Can you boot to DOS from a floppy or CD in XP?

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Over the weekend, I was Googling, and ended up going to some web
site that installed some bad stuff on my 98SE system. It not only
made changes to the registry, but replaced my original Scanregw.exe
with its own version, deleted my Hosts file, installed new
Favorites, and some other stuff. Generally, it just took over, and
everything I deleted was replaced on the next boot.

I was able to fix this by booting into DOS from a floppy disk,
deleting the new scanregw.exe, and copying over the corrupted
registry files with backup versions. After that, and a little
further housekeeping on reboot, everything was fine (according to
F-prot and Spybot).

But it occurred to me that if I upgrade to XP, I may not be able to
go in and fix things like this. Even if I keep the FAT-32 format on
my drives, is it possible to avoid accessing the C drive during
boot, perhaps by booting from a CD? My understanding is that only
the DOS window (from Windows) is available from XP, which of course
wouldn't help at all.

And yes, I know I should be running a virus checker and a
spyware/adware checker in real time, not to mention a firewall, but
I'm running a Celeron 500, and it's already slow enough. So that's
why. But I probably should upgrade to IE6.

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

How To Create a Boot Disk for an NTFS or FAT Partition in Windows XP:
http://support.microsoft.com/?kbid=305595

How to obtain Windows XP Setup boot disks:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q310994

IE6 SP1 is considered a Critical Update for Win98: http://snipurl.com/4bgz
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security


Peabody wrote:
> Over the weekend, I was Googling, and ended up going to some web
> site that installed some bad stuff on my 98SE system. It not only
> made changes to the registry, but replaced my original Scanregw.exe
> with its own version, deleted my Hosts file, installed new
> Favorites, and some other stuff. Generally, it just took over, and
> everything I deleted was replaced on the next boot.
>
> I was able to fix this by booting into DOS from a floppy disk,
> deleting the new scanregw.exe, and copying over the corrupted
> registry files with backup versions. After that, and a little
> further housekeeping on reboot, everything was fine (according to
> F-prot and Spybot).
>
> But it occurred to me that if I upgrade to XP, I may not be able to
> go in and fix things like this. Even if I keep the FAT-32 format on
> my drives, is it possible to avoid accessing the C drive during
> boot, perhaps by booting from a CD? My understanding is that only
> the DOS window (from Windows) is available from XP, which of course
> wouldn't help at all.
>
> And yes, I know I should be running a virus checker and a
> spyware/adware checker in real time, not to mention a firewall, but
> I'm running a Celeron 500, and it's already slow enough. So that's
> why. But I probably should upgrade to IE6.

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

If you keep Fat32 when you install XP then you can still boot using a
DOS/Win98BootDisk and access files and folders on the hard drive. Don't
expect the older registry editing tools etc. to work properly though for
XP's files..

"Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
news:vjSfe.22621$Um.3876@lakeread08...
> Over the weekend, I was Googling, and ended up going to some web
> site that installed some bad stuff on my 98SE system. It not only
> made changes to the registry, but replaced my original Scanregw.exe
> with its own version, deleted my Hosts file, installed new
> Favorites, and some other stuff. Generally, it just took over, and
> everything I deleted was replaced on the next boot.
>
> I was able to fix this by booting into DOS from a floppy disk,
> deleting the new scanregw.exe, and copying over the corrupted
> registry files with backup versions. After that, and a little
> further housekeeping on reboot, everything was fine (according to
> F-prot and Spybot).
>
> But it occurred to me that if I upgrade to XP, I may not be able to
> go in and fix things like this. Even if I keep the FAT-32 format on
> my drives, is it possible to avoid accessing the C drive during
> boot, perhaps by booting from a CD? My understanding is that only
> the DOS window (from Windows) is available from XP, which of course
> wouldn't help at all.
>
> And yes, I know I should be running a virus checker and a
> spyware/adware checker in real time, not to mention a firewall, but
> I'm running a Celeron 500, and it's already slow enough. So that's
> why. But I probably should upgrade to IE6.
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

So in Peabody's situation, suppose he had been using XP with Fat32 when this
happened.

