Can I do a "post mortem" on Pent1/Win95 system?

Discussion in 'ten-forward' started by jayzzz, Jul 16, 2004.

Thread Status:
Not open for further replies.
  1. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    I've kept a computer in a closet since April of 2001 because I hoped, one day, to be able to find out what "got" it, or what it got, depending. It did some very bizarre things in its final months on-line, which isn't surprising based on all I've learned since then. I was on broadband w/o a firewall, no av, & no clue where my cookies were, never mind what they were. I'm surprised an evil site monster didn't grab me and suck my home in through the monitor screen, in retrospect.;)

    I've moved it next to another computer, so I can connect a monitor and keyboard easily, and want to boot it, if it will, and run HJT, and hopefully AdAware & Spybot S&D, from floppies or cd. Then I'll be done with it, and my curiosity will be satisfied, or I'll know it can't be.

    I'm way out of my depth with this experiment, but since the 'puter is toast the worst that can happen is I'll continue not to know.

    Is there anything about the process I'm planning that someone reading this would do differently or is risky in a way I've not considered? For example, could I destroy the "good" monitor's software or hardware by confusing it with the older machine, making it wiser to use the small monitor we keep as an emergency back-up for the experiment? Or ?

    Thanks, in advance...even if nothing contributed, you read this far, so must've been willing to advise if there was anything to be said.
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    The monitor should work. and if you want to know what got to it, running the progs you mentioned should do it if it has enough guts to run them :D ;) be sure to run a good antivirus first. If your are hesitant about putting your good monitor in jeapardy you should use your back up monitor. ;)
     
  3. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    You're joking about the AV first, aren't you? It won't be connected to any other machine...or is that another suggested diagnostic tool?

    I'm not worried about the monitor unless someone thinks I ought to be...and you didn't think so, right? mj
     
    Last edited: Jul 16, 2004
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You can remove the Hard Drive from your old system and "Slave" it off your new clean protected system and run scans that way.

    Cheers :D
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    By running an av you can check what viri might be there it will let you know what it finds. A free av will work fine in a situation such as this would not be worried about the monitor. let us know what you might find on the machine ;)
     
  6. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Blackspear, you've obviously confused me with someone who knows how to use a screwdriver inside of the box! Thanks for thinking I might know what I was doing to that extent, though...mj:cool:
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LOL Box is square or rectangle, screwdriver has round handle with flat bit on the end ;)

    :D
     
  8. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Before I can run an av, I'll need to install one. If (funny...like there's doubt) the system is unstable, won't doing the scans first be likely to net me more info prior to trying to add software (like a copy of my free AVG6) which may bring the whole thing down forever...if it's not already beyond booting?

    I'm grateful for the input, and will report back for sure, when it's done and I've found something. It was the only computer I ever saw go into sleep mode while I was typing, among other interesting tricks that began after I viewed an email w/o attachment, that left a cookie found later. Seemed SO MYSTERIOUS at the time! mj
     
  9. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    My problem would be in RECOGNIZING my hard drive, and things would go downhill from there. :D mj
     
  10. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    but look how much fun your going to have :D
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LOL, that's ok, I was in the same boat 10 years ago, now I own 2 computer shops :rolleyes:

    I would boot it up and run one of the free online scanners directly from their websites, they scan your system over the internet.

    Then try installing and using one piece of software at a time, I'd start with Spybot Search and Destroy...

    Cheers :D
     
  12. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    I'm tickled to read that my plan sounds viable. Hope to go for it tomorrow, after attempting to repair IE in a machine w/ Win98 that my husband uses, or abuses, depending on your viewpoint. Good thing he has another computer supplied by his employer to use at work.
    Just to "brag," a little: it's been nearly 8 months since I last reformatted the hard drive of my Dell 2350 w/ XPHome, and there's no sign of impending need. That's a new record for me. I've never made it longer than 6 months without screwing something up seriously.:rolleyes:
     
  13. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Sounds as if your are gaining experience ;)
     
  14. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    NO WAY is that machine going on-line! I don't believe it's still capable of that. I'm planning on doing it all from floppies or cds. mj:)
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Well done, but my theory on computers is they need a good format every 6 months or so, it's like spring cleaning but bi-annually ;)

    Cheers :D
     
  16. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    I defrag after running IndexDat Suite about once a week. If it needs spring cleaning on top of the regular maintenance...well, it would be another aspect of life that isn't fair, wouldn't it. :D I appreciate the input, though. mj
     
  17. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    jazzy..... hi...

    Your monitor sould in no way be affected, how could it... it's just something to see stuff on... any drivers, etc. associated with it are on your GOOD box.

