PDA

View Full Version : Installation of Windows 98SE freezing up!



JackFoligie
04-13-2007, 05:26 PM
Good day to you

Problem: Installation of Windows 98SE freezing up!

I realise this is a long post, but better I put down everything rather than leave out something important. Please bear with me...

I recently had Windows 98SE up and running on a home PC, doing everything I needed with no problems, until it got infected by a virus/worm. As it is an older OS, I don't have an Internet connection, so it must have got in via my flash drive which I used on another machine.

Virus Behaviour:
I initially noticed a few strange folders popping up that I hadn't created. For example, a folder I'd created called "Work" would suddenly have another folder inside it, also called "Work". I would try deleting the new folder, but would be told that it was a system folder that couldn't be deleted. Right Click -> Properties then told me that the new "Work" folder was in fact a .exe file.

In a bit of a panic, I quickly installed AVG 7.5, not the most up-to-date version unfortunately, but better than nothing. AVG picked up about 36 suspicious-looking files, most of which were executible "folders", each with the same name as the respective parent folder. The first one found did not follow this pattern and was found in C:\WINDOWS\...\FONTS. Its name was something like FC3D.exe (can't remember exactly but definitely a 4 letter word, quite similar to the ones I was using at the time).

After AVG had put all the suspect files into the Virus Vault, I noticed that each infected folder (most of them on my flash) had two other files in them. Can't remember the details exactly, but I think they were called "System" and "Folder".

After manually deleting all these files, I downloaded the latest AVG 7.5 updates (binary files) from another machine. Again, I used my flash drive for this (pretty daft, I know). Unfortunately AVG on my machine at home couldn't make any sense of the binary files.

I then tried plugging in a peripheral device into COM1 (STK500 chip programmer). No problems with this in the past, but now there was nothing detected by the device's associated software (AVR Studio4). I tried COM2 and also messed around with Control Panel -> System to check Baud rates etc - still nothing.

Shutting down and restarting: suddenly machine was set to 16bit colour mode, without any higher options available. By now the 4 letter words were flying. In a fit of anger, I archived whatever I could (again onto my flash!), booted from a floppy and used fdisk on all my hard drives. (Luckily, I had reinstalled Win98SE about a month ago, so not much to lose).

I've always had a rather dodgey CD-ROM drive (yes, a CD-ROM not CD-R or CD-RW, I'm from the stone-age). I checked to see that CMOS settings were correct to boot off CD-ROM etc and attempted to reinstall Win98SE.

One of two things happened:


"Verifying DMI Pool Data..........
Boot from ATAPI CD-ROM: Failure... " (and frozen screen)


or


" Microsoft Windows 98 Setup

Formatting Hard Disk
Please wait; Setup is formatting your hard disk.

Please insert the following disk in drive E (or your CD-ROM drive):

Windows 98 Boot Disk or CD-ROM

When you are ready to continue, press ENTER

ENTER=Continue F3=Exit "


Pressing Enter displays:


" Formatting drive C:

0% of drive formatted "


which promptly dissappears to be replaced by the previous box ("Please insert ... " etc). F3 takes me to E: DOS prompt.

So now I get to thinking it's got something to do with a messed-up CD-ROM drive as well. So it's off to the shop for a nice new CD-R/CD-RW drive (LG GCE-8527B). All is well in the world (or so I think)...

Now things get a bit weird: New CD drive, original Win98SE disk, fdisk used on all 3 hard drives...

The first attempt resulted in the same thing as described above:


" Microsoft Windows 98 Setup

Formatting Hard Disk
Please wait; Setup is formatting your hard disk.

Please insert the following disk in drive E (or your CD-ROM drive):

Windows 98 Boot Disk or CD-ROM

When you are ready to continue, press ENTER

ENTER=Continue F3=Exit "


Pressing Enter displays:


" Formatting drive C:

0% of drive formatted "


which promptly dissappears to be replaced by the previous box ("Please insert ... " etc). F3 takes me to E: DOS prompt.


i.e. exactly as before. I try hitting (hammering, punching...) Ctrl-Alt-Del and I now get:


"Verifying DMI Pool Data..........
Boot from ATAPI CD-ROM: Failure... " (and frozen screen)


Shutting down and restarting, I repeatedly get stuck at this stage every time. Now I'm swearing...

The only thing I can think of is that the virus/worm somehow got into the CMOS. Is this possible? Everything else is either brand new, wiped clean or known to be working fine. If it is the CMOS, is the problem curable or is my machine on the way to the dump? (I hope not, as it usually serves my purposes perfectly).