Could he have used a DOS/Win98 boot disk and then done something like
scanreg/ restore at the DOS prompt to get back safely into XP? (But I'm
guessing scanreg and restore don't work on XP). ???

pjp wrote:
> If you keep Fat32 when you install XP then you can still boot using a
> DOS/Win98BootDisk and access files and folders on the hard drive. Don't
> expect the older registry editing tools etc. to work properly though for
> XP's files..
>
> "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
> news:vjSfe.22621$Um.3876@lakeread08...
>> Over the weekend, I was Googling, and ended up going to some web
>> site that installed some bad stuff on my 98SE system. It not only
>> made changes to the registry, but replaced my original Scanregw.exe
>> with its own version, deleted my Hosts file, installed new
>> Favorites, and some other stuff. Generally, it just took over, and
>> everything I deleted was replaced on the next boot.
>>
>> I was able to fix this by booting into DOS from a floppy disk,
>> deleting the new scanregw.exe, and copying over the corrupted
>> registry files with backup versions. After that, and a little
>> further housekeeping on reboot, everything was fine (according to
>> F-prot and Spybot).
>>
>> But it occurred to me that if I upgrade to XP, I may not be able to
>> go in and fix things like this. Even if I keep the FAT-32 format on
>> my drives, is it possible to avoid accessing the C drive during
>> boot, perhaps by booting from a CD? My understanding is that only
>> the DOS window (from Windows) is available from XP, which of course
>> wouldn't help at all.
>>
>> And yes, I know I should be running a virus checker and a
>> spyware/adware checker in real time, not to mention a firewall, but
>> I'm running a Celeron 500, and it's already slow enough. So that's
>> why. But I probably should upgrade to IE6.

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Mon, 09 May 2005 18:25:33 -0500, Peabody

>Over the weekend, I was Googling, and ended up going to some web
>site that installed some bad stuff on my 98SE system. It not only
>made changes to the registry, but replaced my original Scanregw.exe
>with its own version, deleted my Hosts file, installed new
>Favorites, and some other stuff. Generally, it just took over, and
>everything I deleted was replaced on the next boot.

>I was able to fix this by booting into DOS from a floppy disk,
>deleting the new scanregw.exe, and copying over the corrupted
>registry files with backup versions. After that, and a little
>further housekeeping on reboot, everything was fine (according to
>F-prot and Spybot).

>But it occurred to me that if I upgrade to XP, I may not be able to
>go in and fix things like this. Even if I keep the FAT-32 format on
>my drives, is it possible to avoid accessing the C drive during
>boot, perhaps by booting from a CD?

Your instincts are sound - because if you use NTFS, your maintenance
options are far more limited. Having said that, a HD over 137G will
limit the safety and usefullness of DOS mode as a maintenance OS.

http://cquirke.mvps.org/whatmos.htm refers.

On FATxx and < 137G, you can still use DOS mode boot diskettes and
DOS-based av scanners from F-Prot, Sophos or NOD32, but you can't use
the Win9x Regedit to export/import registry settings, because NT (XP
is a version of NT) has a different registry structure at file level.

On NTFS or FATxx, you can use Bart's PE (creates a bootable XP CDR) or
CDR-booted Linux as your maintenance OS.

Bart's is emerging as the defacto mOS standard for NTFS-based XP, with
several tools either written for it, or converted for use from it.

Linux isn't as effective, because NTFS support is weaker; even Linux
advocates warn against writing to NTFS from Linux.

MS is totally asleep at the wheel, with the only possible mOS
contender (the command-line-only WinPE) being unavailble due to
licensing constraints. Recovery Console is barely useful, but is not
an OS (it can't run external programs, only itself). MS is still in
denial, maintaining that "we don't make it, so you don't need it" as
far as mOS is concerned, even as the rootkit threat develops.

>My understanding is that only the DOS window (from Windows)
>is available from XP, which of course wouldn't help at all.

