HELP! I got zapped tonight! Someone sent me what they SAID was a
picture his kid made of a Starfury, said it'd be great if I could say
an encouraging word or two about it. So I downloaded the file, and it
turned out to be a booby trap. (No, I can't trace back the user, it's
off the internet, and the address was an anon...didn't write it down.)

Anyway, it DELETED MY DOS DIRECTORY and started to delete my Windows
directory as well before I caught it at the last moment. (Yes, it was
a com file, and I stupidly didn't look to check before activating it
with the newsreader's program.) I've managed to restore nearly all the
Windows directory (except for win.exe which is utterly gone). I used
Norton to do that part...but Norton Unerase only seems to work in a
directory that's still there. The DOS directory is completely *gone*.
Is there any way I can restore it? I can try moving the DOS directory
from my work computer to the home one (they're the same systems, and
arrived within days of one another, so they should be nearly the same),
but I'm obviously leery.

When it runs through my autoexec.bat file, I get the following errors:

Bad or missing C:\DOS\SETVER.EXE

Bad or missing C:\DOS\HIMEM.SYS

(I figure those'll come back after DOS is restored, but I'm less sure
about the other ones following:)

HMA not available; loading DOS low

Bad or missing COMMAND interpreter Bad command or file name Bad
command or file name

(I'm not altogether sure that's from autoexec. or the config.sys file,
by the way...could be either.)

This isn't the sort of thing I've ever had to deal with before, and
will take ANY advice from someone knowledgeable. I have scripts to
write, and this is a major problem for me right now.

jms

{original post unavailable}

Thanks for the info; I was up until 5 a.m. restoring the
Windows directory. Thank goodness it didn't get much further than
that. My reflexes are pretty good.

jms

{original post had no questions}

I have the most current version of Norton for win3.1, but I
couldn't see how to make it restore directories, only *sub*directories.

jms

Brian Prothero <76711.663@compuserve.com> asks:
> There is a command line argument that you can give it to clean
> the virus from the hard drive (check the readme file or type
> SCAN/?

Nope, wasn't a virus, it was a com file.

Thanks for the info.

jms

{original post had no questions}

I'm going to take the command.com file off one of my rescue
disks that I made for this computer (alas, they can't restore the dos)
and my hope is that that'll be clean.

And now the kicker.

There's also a text file in that directory that wasn't there
before. It contains 3 words. STAR TREK RULES!

Fortunately, I caught it before too much damage was done.

jms

{original post unavailable}

Thanks to all for the advice...I'll be heading home in an hour
or so, and will see what works.

jms

Marte Brengle <76703.4242@compuserve.com> asks:
> No backup?

Thanks. Alas, some of my backup was on a Zip drive, but I
couldn't use the Zip without Dos being present, so I was basically
screwed. At this point I've got the Dos directory restored (using the
files from the twin computer at work), and so far it *seems* to be
okay...but it also screwed up all the files in the windows system
directory, and now I've got to go through, restore and rename all of
them, and since I don't know offhand what they all are, it's going to
be a slow process.

jms

{original post had no questions}

To know how to rename all the hundreds of files in my
windows\system directory, is there any way to save to a file all of the
file names in my directory, so I can bring that one file home with all
their names? (I know, I should do a print screen, but the printer here
at the office is broken, and I'd have to hook up another one from
another office, which is a pain.)

Also, how does one uncompile a .com file? I think I caught the
Trojan Horse before it did anything else, but I kinda want to open it
up and look inside in case it did anything else I should know about.
Don't want to go through all this and get another surprise in a few
days.

jms

{original post had no questions}

Many thanks...it's appreciated.

jms

{original post had no questions}

I'll definitely scan the drive, thanks.

jms

{original post unavailable}

At this point (note to all who've emailed...there were so many
not everyone could possibly get a response), the system itself is up
and running again, having transplanted the DOS directory from my work
computer (an identical system) to the one at home. I then used unerase
to restore the Windows and windows/system files.

Alas, the only way to unerase is to give the deleted files a new
first letter or number...and I didn't know what they might be offhand
(there are something like 200-350 of them altogether in the windows and
windows/system directories), so I kinda had to rename them randomly,
just temporarily. Now I have a list of the proper names of what the
files *should* be, and now I'm going through the long process of
matching them up and renaming them all.

My virus scanners are all windows based, so once it's up again,
I'll be able to go looking around a bit more.

Thanks to all who've helped.

jms

Terrill L. Burlison <73631.275@compuserve.com> asks:
> Do you mean you downloaded it from a Newsgroup?

Unfortunately, I didn't write down the information, the poster
said his address was on the jpg, so I didn't bother...and when it
activated, the whole system went kablooey...it's my own stupidity,
that's all.

jms

Daniel F. Evan <104377.1433@compuserve.com> asks:
> Do all your peripherals still work?

So far, everything's checking out....I hope this can all end
soon.

jms

{original post had no questions}

Yeah, I'm still on 3.1...who has time for the win95 learning
curve?

jms

{original post had no questions}

Yeah, I'm still on 3.1...who has time for the win95 learning
curve?

jms

Terrill L. Burlison <73631.275@compuserve.com> asks:
> Do you mean you downloaded it from a Newsgroup?

Unfortunately, I didn't write down the information, the poster
said his address was on the jpg, so I didn't bother...and when it
activated, the whole system went kablooey...it's my own stupidity,
that's all.

jms

Daniel F. Evan <104377.1433@compuserve.com> asks:
> Do all your peripherals still work?

So far, everything's checking out....I hope this can all end
soon.

jms

{original post unavailable}

At this point (note to all who've emailed...there were so many
not everyone could possibly get a response), the system itself is up
and running again, having transplanted the DOS directory from my work
computer (an identical system) to the one at home. I then used unerase
to restore the Windows and windows/system files.

Alas, the only way to unerase is to give the deleted files a new
first letter or number...and I didn't know what they might be offhand
(there are something like 200-350 of them altogether in the windows and
windows/system directories), so I kinda had to rename them randomly,
just temporarily. Now I have a list of the proper names of what the
files *should* be, and now I'm going through the long process of
matching them up and renaming them all.

My virus scanners are all windows based, so once it's up again,
I'll be able to go looking around a bit more.

Thanks to all who've helped.

jms

{original post had no questions}

Exactly. I don't have time for a learning curve right now; I'm
staying with what I've got until what I've got no longer does what I
want.

jms

{original post had no questions}

Exactly. I don't have time for a learning curve right now; I'm
staying with what I've got until what I've got no longer does what I
want.

jms

{original post unavailable}

I'll definitely do that, thanks!

jms

{original post had no questions}

What an interesting notion...thanks.

jms