As I said, a long post and thank you for reading this far. Any advice will be greatly appreciated. Machine specs can be posted if necessary.

Cheers,

Jack

Fruss Tray Ted
04-13-2007, 07:38 PM
Almost sounds like it is not actually booting from the cd. System specs please.

1 option:
Scanreg /restore from the Run command. Pick a date prior to the usb drive infection.

2nd option:
Use a regular floppy to fdisk and partition your drives, and also to copy the entire 98 disk onto the harddrive and then install from whichever you installed the cab files to. To be sure it is installing from the drive, you'd have the cd out of the rom drawer by then.

Make the boot floppy via the 98cd or downloading one from bootdisk.com (others may recommend fancier ones ;)) on a known uninfected pc and write protect it prior to use in the 98 machine. I keep several around at all times.

Hopefully you figure out what the infection is and cure it on the other pc as well. This may be a key in figuring out if you somehow managed to end up with a boot virus in your CMOS chip. If so, hopefully a BIOS flash will fix it, but we won't go there for now...

Ajmukon
04-13-2007, 08:05 PM
I think he formatted the hard drive, if i read his post correctly

setoguro
04-13-2007, 09:07 PM
Maybe I can add a few things to what fruss has said. You You might want to pop in an other CD-ROM (maybe barrow it for a short time from an other computer). Zero out the HDD and run a diagnostics on it to make sure it's not going bad.
Welcome to the Guide.

Relztrah
04-13-2007, 10:10 PM
Jack, do you really, really want this computer? You must or you wouldn't have gone to this much effort already. I am not nearly as knowledgeable as the other folks in this forum, but if this were my machine I would follow Fruss Tray Ted's recommendation and boot with a boot floppy in the A: drive and run fdisk. Then I would delete all partitions and recreate only one. Assuming this is an older machine, the HDD is probably rather small to begin with, so I don't see any advantage to partitioning. Then after you've deleted all partitions and recreated the primary DOS partiton, reboot and reformat. Maybe you've done this, but this will get rid of any virus on the HDD. Then as FTT mentions, copy all files from the CD to the HDD and install Windows. I'll attach instructions (which I believe I got here) if you've never done this before. But from your post it sounds like you are quite well versed in these procedures. This may not correct your problem, but at least you know you're starting with a clean slate.

I'm not familiar with a virus in the CMOS and I can't respond to that.

Welcome to the PC Guide Discussion Forums. There are many helpful and very experienced PC users here who have led me out of many hopeless situations.


Relztrah

Paul Komski
04-13-2007, 10:37 PM
Maybe you've done this, but this will get rid of any virus on the HDDNothing has yet been done to rid the system of a boot sector virus. They are best removed (setoguro's suggestion) by wiping/zeroing the drive (the drive maker's utilities would do this for you) although fdisk /mbr from an MSDOS boot floppy or a bootable installation CD could also do the trick. Make sure any boot floppies are only prepared on a known clean machine and write protected before inserting them into this computer.


fdisk used on all 3 hard drivesPresumably this meant "deleted 3 partitions on one physical drive" though it could mean something else.

When there are problems installing from a CD I usually suggest copying the Win98 folder from the CD to a formatted partition on the hard drive and then running setup from within that win98 folder. This also has the advantage later on that you are never prompted for the CD when you make changes to Windows.

I concur with others who suggest preparing the drive from a boot floppy, which takes the CD or CDDrive out of the equation for troubleshooting purposes.

CMOS viruses do occur but are extremely rare. I would maybe try a new CMOS battery just for stability's sake and if you get the drive maker's diagnostics it would be worth testing the integrity of the HDD itself. How big is the HDD?

JackFoligie
04-14-2007, 06:00 AM
Greetings to you all

Thanks for the replies. It's great to have a place which allows for such interaction.

I've used fdisk on all three separate hard drives (see specs below). All partitions are gone, finito, completely blank (at least I assume fdisk does that... boot sector? Not sure).

My CD-R/CD-RW drive (LG) is brand new, bought yesterday.

I tried booting Puppy Linux 2.12 from CD this morning, just to see what would happen. To my great joy, it started booting with no problem! I aborted the install, as I've heard it's easier to start with installing Windows 98SE, then add another OS afterwards for dual-boot, as opposed to the other way around.

When trying to boot again from my Win98SE disk, same story (... CD: Failed ...) as expected.

But now, if I try the Puppy 2.12 CD again, it fails as well! This machine's alive or something! Ghosties abound!