Exactly. Out the box, you *may* get...
- Recovery Console
- Repair re-install
- Uncontrolled default install
....from a bootable OS CD, unless it's an OEM-crippled thing. Add a
service pack beyond this, and all of these are less useful as they
will fall back to a riskier unpatched state ("just" re-install) or may
not work at all (incorrect Recovery Console version).

>And yes, I know I should be running a virus checker and a
>spyware/adware checker in real time, not to mention a firewall, but
>I'm running a Celeron 500, and it's already slow enough. So that's
>why. But I probably should upgrade to IE6.

On Win9x:

http://cquirke.mvps.org/9x/riskfix.htm
http://cquirke.mvps.org/9x/mimehole.htm

....and...

http://cquirke.mvps.org/9x/virtest.htm



>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

There is no scanreg in XP.
Assuming one saved a key by exporting it. Made the removal or mod next, and
XP still boot normally, you can reincorporate the key again to restore the
registry to original by deleting the mod and incorporating the key.

Major flakiness without a good XP boot means using the recovery console and
the system restore function to restore the registry. This assuming a system
restore backup time/date is appropriate for the restoration and available.

XP has regedit to get the user in trouble, but no easy way out to fix the
mess.
"Bill in Co." <not_really_here@earthlink.net> wrote in message
news:eFg5DHfVFHA.2256@TK2MSFTNGP14.phx.gbl...
> So in Peabody's situation, suppose he had been using XP with Fat32 when
this
> happened.
>
> Could he have used a DOS/Win98 boot disk and then done something like
> scanreg/ restore at the DOS prompt to get back safely into XP? (But I'm
> guessing scanreg and restore don't work on XP). ???
>
> pjp wrote:
> > If you keep Fat32 when you install XP then you can still boot using a
> > DOS/Win98BootDisk and access files and folders on the hard drive. Don't
> > expect the older registry editing tools etc. to work properly though for
> > XP's files..
> >
> > "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
> > news:vjSfe.22621$Um.3876@lakeread08...
> >> Over the weekend, I was Googling, and ended up going to some web
> >> site that installed some bad stuff on my 98SE system. It not only
> >> made changes to the registry, but replaced my original Scanregw.exe
> >> with its own version, deleted my Hosts file, installed new
> >> Favorites, and some other stuff. Generally, it just took over, and
> >> everything I deleted was replaced on the next boot.
> >>
> >> I was able to fix this by booting into DOS from a floppy disk,
> >> deleting the new scanregw.exe, and copying over the corrupted
> >> registry files with backup versions. After that, and a little
> >> further housekeeping on reboot, everything was fine (according to
> >> F-prot and Spybot).
> >>
> >> But it occurred to me that if I upgrade to XP, I may not be able to
> >> go in and fix things like this. Even if I keep the FAT-32 format on
> >> my drives, is it possible to avoid accessing the C drive during
> >> boot, perhaps by booting from a CD? My understanding is that only
> >> the DOS window (from Windows) is available from XP, which of course
> >> wouldn't help at all.
> >>
> >> And yes, I know I should be running a virus checker and a
> >> spyware/adware checker in real time, not to mention a firewall, but
> >> I'm running a Celeron 500, and it's already slow enough. So that's
> >> why. But I probably should upgrade to IE6.
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Lil' Dave wrote:
> There is no scanreg in XP.
> Assuming one saved a key by exporting it.

Which would be an unlikely assumption here....

> Made the removal or mod next, and
> XP still boot normally, you can reincorporate the key again to restore the
> registry to original by deleting the mod and incorporating the key.

Again, highly unlikely assumptions in his case. Right?

> Major flakiness without a good XP boot means using the recovery console
and
> the system restore function to restore the registry. This assuming a
system
> restore backup time/date is appropriate for the restoration and available.

OK, so the "out" here is you boot to the recovery console, and use system
restore. Will that get you out of ALL problems as effectively as booting
to a DOS boot disk and using scanreg /restore in Win98SE does?

Reading between the lines here, and with a few comments from cquirke, I get
the impression that is NOT the case.

