[Ham-Computers] RE: Win98...not convinced this is a virus

[Hsu, Aaron]

My humble opinions...

My question to you would be...is the system using parity or non-parity
memory (RAM)?  The problem you describe sounds like some type of memory
corruption.  If your system uses non-parity memory (which most "desktop"
type motherboards use these days), then data corruption can occur in RAM and
you'd never know it until the OS (or a program) finally runs code that's
corrupted.  At that point, the system usually "bombs" in some way.  In
Windows, you usually get a dreaded BSOD (Blue Screen of Death) or a system
lock.

Run into this problem at work many times.  In fact, some older Compaq
DeskPro systems (100MHz FSB) will not work with certain 133MHz rated SDRAM
modules (even Compaq's own).  Seems to be a timing-related problem with the
way the modules were designed.  Drove us nuts until the Compaq HW engineers
verified the problem and issued an advisory.  The symptoms were random
BSOD's and corrupted drive data (sound familiar?).  The data on the drive
gets corrupted because the OS can't properly close files or writes to
locations it's not supposed to (remember, RAM is corrupted, therefore OS
integrity is compromised).  If it's writing a directory entry, the portions
or the entire directory may be corrupted.  Same with the FAT.

Note that faulty RAM isn't the only source of data corruption.  Transient
noise on the PCI bus or any other memory/data bus can also corrupt data.
Another situation could be improper handling of IRQ requests or a faulty I/O
or DMA controller on the systemboard.

I would highly suggest swapping the memory modules with different ones.
Since it sounds like you have an identical second system, try swapping the
RAM between both systems.  If that doesn't pinpoint the system, try swapping
other components.  I would also try "stripping" the system and running it as
bare as possible (e.g. remove the GPIB, SIO, audio, and other boards).  You
don't mention how often this error occurs, so it might take a while to fully
diagnose this issue.

Hmmmm, if I remember correctly, there were some known issues with the
Adaptec 3940 series controllers (I have in use a 3940W, 3940UW, 3950U2W, and
3960).  Earlier models used a certain Digital PCI-to-PCI Bridge controller
and this controller conflicted with some other PCI based devices.  You might
want to try using a 2940 controller (if you have one) to see if the problem
goes away.

As for the Windows Registry, a GREAT utility that ships with Win9x is the
ERD (Emergency Recovery Disk) utility.  This will create a disk (or folder)
with backups of the registry (both .DAT files), the startup files
(CONFIG.SYS and AUTOEXEC.BAT), and the legacy .INI files (WIN.INI and
SYSTEM.INI).  It also creates a recovery utility on the same disk/folder you
can run from DOS to restore all (or some) of these files.

Scandisk...can't find possibly due to file structure corruption (see above).
Not too surprising.  A suggestion is to create a boot disk with NDD.EXE (and
it's support files).  Then, after the system "bombs", boot from the floppy
and run NDD against the C: drive.  It's sorta self defeating to run a disk
scanner from a possibly corrupted system.  Older versions of the Norton
Utils / Norton SystemWorks CD will boot to a Norton Utilities menu and you
can run NDD from there.  The newer versions of NSW boot to Norton Anti-virus
instead (stupid, if you ask me).

That's about all I can think of right now.  It's late and I'm running on
fumes, so if I think of anything else, I'll let ya know.

Good luck & 73,

  - Aaron Hsu, NN6O
    (athsu)@unistudios.com
    (nn6o)@arrl.net
    No-QRO Int'l #1,000,006


  - Aaron Hsu
    Sr. Configuration Analyst
    UITS Operations / Client Services (LAX)
    Universal Studios, Inc.


-----Original Message-----
From: refmon [mailto:monitor@referencevideo.com]
Sent: Saturday, January 04, 2003 4:28 PM
To: ham-computers@mailman.qth.net
Subject: [Ham-Computers] Win98...not convinced this is a virus


Hi,

Happy New Year, all.  I've been having a problem here that on the surface
behaves like a virus, but the more I wrestle with it, I wonder if I don't
have a plain old obscure tech problem.  Here's the tale o' woe:

This is a Radisys EMI-shielded server and is basically electrically
bulletproof.  I'm running a Lanner single board computer board with 512MB
memory and 750MHz PIII.  It's got the usual audio & video boards, an extra
SIO board, a GPIB board, and SCSI Adaptec 3940 AUWD dual channel.  Disk is
18GB 10K RPM IBM OEM, CD is 40 x Plextor, and DVD is a Creative unit.

This thing has been rock solid...gets all the updates from Microsoft,
Norton, etc.  Also runs Trojan killers, spybot killers, and I manually back
up my registry files daily...both sys.dat and user.dat (that actually helps
this problem a lot).

Here's the problem, which happens repeatedly, although not very often:
cruising along just fine and then it's like a truck hit the PC...a burst of
seemingly meaningless disk activity and blue screen with one of a variety of
"fatal error messages"...it is never possible to continue to an orderly shut
down even though it says to try.

Finally, I shut down the PC for a hard reset...opening boot is fine, but as
soon as the boot sequence gets to reaching for the C drive, I get a
corrupted disk error and that scandisk must be run (even though I've
replaced scan disk with Norton Disk Doctor.  So I say ok, and it tells me
Scandisk can't be found, even though it's in the path that just got booted
in.  I've discovered that if you push enter enough, the PC will eventually
bypass this stage and continue loading windows...at this point, one of two
things happens:

1)  Windows "discovers" a problem with my registry and fixes it for me, then
reboots...if that happens, you're in perma-loop...reeboot/fix/reboot/fix,
etc etc.  A hard power down generally breaks that cycle.

2)  Windows actually boots through sign on screen and runs, although some
drivers may be corrupted.  Usually either the NIC driver is blown or one or
more network services are gone.  They reinstall in the routine manner.  Of
course, you must reboot...that's when the scandisk stuff comes up again.  I
have completely diagnosed this disk with scandisk manually, Norton Disk
Doctor, and taken the SCSI drive to another Radisys server here (after virus
scan, trojan kill, etc) and diagnosed it both ways there...no problems at
all...not even a bad sector...nothing.

I now have the PC running apparantly normally except for this scandisk BS,
which, I have determined requires 38 pushes of the enter button...I got PO'd
and bored.

Anyone have any ideas?  First, why won't scandisk step aside when I select
"replace scandisk with Norton Disk Doctor" (done in Norton)?  2nd...where
did the bit or byte get stuck that keeps insisting on running scandisk?  In
that it insists on running scandisk, why can't it find it?


any ideas or direct solutions greatly appreciated

best regards

John Collins
_________________________________________