Regarding whether I really want the machine or not, a good point to consider...

It was originally given to me for free as is, with old Pentium Celeron CPU, 32 MB RAM, tiny hard drive etc, and I've gradually built it up into a machine with the following specs:

Pentium III (450 MHz)
6.8 GB hard drive (Primary Master)
6.8 GB hard drive (Primary Slave)
10 GB hard drive (Secondary Master)
128 MB SDRAM
Creative Sound Blaster Live! Platinum soundcard (a nice piece of gear that does exactly what I need)
LG CD-R/CD-RW (which I bought yesterday)

It still has the original motherboard (GA-6VXE+ F3).

The thing is that it really does most of what I need (MIDI/music and microcontroller programming, as well as basic word processing, spread sheets etc) and it usually runs like a dream. It's also a machine that I'm not afraid to pull apart and learn from, which is an ongoing process. I still have to learn about registry settings and interrupts etc.

Anyway, thanks again for all the replies. I'll have to wait until tomorrow to check out all the advice that has been given above, and I'll post further details when I get a chance. Gotta run and as usual I'm late.

Many thanks

Jack

Paul Komski
04-14-2007, 06:24 AM
You can use fdisk to delete partitions if you choose the delete option of course. Deleting the partitions (done by zeroing the partition tables) does not however clear the mbr (where BS viruses live) and for that you must use fdisk /mbr or write zeros to the whole of the mbr. Zeroing the drives is preferable but if you use fdisk /mbr then do it to each individual drive attached on its own to the PC. I would recommend BiNG or GParted to do your partition manipulation particularly since if you use the CD versions there is no danger of transmitting any boot sector viruses to them. I would also consider just having one HDD connected until you get Win98 installed to it - just to simplify things.

You might also like to try SBM (also in my sig) to see if that produces a more consistent way of booting to your CDs. Using the self-extractor will overwrite any viruses that might be on the floppy. As before, if using floppies, prepare them on a new clean machine and then write protect them if there is any likelihood of a boot sector virus persisting on any of the hard drives. This would mean that SBM would not be able to save any changes to configurations it finds but boot sector viruses can jump from drive to drive with great ease.

PS
Double-check the cables and connections (power and data) to the CDDrive and consider using a new cable. Cutting down on the number of HDDs attached also will help ensure that the remaining drives do get enough power from the PSU.

Ajmukon
04-14-2007, 01:22 PM
Foliage- i feel for ya man
our old WIN ME computer- similar specs to yours- had 1,000 MBR viruses and like 100 of what the Tech guy called "SUPER VIRUSES", 300 Trojans, and he stopped counting after these numbers
The way we ended up fixing this was to send the PC to a tech repair center
which would cost the same amount as a brand new computer, a cheap computer
the only reason we did it was because the computer was at the time, a 1500 computer

Fruss Tray Ted
04-14-2007, 04:02 PM
Aj,
The way I saw it, he tried to format but it stalled out at 0%

Windows 98 booted to the install cd would be a bit confused with so many hard drives kicking around imo.

If this is a pc to learn on, you may as well start from scratch and methodically work your way up. First, use the hard drive manufacturer's utilities to test the drives using a floppy with their programs loaded onto it. At the same time, use their utilities to create partitions and format them as well. After that, I would test your memory sticks with Memtest86, also to floppy.

It has been mentioned that the PSU may be stretched thin with so many drives and video card, as well as whatever else may be attached if anything like a sound card etc. So disconnecting one or more drives may stabilize it somewhat if problems persist. That or get another PSU. The CMOS battery is also a good idea, said above.

Ajmukon
04-14-2007, 04:56 PM
the way i read it... was that he fdisk-ed everything and then tried to reinstall windows, i am under the assumption that fdisk formats the HD, so he already formated the HD, but windows formater did not work, for some reason

classicsoftware
04-14-2007, 08:27 PM
i am under the assumption that fdisk formats the HD, so he already formated the HD, but windows formater did not work, for some reason

Fdisk, does NOT format the hard drive, it just creates and deletes partitions on the drive. Only the format command can format a partition of a drive.

Paul Komski
04-14-2007, 08:58 PM
similar specs to yours- had 1,000 MBR viruses
Ajmukon - I'm afraid you are stretching yourself once again. As well as not understanding what fdisk does you might also like to learn that there is only one MBR on a hard drive and so it can only have one MBR (aka a boot sector) virus infection - MAXIMUM. Please restrict yourself to offering advice on subjects that you do understand.