> XP has regedit to get the user in trouble, but no easy way out to fix the
> mess.

THAT is NOT nice!

> "Bill in Co." <not_really_here@earthlink.net> wrote in message
> news:eFg5DHfVFHA.2256@TK2MSFTNGP14.phx.gbl...
>> So in Peabody's situation, suppose he had been using XP with Fat32 when
this
>> happened.
>>
>> Could he have used a DOS/Win98 boot disk and then done something like
>> scanreg/ restore at the DOS prompt to get back safely into XP? (But I'm
>> guessing scanreg and restore don't work on XP). ???
>>
>> pjp wrote:
>>> If you keep Fat32 when you install XP then you can still boot using a
>>> DOS/Win98BootDisk and access files and folders on the hard drive. Don't
>>> expect the older registry editing tools etc. to work properly though for
>>> XP's files..
>>>
>>> "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
>>> news:vjSfe.22621$Um.3876@lakeread08...
>>>> Over the weekend, I was Googling, and ended up going to some web
>>>> site that installed some bad stuff on my 98SE system. It not only
>>>> made changes to the registry, but replaced my original Scanregw.exe
>>>> with its own version, deleted my Hosts file, installed new
>>>> Favorites, and some other stuff. Generally, it just took over, and
>>>> everything I deleted was replaced on the next boot.
>>>>
>>>> I was able to fix this by booting into DOS from a floppy disk,
>>>> deleting the new scanregw.exe, and copying over the corrupted
>>>> registry files with backup versions. After that, and a little
>>>> further housekeeping on reboot, everything was fine (according to
>>>> F-prot and Spybot).
>>>>
>>>> But it occurred to me that if I upgrade to XP, I may not be able to
>>>> go in and fix things like this. Even if I keep the FAT-32 format on
>>>> my drives, is it possible to avoid accessing the C drive during
>>>> boot, perhaps by booting from a CD? My understanding is that only
>>>> the DOS window (from Windows) is available from XP, which of course
>>>> wouldn't help at all.
>>>>
>>>> And yes, I know I should be running a virus checker and a
>>>> spyware/adware checker in real time, not to mention a firewall, but
>>>> I'm running a Celeron 500, and it's already slow enough. So that's
>>>> why. But I probably should upgrade to IE6.

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Correct. He could access the hd, copy, rename, add, replace files etc. but
as mentioned in other followup Regedit for 9x and NT/XP are not compatible.

"Bill in Co." <not_really_here@earthlink.net> wrote in message
news:eFg5DHfVFHA.2256@TK2MSFTNGP14.phx.gbl...
> So in Peabody's situation, suppose he had been using XP with Fat32 when
this
> happened.
>
> Could he have used a DOS/Win98 boot disk and then done something like
> scanreg/ restore at the DOS prompt to get back safely into XP? (But I'm
> guessing scanreg and restore don't work on XP). ???
>
> pjp wrote:
> > If you keep Fat32 when you install XP then you can still boot using a
> > DOS/Win98BootDisk and access files and folders on the hard drive. Don't
> > expect the older registry editing tools etc. to work properly though for
> > XP's files..
> >
> > "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
> > news:vjSfe.22621$Um.3876@lakeread08...
> >> Over the weekend, I was Googling, and ended up going to some web
> >> site that installed some bad stuff on my 98SE system. It not only
> >> made changes to the registry, but replaced my original Scanregw.exe
> >> with its own version, deleted my Hosts file, installed new
> >> Favorites, and some other stuff. Generally, it just took over, and
> >> everything I deleted was replaced on the next boot.
> >>
> >> I was able to fix this by booting into DOS from a floppy disk,
> >> deleting the new scanregw.exe, and copying over the corrupted
> >> registry files with backup versions. After that, and a little
> >> further housekeeping on reboot, everything was fine (according to
> >> F-prot and Spybot).
> >>
> >> But it occurred to me that if I upgrade to XP, I may not be able to
> >> go in and fix things like this. Even if I keep the FAT-32 format on
> >> my drives, is it possible to avoid accessing the C drive during
> >> boot, perhaps by booting from a CD? My understanding is that only
> >> the DOS window (from Windows) is available from XP, which of course
> >> wouldn't help at all.
> >>
> >> And yes, I know I should be running a virus checker and a
> >> spyware/adware checker in real time, not to mention a firewall, but
> >> I'm running a Celeron 500, and it's already slow enough. So that's
> >> why. But I probably should upgrade to IE6.
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