    The only thing that may happen is it not work at all [the monitor that is], you *may* have to install drivers, etc. as I am sure that the 95 box would not hold any, unless you do get 'some sort' of image, just not displayed very good, but enough to see what you are doing... most monitors do come with CD anyway to get drivers, just they are not needed usually with XP's Plug and Play.

    oh.. don't screw with the monitors actual settings though [position, vertical, horizontal, etc. etc... as when you go back it will need to be re-tuned to suit the good box. ;)

    I personally would run SpybotSD or AdAware first, and as Blackspear said, install ONE item, scan, get result then install next....

    there would be no need to get new defs for those also, simply because if something DID get your 95 box, it's long been detected and would be in the standard defs that come with the program. ;)

    After the SSD/AdAware/HJT, I would then try install of AVG/AVAST freebies and see what happens..

    Can't wait for next installment..............LOL

    TAS
     
  18. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Thanks, TAS. Actually, I was planning on the HJT first, because I'm pretty sure I can run it from a floppy and get a log w/o an actual installation...if I remember right. Then, I'll proceed in the order you've suggested. I've got a link to a site that should help me tell the good from the bad, despite not being a skilled HJT log interpreter. If I'm able to get a log, I'll copy it onto a diskette or cd before continuing.

    I mentioned the monitor mainly as the first example I could think of to show I was wondering about potential problems I wouldn't expect to see as a result of what I did, but that someone more knowledgeable might know were possible.

    The IE repair failed to do the deed on the other computer, as I posted at https://www.wilderssecurity.com/showthread.php?t=41447, so will see in the morning whether I'm in the mood to try reinstalling Win98 (w/o reformatting, as some guest suggested) or get my little experiment done first and then go back to working on that error message problem. I'm leaning toward doing the experiments first.

    Thanks for the input, and I'll keep you informed of what I find, if it boots!
    mj/Joyce
     
  19. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Re: Help me interpret partial "post mortem" on Pent1/Win95?

    I was able to get HJT to run, after adding <<MSVBVM60.DLL>>. The lines below are the ones I think may represent undesirable things. I didn't fully understand much of what I read in the google searches, so I'm not SURE. Maybe someone who reads this will be?

    C:\COMPAQ\EASYACC\CPQBZL.EXE <<this is a running process mentioned at: << http://forums.net-integration.net/index.php?showtopic=15999>> as a hijack
    F1 - win.ini: run=hpfsched
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - Startup: Reminder-cpq40107.lnk = C:\cpqreg\pipeline\Remind32.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O13 - WWW. Prefix: http://

    Plus, I copied and pasted "WINDOWS\command.com /c rmdir" from somewhere in the log and may have found something about it, but now I'm tired and not able to find the complete line it was from.

    If anyone wants to see the entire log for curiosity's sake based on what's above, I'll post it, though most of the rest of the items mention my printer or Compaq. There are a lot of "[RunOnce... command.com]" items that refer to my printer.

    Before I can use Spybot S&D or Ad-Aware, I need to find a Win95 version of ws2_32.dll. I copied a file of that name from my XPHome when it was not going well finding one on-line, to C:\Windows\System because there is no System32 in Win95. It was accepted enough to take me further than the message that the file was missing, but then I was told I needed to update (or upgrade?) my Windows version. So I guess the file knew it came from an XP but was no longer in one.

    I'm hoping for some luck tomorrow (technically later today) with finding a Win95 version of that file. The process w/o it will be too much work "just" to satisfy intellectual curiosity. The update I'd have to do to continue with the more current version might alter what I want to see, anyhow. Those are the two scans I won't need help interpreting, which is some of their appeal. If the items I've listed above from HJT really are bad, I figure the chances of finding more bad stuff with the other scans goes up, but maybe then I'll know enough not to be that interested in seeing more.

    I tried to install a copy of AVG6, copied from my downloads folder in the Dell I use, but couldn't get it to accept the registration number to set it up in the machine with Win95. I was hoping that with no Internet connection, any properly formatted number would do, but apparently that is not the case. I can't think of a way to work around it.

    It was really pretty cool just to get HJT to run in there. The machine booted as if the last time was yesterday rather than over 3 years ago, and the clock was within a half hour of the right time and on the correct date. It WAS fun, bigc73542! :D mj
     
  20. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Re: How Weird!

    I just checked a shortcut to a Google search on my desktop to see what it was before deleting it or putting it in a folder for another day. At this point, the search leads me right back to my own post, here.:oops:

    I won't learn anything from being shown my own question AND I've never seen anything I wrote come up in a Google search before. I'm not so sure I like it!:ninja:

    WHAT was in my post to make Google include it...o_O
     

    Attached Files:

  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  22. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Re: Help me interpret partial "post mortem" on Pent1/Win95?


    It sounds like it would be fun I am glad it booted up after that amount of time. Well now you have to find something else to do a post mortem on :D ;)
     
  23. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Re: Help me interpret partial "post mortem" on Pent1/Win95?

    You wouldn't have any idea what "I" learned from this one, based on the few HJT entries included, would you? Anything you recognize as "lurking evil"?

    And thanks, Ron. That was a real eye-opener. There are a few others using 'jayzzz,' too, though not as many as I'd like to be, about now. At least Google hasn't found a way to cross-reference between my different user names (all two of them), my on-line alias that sounds like a real name, and...'nuff said, you get the idea.
     
Thread Status:
Not open for further replies.