It may well be that there is no Boot Sector Virus on this PC but it does no harm to proceed on that assumption. The biggest problem seems to be an intermittent ability to boot to and use the CDDrive; even the new replacement CDDrive.

So at the expense of being repetitive, I would reiterate to use just one hard drive and use its maker's diagnostics to first test and then zero it. Then boot to a clean floppy and see if you can partition and format the HDD without using the CDDrive at all. If you also set the partition as active and sys it from the floppy you should also then be able to see if you can boot to a C: prompt on the hard drive.

Then put in the CDROM and run setup from the floppy.

Ajmukon
04-14-2007, 10:51 PM
Ajmukon - I'm afraid you are stretching yourself once again. As well as not understanding what fdisk does you might also like to learn that there is only one MBR on a hard drive and so it can only have one MBR (aka a boot sector) virus infection - MAXIMUM. Please restrict yourself to offering advice on subjects that you do understand.


And i will tell you exactly what the tech guy said, and he managed to fix the problem
HE said quote "You had 1000 viruses, most of them being MBR viruses"
I know for a fact that we had one that prevented windows from starting up, login, BIOS from running, and several that targeted our Anti-virus system.
AND his symptoms match mine almost exactly. While we were infected, we could NOT boot to the Disk AT ALL- no matter what i did, but sometimes it worked- we just had to try several times (restart about 3 times and it would work, but not for very long)

@Komski: i thought fdisk formated the drive, apparently i am wrong, i apologize. I was simply offering an alternate solution and or cause of the problem

Paul Komski
04-15-2007, 04:27 AM
Ajmukon - you are very welcome here but please expect criticism from me or others if you post bad or wrong advice, whether or not it comes from a "tech guy". Not all "tech guys" are particularly good and some are particularly full of B***S**t. Wiping a drive also costs nothing so paying thousands to repair your system is completely OTT. Data recovery would be a different kettle of fish of course.

Ajmukon
04-15-2007, 11:28 AM
@Komski: That is what we paid for, DATA recovery and get the problem to work- at the time the computer was worth 1,500 and the fix cost us around 200 (Including A new Anti-Virus, and an upgrade to XP- the guy could not get ME to work again)
I know that i will receive criticism for bad/ wrong advice, but i tend to be a very trusting person, and will believe what someone, who somehow got my computer to work, will tell me what was wrong with it

@foliage: since your symptoms are nearly identical (remember- i had a lot more problems) to the symptoms i experienced, the way the guy fixed this was to NOT to erase the HD, but use command line codes to "delete" the viruses- but even then, the computer would not start ME- the OS was to trashed by the viruses (according to the tech guy) and he offered to upgrade the PC to XP at a discount, so we took the upgrade

Paul Komski
04-15-2007, 02:20 PM
use command line codes to "delete" the viruses
The command line is quite straightforward to remove a boot sector virus from the MBR; it is fdisk /mbr, which rewrites standard MBR code to the first 446 of the 512 bytes of the MBR. If the virus has also changed the magic number at the end of the sector then the partition tables (bytes 446 to 509 inclusive) will be zeroed by fdisk.

Some BSVs also infect Partition boot sectors and that requires running fixboot X: (where X is the drive in question) from a recovery console or "sys"ing the relevant partitions from MSDOS. BSVs were very common in the legacy days before CDROMs but with the distribution of most installers on CDs or from the internet they have rather faded into the background.

An example of a BSV is polyboot.b (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=POLYBOOT-B) and though often very mischievous their payloads are usually not all that destructive unlike chernobyl (http://www.symantec.com/avcenter/kill_cih.html) which is incredibly destructive and can infect the BIOS. Chernobyl however does not infect NT-based systems and is not a BSV though it does overwrite the MBR as part of its payload.

Since BSVs have code that is stored outside the sector itself only wiping the drive is a sure way of removing that code - though the techniques already outlined will normally break the linkage between the viral code on the sector and where it continues elsewhere on the drive.

JackFoligie
04-15-2007, 05:05 PM
Thanks everyone. I assure you, this is a great way to learn about the inner workings of a computer. It's also a lot of fun.

Fruss Tray Ted:


Windows 98 booted to the install cd would be a bit confused with so many hard drives kicking around imo.

Good idea. I'll try working with each HDD separately.


First, use the hard drive manufacturer's utilities to test the drives using a floppy with their programs loaded onto it. At the same time, use their utilities to create partitions and format them as well.

Still need to get hold of these. The three drives were all about 3rd hand, without any accompanying software to speak of. When I get some time, I'll look around and try downloading the relevant utilities.


