Explorer invalid page fault in and in Kernel32
Moderators: DllAdmin, DLLADMIN ONLY
-
- Posts: 117
- Joined: 01 Mar 2009, 00:00
Re: Explorer invalid page fault in and in Kernel32
legg wrote:
>>>> Unexplained computer behavior may be caused by deceptive software (or
>>>> your
>>>> old box may be on its last "leggs" <w>).
>>>> http://support.microsoft.com/kb/827315
>>>
>>> I'm aware of possible hardware problems, having dealt with many over
>>> the years. I;m prepared to tackle any new ones that you may suggest.
>>> The issue is obviously not thermal. It's not the graphics card or
>>> power supply. The HDD is checked by internal and external utilities.
>>> Once this issue is cleared up, it is due for ternary HDD back-up
>>> rotation, which is my currnt method of disaster recovery.
>>>
>>> This issue seems to have something to do with the programs or OS of
>>> this particulat hard drive - the OS in particular, if memory
>>> management settings can change a crash into an apparently manageable
>>> explorer fault. The system and hardware were characteristically stable
>>> prior to the last series of problems.
>>>
>>> In any event, the OS has current NOD32 Avirus, hardware and software
>>> firewalls, adaware and antitrojan utilities etc etc etc. Processes and
>>> resources are monitored and unstressed at the time of explorer
>>> faulting.
>>>
>>> Maintaining a working W98 system is required to maintain linked
>>> resources of software and hardware that cannot be replaced. Other
>>> systems are available to handle more current (downwardly incompatible)
>>> software and hardware.
>>
>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>> subscription current?
>
> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
> also recent.
>
> The machine is connected through a NAT router and has a SW firewall
> limiting/monitoring access to/from the outside world and maintaining
> MD5 manifests for most processes that use these contacts.
Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
AFAIK, no currently-supported version of Ad-Aware is supported in Win98.
>>>> Unexplained computer behavior may be caused by deceptive software (or
>>>> your
>>>> old box may be on its last "leggs" <w>).
>>>> http://support.microsoft.com/kb/827315
>>>
>>> I'm aware of possible hardware problems, having dealt with many over
>>> the years. I;m prepared to tackle any new ones that you may suggest.
>>> The issue is obviously not thermal. It's not the graphics card or
>>> power supply. The HDD is checked by internal and external utilities.
>>> Once this issue is cleared up, it is due for ternary HDD back-up
>>> rotation, which is my currnt method of disaster recovery.
>>>
>>> This issue seems to have something to do with the programs or OS of
>>> this particulat hard drive - the OS in particular, if memory
>>> management settings can change a crash into an apparently manageable
>>> explorer fault. The system and hardware were characteristically stable
>>> prior to the last series of problems.
>>>
>>> In any event, the OS has current NOD32 Avirus, hardware and software
>>> firewalls, adaware and antitrojan utilities etc etc etc. Processes and
>>> resources are monitored and unstressed at the time of explorer
>>> faulting.
>>>
>>> Maintaining a working W98 system is required to maintain linked
>>> resources of software and hardware that cannot be replaced. Other
>>> systems are available to handle more current (downwardly incompatible)
>>> software and hardware.
>>
>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>> subscription current?
>
> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
> also recent.
>
> The machine is connected through a NAT router and has a SW firewall
> limiting/monitoring access to/from the outside world and maintaining
> MD5 manifests for most processes that use these contacts.
Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
AFAIK, no currently-supported version of Ad-Aware is supported in Win98.
Re: Explorer invalid page fault in and in Kernel32
On Sat, 16 May 2009 15:03:09 -0400, "PA Bear [MS MVP]"
<PABearMVP@gmail.com> wrote:
>legg wrote:
>>>>> Unexplained computer behavior may be caused by deceptive software (or
>>>>> your
>>>>> old box may be on its last "leggs" <w>).
>>>>> http://support.microsoft.com/kb/827315
>>>>
>>>> I'm aware of possible hardware problems, having dealt with many over
>>>> the years. I;m prepared to tackle any new ones that you may suggest.
>>>> The issue is obviously not thermal. It's not the graphics card or
>>>> power supply. The HDD is checked by internal and external utilities.
>>>> Once this issue is cleared up, it is due for ternary HDD back-up
>>>> rotation, which is my currnt method of disaster recovery.