So, in summary, Win98SE systems DO offer one extra layer of protection (over
XP) in the system recovery department IF you are forced down to that level
(of needing to boot to a DOS disk (and taking it from there) - as in his
case). I think this was what cquirke was asserting, too. (It just seems a
bit incredible to me that XP would be somewhat handicapped like that).

pjp wrote:
> Correct. He could access the hd, copy, rename, add, replace files etc. but
> as mentioned in other followup Regedit for 9x and NT/XP are not
compatible.
>
> "Bill in Co." <not_really_here@earthlink.net> wrote in message
> news:eFg5DHfVFHA.2256@TK2MSFTNGP14.phx.gbl...
>> So in Peabody's situation, suppose he had been using XP with Fat32 when
>> this happened.
>>
>> Could he have used a DOS/Win98 boot disk and then done something like
>> scanreg/ restore at the DOS prompt to get back safely into XP? (But I'm
>> guessing scanreg and restore don't work on XP). ???
>>
>> pjp wrote:
>>> If you keep Fat32 when you install XP then you can still boot using a
>>> DOS/Win98BootDisk and access files and folders on the hard drive. Don't
>>> expect the older registry editing tools etc. to work properly though for
>>> XP's files..
>>>
>>> "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
>>> news:vjSfe.22621$Um.3876@lakeread08...
>>>> Over the weekend, I was Googling, and ended up going to some web
>>>> site that installed some bad stuff on my 98SE system. It not only
>>>> made changes to the registry, but replaced my original Scanregw.exe
>>>> with its own version, deleted my Hosts file, installed new
>>>> Favorites, and some other stuff. Generally, it just took over, and
>>>> everything I deleted was replaced on the next boot.
>>>>
>>>> I was able to fix this by booting into DOS from a floppy disk,
>>>> deleting the new scanregw.exe, and copying over the corrupted
>>>> registry files with backup versions. After that, and a little
>>>> further housekeeping on reboot, everything was fine (according to
>>>> F-prot and Spybot).
>>>>
>>>> But it occurred to me that if I upgrade to XP, I may not be able to
>>>> go in and fix things like this. Even if I keep the FAT-32 format on
>>>> my drives, is it possible to avoid accessing the C drive during
>>>> boot, perhaps by booting from a CD? My understanding is that only
>>>> the DOS window (from Windows) is available from XP, which of course
>>>> wouldn't help at all.
>>>>
>>>> And yes, I know I should be running a virus checker and a
>>>> spyware/adware checker in real time, not to mention a firewall, but
>>>> I'm running a Celeron 500, and it's already slow enough. So that's
>>>> why. But I probably should upgrade to IE6.

 

[budgie]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Thu, 12 May 2005 11:30:16 -0600, "Bill in Co."
<not_really_here@earthlink.net> wrote:

>So, in summary, Win98SE systems DO offer one extra layer of protection (over
>XP) in the system recovery department IF you are forced down to that level
>(of needing to boot to a DOS disk (and taking it from there) - as in his
>case). I think this was what cquirke was asserting, too. (It just seems a
>bit incredible to me that XP would be somewhat handicapped like that).

Except that in 98, DOS was still "visible", while in XP MS have tried
desperately not just to hide any evidence of it but to actually deny it.