After that, I would test your memory sticks with Memtest86, also to floppy.

Can viruses mess up memory or would this be an unrelated fault? Being RAM, I would imagine that it would be completely immune to virus activity.


the PSU may be stretched thin with so many drives and video card, as well as whatever else may be attached if anything like a sound card etc. So disconnecting one or more drives may stabilize it somewhat if problems persist. That or get another PSU. The CMOS battery is also a good idea, said above.

I realise I've kind of gone overboard on the hard drive front, especially considering that I'm nowhere near to filling up even the first drive! It's just that recording analog sound gobbles up HD space like nobody's business, which why I went a bit nuts. As suggested above, I'll connect and set up each HD separately, then run on one (perhaps two) and only connect the third as and when I need extra achiving space.

Thanks, Paul. I'll start with trying fdisk /mbr and BiNG looks promising. The info on viruses in general is also very interesting.

Thanks for the fdisk, format, install.txt file, Relztrah. Very useful.

Ajmukon, it's good to hear your comments. I don't think I'll give up on my machine just yet.

I don't have internet at home, so it's sometimes a few days before I get to check up on posts etc. Heavy week at work as well, so may even have to wait until after next weekend to really get down to it. I'll post the results as and when I get a chance. Thanks again for all your help and wish me luck.

Over&out

Jack

JackFoligie
04-17-2007, 09:37 AM
Greetings all

Progress so far:

I took out all 3 drives and re-inserted the 10GB drive, set up as Primary Master. From Win98SE boot floppy, fdisk /mbr seems to have done the trick. It may also be that this drive wasn't infected in the first place and with the other two gone, all is well. Either way, I managed to reinstall Win98SE with no hitches.

There are still a few strange things going on, though. Neither of my USB 2.0 ports (for which I have the relevant drivers installed, for my specific flash drive) are working, with which I had no problems before the whole virus issue. I've checked the flash drive on a reliable machine running a newly updated version of F-Secure antivirus; no viruses and the drive works, no problem.

Also, the new single hard drive is no longer delected on the initial startup screen. All 3 drives used to show up a few seconds after the initial memory test. This is not a huge issue as after this, it is picked up (on the following screen that looks kind of like a big table in command line text format). Once Win98SE gets going the drive is detected, so no real problems there, just a bit odd.

I've yet to check if the COM ports are still out of action (the problem which initially lead me to notice strange activity due to the virus).

One of the things I did, before trying the fdisk /mbr approach, was to reset the CMOS settings to their default settings, in the hope that this might just sort the issues discussed in previoys posts. Perhaps this has some effect on USB and drive settings? Anyway, I'll keep trying...

Other than that, I've re-installed most of the software I need for now and the machine is running as well as ever. The new CD-R/CD-RW drive runs like a train compared with what I had previously. What a pleasure! Many thanks for your help.

Jack

Paul Komski
04-17-2007, 09:41 AM
reset the CMOS settings to their default settingsThat could be why you are getting different BIOS dialogs during startup since you may have changed any quick boot options in the process. You may also have disabled the USB ports (? the COM port also) - another thing to check in the BIOS setup.

Ajmukon
04-17-2007, 08:36 PM
Good ta hear that you managed to get it fixed!- i would have given up long ago
I agree with Komski: check you BIOS settings first
if that is not the problem (ie, they are enabled); are there any "yellow" marks in the Device Manger?

classicsoftware
04-18-2007, 12:31 AM
After you get all of your ports set up and working, please add the hard drives back one at a time and wait several days in between adding. Let us know if any problems re-occur. You may have just over-taxed the power supply and that can cause all kinds of hardware problems.

JackFoligie
04-19-2007, 06:28 AM
Well, it looks as if all is well in PC land at long last!

Not only that, but I've managed to get hold of a nice little 4-port USB hub, which is working perfectly as well. As expected, I'd disabled the USB bus settings when resetting the CMOS settings to "Default". It was somewhere under "Peripheral Devices" or something. There was a bit of a hiccup when restarting Windows i.e. I was asked for the Win98SE disk, and was then told that a particular file could not be found. Undaunted, I tried again and was rewarded or my efforts; SUCCESS!!

I haven't had a chance to check the COM ports as yet, but I'm hoping for success on that front as well.

Regarding the hard drives, I'll try fdisk /mbr on the each (connected separately and using a write-protected floppy, to prevent any possible virus gymnastics). Then, as suggested, I'll add them back one by one to see if it has any adverse effect on the power supply.

Cheers and May The Force Be With You!