[Resolved] Win ME hang up

When my Windows ME boots up, it appears to go through all the appropriate motions and desktop icons appear as they should. The problem is that the hourglass never goes away and the system appears to be in a loop. Movement of the mouse will move hourglass but the program never comes out of the loop. The only way to get out is to power down. Ctl-Alt-Del does nothing. Me came preloaded on the Dell PC. I have been unable to locate a boot disk. What do you suggest?

 

budscyn
Welcome to TSG!

You apparently have a program or a peripheral (Printer, Scanner ect) not coming Online. What you can do is try and isolate the culprit through the process of elimination. When found then it can be dealt with. Uninstall program\reinstall ect.

Since the hang is late in the boot process it will probably be part of your startup group. Lets start with that since it is the easiest.

Follow these steps:
1) First lets see if it is within the startups. Restart system and during boot keep tapping the F8 key. a selection screen will appear. Arrow to Select safemode and hit enter.
The video will look funny but thats OK our intent is to see if the system is still trying to start as before.

If boot OK and no lingering hourglass then while in safemode go to Start\run and type in MSconfig then enter

2) Go to startup tab and remove check-mark from all except Systray, scanregistry and *statemgr hit apply and OK. restart system and let it start normal. Is problem gone?

If so stay in normal mode and go to Start\run and type msconfig in again then enter

3) Start placing checkmarks back in small groups, click apply then OK and restart normal.

If problem does not return then do it again for another group until the problem occurs.

4) When problem occurs go back to the msconfig startups and remove the checks from all but one of the last group of items checked click apply then OK. Repeat process until you locate the item causing the hang.

Report back here with the item when found so we can have a look at it.

Note: if hang occurs during safemode then come back so we can advise another way.

Dave

 

Thanks Dave. This may take a while since I will be having this done by proxy. I'm at work and the subject machine is at home. I'll get back ASAP.

 

Finally was able to get to msconfig. I unchecked everything but Systray and *statemgr. Scanregistry does not appear as one of the options. I will wait to complete this until I hear from you as to whether I need to do something to find scanregistry before beginning the elimination process

 

budscyn
Curious the the scanregistry entry is missing! Before we restore it to the registry lets make sure the actual program scanregw.exe is not also missing in action. Go to start\search-find and type in scanregw.exe then enter. In the right pane you should see scanregw.exe residing in the C:\Windows folder. If so download the file I attached and and place it on your desktop. Now locate the file and right click rename it from Scanregistry.txt to Scanregistry.reg and click to OK the warning about file type changes if it appears. After changed the the icon should have changed to an icon with blue building blocks. Double left click the icon and say OK to merge. After merge restart system and see if scanregistry is now listed active in the MSconfig startup group.

If there and active you can go ahead and start the process of elimination we spoke about.

If for some reason the scanregistry line is still not there or the scanregw.exe was not located via search then post back so we can follow another preliminary path to correct that.

Dave

 

before I do this, let me explain something. After my last post I guess I got impatient and went ahead and hit enter and rebooted with only the two files checked.When the PC initialized, it appeared that I had the same problem but when I ctrl-alt-del twice to see what programs were responding there were more than what had been checked. When I finnally was able to get back to the config utility there were two more progs checked. sorry i did'nt note what they were. Do I go ahead and follow you previous post or wait for further instructions? By the way, thanks for the patience.

 

budscyn
That is OK becuase you may of helped isolate the problem. copy down and post the items that were re-enabled via a startup so we can review them. They may require another disable method or are some little nasties floating around in your machine.
Also there are many processes running in background that you will not see listed in msconfig startup line but may be viewed via the Task Manager CAD.

Post the two line that got re-enabled.

Dave

 

Winkcxs & dervldr16.exe Strange thing though! It appears to have duplicated these two in the startup box. When I unchecked these two they resided down with *Statemgr. Now they appear checked up with systray and unchecked still down with *statemgr.

 

Sorry, that was devldr16.exe. fingers got excited!

 

The devldr16 is a creative sound blaster program for having sound in DOS games. here is how to disable that which has been know to cause problems. Go to this site and scroll to devldr16.exe and read\follow instructions listed to its right.
http://www.answersthatwork.com/Tasklist_pages/tasklist_d.htm

Now the Winkcxs!!!! What I am afraid of is you may have contacted the Klez virus!!!!

Please go here and run a free online scan and see if we can Identify which version you may have.

http://housecall.antivirus.com/housecall/start_corp.asp

I am also moving this to the security forum where the virus doctors can assist in it removal.

Dave

 

budscyn
Have to run back to work now but will check in later. I also PM'd one of the Virus doctors to have a look. He is very good so he should be able to help you. If he did not get my message then I will continue on helping when I return.

Dave

 

Davey's right you definitely have the klez worm there and of course we don't really know what else, so do take careful note of what HouseCall finds and especially what it says it can't remove. Note the virus name, the infected file(s) and the paths to them.

I'm not sure how effective the Online scans are with removing klez, usually this has to be done in Safe Mode, with System Restore disabled.

Symantec's tool seems to work for most, no matter what the version. Read the instructions for usage carefully and be sure to disable the WinME Restore archive first. You should have *statemgr enabled in msconfig> startups during this procedure, which is what Windows uses to configure System Restore states.

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

Once you get a clean scan regarding Klez, enable all your msconfig startups and give us a post of your StartupList using the application from the site below.

http://www.lurkhere.com/~nicefiles/

You will need to unzip and run the Startuplist.exe, then copy/paste the results to a reply here. Remember msconfig startups must be enabled for the list to be able to read them.

 

Have been unable to get housecall to work correctly. How do I disable WinME Restore archive?

 

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239

Once you've cleaned Klez and before you leave Safe Mode, if you have an antivirus program installed, you should also run that in Safe Mode. If you have no updated antivirus program, try running HouseCall again, or try Panda's online scan here:

http://www.pandasoftware.com/activescan/com/

You can also install a decent freebe: Grisoft's AVG.

http://www.grisoft.com/html/us_downl.htm

 

Good Morning, Rog.
Was never able to get housecall to complete so I went ahead and ran the symantec klez removal program after disabling the ME Restore. I did run the removal in Safe. got 63211 scanned, 31 deleted, 68 repaired, 0 terminated, 0 viral services deleted, and 1 registry entry fixed. I then tried to run the housecall program but was unable to connect to internet. I should note that I normally connect thru my local cable company but I currently have the cpu at work and only have access to phone line and am trying to download from aol. When I try to connect to aol in safe mode my port is not recognized. Is this normal? I should also mention that after running the klez removal prog, I went back to msconfig and the winkcsx file is still there. It was unchecked but still there. I'm not sure where to go from here. Can you help. Thanks