*** This event took place in 2002. The customer called me and stated that his son had been playing games online and now the computer is all sorts of messed up, he thinks it is a virus ****

I arrived to find the client’s family computer in very rough shape. This is back in the day of dial-up modems so I didn’t have to worry about isolating the computer as it is stand-alone with no internet connection. I start my work and the first thing I find is that there are at least a dozen different pieces of malware (pardon me if I slip in the word ‘virus’ every now and then, as that is what we called it back then) running amuck on the system.

If I’m not mistaken, I think I was using F-PROT by FRISK and Normal AV back in those days, but to be honest, I don’t recall and the log that I kept doesn’t annotate what I was using, just what I did. I start systematically removing them one by one and I have great success until I must have set off a trip wire or it was set off by a timer or action, but the computer suddenly without warning rebooted (twice actually)

DOS came up with no problem, and the scans there were clean. I was able to get back into Windows (we are talking the good old Windows 98SE, the SE stood for Second Edition and it was the best Windows OS Microsoft had released to that point and it was extremely stable). When I got back into the OS, I noticed that the number of malware infections was now higher than what I originally started off with, and before the reboot when I only had three more to remove why did DOS say it was clean?

That can only mean one thing, one of these pieces of malware is just spawning off infection after infection. Since there is no internet connection, this also means that it downloaded a package that had a bunch of different pieces of malware in it and it is just hiding out somewhere. This also means that they must be in the autoexec.bat or maybe in the msdos.sys or in one of the other pre-boot files. Back in this time, you booted to MS-DOS first and then to Windows. So the infection is likely in the pre-boot part of the bootup, or in the Win.ini file.

I started to dig around and found some programs being launched in the Autoexec.bat and the Win.ini, I removed them and then launched Windows again, thinking I have the upper hand and that was my mistake. Windows would not boot, in fact, it forced a reboot of the entire system. Now several hours into this exorcism, MS-DOS loaded, but Windows did not I would get so far, and then it would crash. Oh no, I forgot about DriveSpace, the tool that Microsoft packaged with DOS and it was a compression technique that would compress your data on the fly.

Alright, start the DriveSpace commands and then we will look around, but Windows still won’t start. No worries, there are ways to troubleshoot the Windows 98SE boot-up process. The next step is Safe Mode, which is a fairly new feature of Windows (first used in Windows 95). Well, hell Safe Mode won’t work either, it looks like file corruption.

Not a problem, as back in those days, you could simply copy a file from a known working Windows 98SE computer or if you were lucky enough to have flat installation CDs that had the entire file system installed on them, you can copy the file(s) that way.

Unlike Windows today, you didn’t have robust HALs (Hardware Abstraction Layer – which is software that offers a uniform interface between the underlying hardware and the higher layers of the operating system). You could actually take a hard drive from one computer and move it to another and it would work (most of the time).

So I copied the corrupted file over and restarted again, and still had the same issue. I decided to copy the entire system32 folder over and tried again. I got past that part of the corruption and then got hung up again and again and again. After a total of five different file corruptions, I decided I needed to scan the hard drive for bad sectors. Many were found and supposedly repaired.

I’m like on hour 4 now and after another reboot, I can’t find much data on the hard drive now. Something either launched and is corrupting the data or the drive is toast. I bust out my Norton Utilities and run UnErase and I’m mortified at what I’m seeing. I have huge amounts of data that are not showing as recoverable. Back in the day, Norton Utilities was pretty much the end-all be-all for at-home/office data tools to include data recovery.

At this point, I have very few options let, I’m pretty much out of the game and the computer and all of its data are gone.

I had to tuck my tail between my legs and let the customer know (who had been watching over my shoulder for much of the past 4-5 hours. Worse yet, it is my policy that if I fail, I don’t charge, so I just lost 5 hours of my life I will never get back, kind of like the customer’s data.

The customer was not upset, he was expecting the worst and well the worst is what he got.

*** For the record, he and I are still on good speaking terms and we look back and laugh at the mess his son made ***