you have the Windows cd and other softwares or just some recovery cd? Do you have a cd burner and just how many megabytes will you need to save?

Favorites/Bookmarks fit on floppies quite easily but documents (esp Powerpoint), picture, video and music files take m-u-c-h more space. You'd need a ZIP drive at least but a dvd burner would make things much simpler.

As stated above, another harddrive is probably the best way to go if you have the proper software to do it. We don't recommend a reinstall often but it may be neccessary at this point.

If you don't have the needed softwares, Yoda's (greek to me too BTW) fix may be the only way for the time being. I think he can look at a single bolt and tell you the make, model, year and color of the car it came from or belongs to!!! Oh, and what's wrong with it too... :p

Have been looking at an alternative way to get at your data using imaging software that can be downloaded and used on trial.

Download BootIt-NG from http://www.terabyteunlimited.com/bootitng.html
Download TBIView from http://www.terabyteunlimited.com/utilities.html#tbiview

Have a formatted floppy diskette and enough blank CDR's to hold the contents of your partition.

To create the BING floppy diskette:-
1 Uncompress the contents of BootItNG.zip to its own folder on your hard disk, and then
locate (or change to) that folder.
2 Run the BootItNG.exe file.
3 Accept the license agreement, select the appropriate build option from the menu, and then press Enter.
4 Insert the floppy disk in the drive, and then press Enter. After about 1 minute, a message indicates whether or not the boot disk was created. (If the disk was bad, inset a new disk into the drive, and then press Enter.)

Boot to this floppy and you can choose to install onto the HDD or exit setup and just run the maintenance from the floppy. Whichever one you do, go into maintenance, find your partition and click on image. Move to and select the CD writer and click the paste button. Follow the prompts, inserting any blank CDs etc as requested until the image has been made.

Take the CDs to another computer onto which you should then install TBIView. This program means that you will be able to explore the image file created on the CDs by using Windows Explorer and simply extract the data files that you wish to recover to wherever you want them. With multiple CDs there will be a bit of swapping of disks until all of them have been reassembled on the PC. Scan the extracted files with an antivirus.

Now when you have your data safely backed up you can either experiment with trying to restore you original system or just wipe it clean and reinstall your OS.

It's over to you now - just hope that gives you an alternative approach.