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"budgie" <me@privacy.net> wrote in message
news:fld881p5iietf05r09v57uc2uojl2v54tr@4ax.com...
> On Thu, 12 May 2005 11:30:16 -0600, "Bill in Co."
> <not_really_here@earthlink.net> wrote:
>
> >So, in summary, Win98SE systems DO offer one extra layer of protection
(over
> >XP) in the system recovery department IF you are forced down to that
level
> >(of needing to boot to a DOS disk (and taking it from there) - as in his
> >case). I think this was what cquirke was asserting, too. (It just
seems a
> >bit incredible to me that XP would be somewhat handicapped like that).
>
> Except that in 98, DOS was still "visible", while in XP MS have tried
> desperately not just to hide any evidence of it but to actually deny it.

XP = no DOS but an "emulation"
ME - hide DOS from users

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Lil' Dave says...

>> So in Peabody's situation, suppose he had been using XP
>> with Fat32 when this happened.

>> Could he have used a DOS/Win98 boot disk and then done
>> something like scanreg/ restore at the DOS prompt to
>> get back safely into XP? (But I'm guessing scanreg and
>> restore don't work on XP). ???

> There is no scanreg in XP. Assuming one saved a key by
> exporting it. Made the removal or mod next, and XP
> still boot normally, you can reincorporate the key again
> to restore the registry to original by deleting the mod
> and incorporating the key.

> Major flakiness without a good XP boot means using the
> recovery console and the system restore function to
> restore the registry. This assuming a system restore
> backup time/date is appropriate for the restoration and
> available.

> XP has regedit to get the user in trouble, but no easy
> way out to fix the mess.

Peabody here again. Can we revisit this question please?

You'll recall that in 98SE every morning scanreg makes a
copy of the four key system files - the system.dat and
user.dat registry files, plus system.ini and win.ini - and
stores them in a .cab file as rb00n.cab in the
windows\sysbckup folder.

Also recall that one of the files that I knew was corrupted
was scanregw.exe (it had the current day's date as the
modified date instead of 4/23/99). So I couldn't use
scanreg to restore the registry because I didn't have it on
my floppy for some reason (I do now). By the way, the Find
function for all files modified today is extremely
useful when something like this happens.

So what I did was to use WinZip to manually extract the
contents of the latest rb00n.cab to a temp folder on another
partition. And then after booting from the floppy and
clearing the read-only attributes on the corrupted system
files, I just manually copied all four files over to the
right folder, thereby restoring the old (good) versions.

Now the question is whether XP would let me do that.
Whether it's called scanreg or not, does it save the
relevant system files in a .cab which WinZip will open?
Could I copy the files as I did in 98?

When I am finally forced to upgrade to XP, I had planned to
keep a relatively small C: partition and keep it in FAT32,
and set up my D: partition as NTFS for all the big
files like data storage and video captures, but no
executables.

And then, with a second hard drive, I would Ghost the entire
C partition every few days, keeping maybe the latest three,
which should allow me to ABSOLUTELY recover from events like
this, not just depend on recovery consoles, restore points,
and other things I don't understand, and that probably won't
work if the malware author knows what he's doing.

But again, could I have recovered the way I did if I had been
running XP?

And thanks very much for all your comments and explanations.

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Maybe you better repost this, Peabody, as it may have gotten buried. Well
I guess it IS reposted, as of now, lol. Maybe somebody can answer it...

