My computer just blew up! Well, not really. Here's the scenario as best as can be described. It's by only sheer luck that I am connected to the Internet right now.

Okay...

I had 2 viruses a few weeks ago. I was stupid and got them through an email. I know one of them was the Klez virus, the other one, I'm not sure. I did a virus scan and they're gone...that I'm almost positive of. Thing is, they infected a couple files that I had to delete to get rid of the virus. I did that and my computer still seemed to run fine with no problems. One thing that did get messed up was my EZ CD creator plus burning software. So I had to reinstall it. When I finished, I had to reboot for the changes to take effect. The computer wouldn't reboot so I had to give it the three finger salute.

It was then my troubles arose.

I got to see my bios start up screen. Then my Windows splash. Then a black screen with this message,

"While initializing device IOS:
Windows protection error. You need to restart your computer."

Huh?

So I restarted. Then I got the screen where you have 7 choices. I can't remember them all but; 1.Normal, 3. Safe mode...and some others.

So I went into safe mode to see if there were any conflicts in my device manager. Everything is fine. I tried to scanreg/ restore at a C: prompt. Even THAT wouldn't work.

Somehow, I don't know how, I am able to connect to the 'net. Thing is, it's like EVERYTHING on my computer doesn't work. I try to click a shortcut for a program I know was installed and I always get a message that the program isn't installed. Even my sound card/video card drivers are no longer installed. It's like I'm in safe mode, but I don't see the words "safe mode" in the corners of my desktop. I can't get more than 256 colors/640x480 resolution either.

I did another virus scan. No virus. I went to run and typed sfc. My files seem to be in apple pie order.

So...what happened? What can I do to fix the situation? Sounds to me like I have to *groan* reformat.

If I have to reformat, can I reformat my C drive only? I have a 40 gig partitioned into 2 sectors. My D drive only has games installed on it...that's it. My C has everything else. Is it possible to just format C, reinstall Windows/Drivers/etc. and have everything (including my games) working properly? Or do I have to do a complete reformat?

GOD! SOMEONE HELP ME! ACK!


------------------
And all you touch and all you see, is all your life will ever be.

-Pink Floyd

OK, if you are sure you are clean then you can try and see if it is just the shortcuts that are damaged or if it is a little more serious. If it is the shortcuts, you can rebuild all your menus, desktop etc...but you really have to be sure you are clean, and I am not sure that you are. Try an online scan if it will let you...klez has the ability to defete AV apps. The other unknown one...who knows.

If you are even slightly unsure about being clean then create a boot disk on a known clean machine, write protect it, and use it to boot from. And then begin the wipe process (format both partitions because klez will drop files anywhere, not just the C: partition), a good idea would be to have the driver manufacturers utilities handy (for the zero-fill program, or grab a generic one called wipe), then use fdisk to remove/rebuild you partitions, format and reinstall........everything.

Oh one other thing, I would seriously consider unplugging the modem cable until you have things straightened out...it seems kind of strange that practically nothing other than the internet connection is working.



------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Hello kayden azagthoth

Go look at the question by vamp a few down from this question by you.
He has a very similar problem so you should share your experiences and the solution if/when it comes.

QUOTE
BOOTLOG.TXT: The Startup Process Log
------------------------------------

The BOOTLOG.TXT file contains a record of the current startup process for starting Windows 95.
When you use the F8 option for interactive system startup, you can choose to create a boot log during system startup.
The information in BOOTLOG.TXT is written in sequence during startup, in roughly five major sections. Depending upon a specific error condition, you might need to examine multiple sections. Notice, however, that a loadfailed= entry means only that the related VxD refused to load. For example, loadfailed=ebios indicates that the EBIOS driver did not detect EBIOS in the computer and so reported that it should not be loaded.

BOOTLOG.TXT Sections for Determining Errors
Section and errors Corrective action
-------------------------------------------
Device initialization of VxDs:
Verify that the section contains entries such as:
deviceinit=ios
deviceinitsuccess=ios

Successful VxD initialization:
Verify that the section contains entries such as:
initcomplete=ios
initcompletesuccess=ios

The following table shows the kinds of entries in BOOTLOG.TXT to examine for information about the system startup process.

BOOTLOG.TXT entry Description
-----------------------------------
Error Errors that were logged during startup
Fail Failures that occurred during startup
LoadFailed Indication that component failed to load


I/O [Input/Output] Supervisor [IOS(=Ios.vxd?)] and Driver Loading
-----------------------------------------------------------------
The I/O Supervisor is a required system VxD that carries out all control and management tasks for the protected-mode file system and block device drivers in Windows 95. The I/O Supervisor loads and initializes protected-mode device drivers and provides services needed for I/O operations.

Windows 95 loads and initializes the I/O Supervisor as specified in a device= entry in SYSTEM.INI.
[in Win98 this is done by a setting in the Registry at "HKey_Local_Machine\System\Current Control Set\Services\VXD\IOS"]
clients and virtual device drivers can call services in the I/O Supervisor to register and carry out tasks.
I/O Supervisor loads a specific port or miniport driver only if Configuration Manager requests that the driver be loaded after hardware detection locates an adapter.

Hard disk device drivers cause the computer to stall.
-----------------------------------------------------
The I/O Supervisor, which loads hard disk (block) device drivers, requires the driver’s files (having filename extensions .PDR, .MPD, .VXD, and .386) to be located in the SYSTEM\IOSUBSYS subdirectory of the Windows directory.
If the computer locks up during startup or hardware detection, try the following:

·Check for Windows NT miniport drivers (.SYS files in the IOSUBSYS directory). These drivers detect the I/O ports and might cause the computer to stop. Replace the Windows NT driver with either a Windows 95 miniport or a real-mode driver.
·Check the IOS.INI file for real-mode drivers not replaced by protected-mode drivers.
·When loading protected-mode drivers, the real-mode driver generally remains loaded in memory even though the protected-mode driver “takes over.” If you suspect a conflict, type rem at the beginning of the line in CONFIG.SYS that calls the real-mode driver.
END OF QUOTE

Does this give you some idea of how complex this situation can be?

The Input/Output Supervisor seems to be responsible for loading and initialising all drivers necessary for input/output operations and it's activities during the boot process is one of the things recorded in the "Bootlog.txt" file.

The big question is:
WHY IS THE IOS INITIALISATION OF INPUT/OUTPUT DRIVERS FAILING?

and then:
HOW DO WE PUT IT RIGHT?

Does anyone out there know?

sylvander,

I had 2 viruses a few weeks ago. I was stupid and got them through an email. I know one of them was the Klez virus, the other one, I'm not sure.

That is the key to this particular problem...one at a time is bad enough to properly clean and restore...two at once, yes it can be done, but you are looking at many hours of work...it may just be a more effective use of your time to scrap the current install and start over...

Here is just a little bit of what this one can do...


# the worm has the ability to spoof the From: field (often set to an address found on the victim machine).
# the worm attempts to unload several processes (antivirus programs) from memory. Including those containing the following strings:

* _AVP32
* _AVPCC

The worm is able to propagate over the network by copying itself to network shares...

The worm may also copy itself into RAR archives, for example:




If the other one he had happend to be more destructive (like actually eats exes for breakfast) the the chance of a complete clean/recovery is slim to none....

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.