Peabody wrote:
> Lil' Dave says...
>
> >> So in Peabody's situation, suppose he had been using XP
> >> with Fat32 when this happened.
>
> >> Could he have used a DOS/Win98 boot disk and then done
> >> something like scanreg/ restore at the DOS prompt to
> >> get back safely into XP? (But I'm guessing scanreg and
> >> restore don't work on XP). ???
>
> > There is no scanreg in XP. Assuming one saved a key by
> > exporting it. Made the removal or mod next, and XP
> > still boot normally, you can reincorporate the key again
> > to restore the registry to original by deleting the mod
> > and incorporating the key.
>
> > Major flakiness without a good XP boot means using the
> > recovery console and the system restore function to
> > restore the registry. This assuming a system restore
> > backup time/date is appropriate for the restoration and
> > available.
>
> > XP has regedit to get the user in trouble, but no easy
> > way out to fix the mess.
>
> Peabody here again. Can we revisit this question please?
>
> You'll recall that in 98SE every morning scanreg makes a
> copy of the four key system files - the system.dat and
> user.dat registry files, plus system.ini and win.ini - and
> stores them in a .cab file as rb00n.cab in the
> windows\sysbckup folder.
>
> Also recall that one of the files that I knew was corrupted
> was scanregw.exe (it had the current day's date as the
> modified date instead of 4/23/99). So I couldn't use
> scanreg to restore the registry because I didn't have it on
> my floppy for some reason (I do now). By the way, the Find
> function for all files modified today is extremely
> useful when something like this happens.
>
> So what I did was to use WinZip to manually extract the
> contents of the latest rb00n.cab to a temp folder on another
> partition. And then after booting from the floppy and
> clearing the read-only attributes on the corrupted system
> files, I just manually copied all four files over to the
> right folder, thereby restoring the old (good) versions.
>
> Now the question is whether XP would let me do that.
> Whether it's called scanreg or not, does it save the
> relevant system files in a .cab which WinZip will open?
> Could I copy the files as I did in 98?
>
> When I am finally forced to upgrade to XP, I had planned to
> keep a relatively small C: partition and keep it in FAT32,
> and set up my D: partition as NTFS for all the big
> files like data storage and video captures, but no
> executables.
>
> And then, with a second hard drive, I would Ghost the entire
> C partition every few days, keeping maybe the latest three,
> which should allow me to ABSOLUTELY recover from events like
> this, not just depend on recovery consoles, restore points,
> and other things I don't understand, and that probably won't
> work if the malware author knows what he's doing.
>
> But again, could I have recovered the way I did if I had been
> running XP?
>
> And thanks very much for all your comments and explanations.

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message news:5cahe.4828$It1.4452@lakeread02...
> Peabody here again. Can we revisit this question please?
>
> You'll recall that in 98SE every morning scanreg makes a
> copy of the four key system files - the system.dat and
> user.dat registry files, plus system.ini and win.ini - and
> stores them in a .cab file as rb00n.cab in the
> windows\sysbckup folder.
>
> Also recall that one of the files that I knew was corrupted
> was scanregw.exe (it had the current day's date as the
> modified date instead of 4/23/99).

Suspect a virus..

> So I couldn't use
> scanreg to restore the registry because I didn't have it on
> my floppy for some reason (I do now). By the way, the Find
> function for all files modified today is extremely
> useful when something like this happens.
>
> So what I did was to use WinZip to manually extract the
> contents of the latest rb00n.cab to a temp folder on another
> partition. And then after booting from the floppy and
> clearing the read-only attributes on the corrupted system
> files, I just manually copied all four files over to the
> right folder, thereby restoring the old (good) versions.
>
> Now the question is whether XP would let me do that.
> Whether it's called scanreg or not, does it save the
> relevant system files in a .cab which WinZip will open?
> Could I copy the files as I did in 98?

No, XP doesn't use the same mechanism that 9x does. There is however System
Restore which includes the registry file set, as well as "last known good
config" which you can choose from the startup menu.
http://support.microsoft.com/default.aspx?scid=kb;en-us;307852&sd=tech



> When I am finally forced to upgrade to XP, I had planned to
> keep a relatively small C: partition and keep it in FAT32,
> and set up my D: partition as NTFS for all the big
> files like data storage and video captures, but no
> executables.
>
> And then, with a second hard drive, I would Ghost the entire
> C partition every few days, keeping maybe the latest three,
> which should allow me to ABSOLUTELY recover from events like
> this, not just depend on recovery consoles, restore points,
> and other things I don't understand, and that probably won't
> work if the malware author knows what he's doing.
>
> But again, could I have recovered the way I did if I had been
> running XP?

Assuming FAT, still not easy from DOS. You might want to check out Erunt.
http://www.larshederer.homepage.t-online.de/erunt/

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Bill Blanton wrote:
> "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
> news:5cahe.4828$It1.4452@lakeread02...
>> Peabody here again. Can we revisit this question please?
>>
>> You'll recall that in 98SE every morning scanreg makes a
>> copy of the four key system files - the system.dat and
>> user.dat registry files, plus system.ini and win.ini - and
>> stores them in a .cab file as rb00n.cab in the
>> windows\sysbckup folder.
>>
>> Also recall that one of the files that I knew was corrupted
>> was scanregw.exe (it had the current day's date as the
>> modified date instead of 4/23/99).
>
> Suspect a virus..
>
>> So I couldn't use
>> scanreg to restore the registry because I didn't have it on
>> my floppy for some reason (I do now). By the way, the Find
>> function for all files modified today is extremely
>> useful when something like this happens.
>>
>> So what I did was to use WinZip to manually extract the
>> contents of the latest rb00n.cab to a temp folder on another
>> partition. And then after booting from the floppy and
>> clearing the read-only attributes on the corrupted system
>> files, I just manually copied all four files over to the
>> right folder, thereby restoring the old (good) versions.
>>
>> Now the question is whether XP would let me do that.
>> Whether it's called scanreg or not, does it save the
>> relevant system files in a .cab which WinZip will open?
>> Could I copy the files as I did in 98?
>
> No, XP doesn't use the same mechanism that 9x does. There is however
> System Restore which includes the registry file set, as well as "last
known good
> config" which you can choose from the startup menu.
> http://support.microsoft.com/default.aspx?scid=kb;en-us;307852&sd=tech


What if the last known good isn't the right one, or isn't available? Can
you choose previous ones like you do in Win98SE (with scanreg /restore),
assuming you can't boot up in XP (or don't want to take a chance on booting
into windows due to the virus stuff)?


>> When I am finally forced to upgrade to XP, I had planned to
>> keep a relatively small C: partition and keep it in FAT32,
>> and set up my D: partition as NTFS for all the big
>> files like data storage and video captures, but no
>> executables.
>>
>> And then, with a second hard drive, I would Ghost the entire
>> C partition every few days, keeping maybe the latest three,
>> which should allow me to ABSOLUTELY recover from events like
>> this, not just depend on recovery consoles, restore points,
>> and other things I don't understand, and that probably won't
>> work if the malware author knows what he's doing.
>>
>> But again, could I have recovered the way I did if I had been
>> running XP?
>
> Assuming FAT, still not easy from DOS. You might want to check out Erunt.
> http://www.larshederer.homepage.t-online.de/erunt/

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Bill in Co." <not_really_here@earthlink.net> wrote in message news:eY928sdWFHA.3760@TK2MSFTNGP15.phx.gbl...
> Bill Blanton wrote:
>> "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
>> news:5cahe.4828$It1.4452@lakeread02...

>>> Now the question is whether XP would let me do that.
>>> Whether it's called scanreg or not, does it save the
>>> relevant system files in a .cab which WinZip will open?
>>> Could I copy the files as I did in 98?
>>
>> No, XP doesn't use the same mechanism that 9x does. There is however
>> System Restore which includes the registry file set, as well as "last
> known good
>> config" which you can choose from the startup menu.
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;307852&sd=tech
>
>
> What if the last known good isn't the right one, or isn't available? Can
> you choose previous ones like you do in Win98SE (with scanreg /restore),
> assuming you can't boot up in XP (or don't want to take a chance on booting
> into windows due to the virus stuff)?

In normal use, System Restore will *usually* create a "System
checkpoint" at least once every day, pushing out older ones. (there's
a logic to the when that I don't know off hand). However, Microsoft
in its wisdom doesn't make SR available from the Recovery console, so
you have to be able to boot at least into safe-mode to use it. The Recovery
console can be used for limited tasks, but it's far from being as useful
as DOS is for 9x.

Assuming a bad reg is keeping you out of safe-mode and "last known good"
isn't, you're pretty much screwed. (cue cquirke and the need for a mOS)
The XP install CD does have a "Repair install" "feature", though I don't
know what the scope of that includes.