>>>>
>>>> This issue seems to have something to do with the programs or OS of
>>>> this particulat hard drive - the OS in particular, if memory
>>>> management settings can change a crash into an apparently manageable
>>>> explorer fault. The system and hardware were characteristically stable
>>>> prior to the last series of problems.
>>>>
>>>> In any event, the OS has current NOD32 Avirus, hardware and software
>>>> firewalls, adaware and antitrojan utilities etc etc etc. Processes and
>>>> resources are monitored and unstressed at the time of explorer
>>>> faulting.
>>>>
>>>> Maintaining a working W98 system is required to maintain linked
>>>> resources of software and hardware that cannot be replaced. Other
>>>> systems are available to handle more current (downwardly incompatible)
>>>> software and hardware.
>>>
>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>> subscription current?
>>
>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>> also recent.
>>
>> The machine is connected through a NAT router and has a SW firewall
>> limiting/monitoring access to/from the outside world and maintaining
>> MD5 manifests for most processes that use these contacts.
>
>Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>
I've had no notice of potential incompatabilities. Subscription is
current for 4 systems, W98 through to XP.
>AFAIK, no currently-supported version of Ad-Aware is supported in Win98.
Right, and the last definitions for W98 were issued in mid'06. I guess
I just don't take the adware threat that seriously. The scan is
current. Is there an issue with explorer.exe and adware?
RL
<PABearMVP@gmail.com> wrote:
>legg wrote:
>>>>> Unexplained computer behavior may be caused by deceptive software (or
>>>>> your
>>>>> old box may be on its last "leggs" <w>).
>>>>> http://support.microsoft.com/kb/827315
>>>>
>>>> I'm aware of possible hardware problems, having dealt with many over
>>>> the years. I;m prepared to tackle any new ones that you may suggest.
>>>> The issue is obviously not thermal. It's not the graphics card or
>>>> power supply. The HDD is checked by internal and external utilities.
>>>> Once this issue is cleared up, it is due for ternary HDD back-up
>>>> rotation, which is my currnt method of disaster recovery.
>>>>
>>>> This issue seems to have something to do with the programs or OS of
>>>> this particulat hard drive - the OS in particular, if memory
>>>> management settings can change a crash into an apparently manageable
>>>> explorer fault. The system and hardware were characteristically stable
>>>> prior to the last series of problems.
>>>>
>>>> In any event, the OS has current NOD32 Avirus, hardware and software
>>>> firewalls, adaware and antitrojan utilities etc etc etc. Processes and
>>>> resources are monitored and unstressed at the time of explorer
>>>> faulting.
>>>>
>>>> Maintaining a working W98 system is required to maintain linked
>>>> resources of software and hardware that cannot be replaced. Other
>>>> systems are available to handle more current (downwardly incompatible)
>>>> software and hardware.
>>>
>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>> subscription current?
>>
>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>> also recent.
>>
>> The machine is connected through a NAT router and has a SW firewall
>> limiting/monitoring access to/from the outside world and maintaining
>> MD5 manifests for most processes that use these contacts.
>
>Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>
I've had no notice of potential incompatabilities. Subscription is
current for 4 systems, W98 through to XP.
>AFAIK, no currently-supported version of Ad-Aware is supported in Win98.
Right, and the last definitions for W98 were issued in mid'06. I guess
I just don't take the adware threat that seriously. The scan is
current. Is there an issue with explorer.exe and adware?
RL
-
- Posts: 117
- Joined: 01 Mar 2009, 00:00
Re: Explorer invalid page fault in and in Kernel32
legg wrote:
<snip>
>>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>>> subscription current?
>>>
>>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>>> also recent.
>>>
>>> The machine is connected through a NAT router and has a SW firewall
>>> limiting/monitoring access to/from the outside world and maintaining
>>> MD5 manifests for most processes that use these contacts.
>>
>> Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>>
> I've had no notice of potential incompatabilities. Subscription is
> current for 4 systems, W98 through to XP.
http://download.eset.com/manuals/Standa ... lGuide.pdf confirms that v2.x
is Win98-compatible.
>> AFAIK, no currently-supported version of Ad-Aware is supported in Win98.
>
> Right, and the last definitions for W98 were issued in mid'06. I guess
> I just don't take the adware threat that seriously. The scan is
> current. Is there an issue with explorer.exe and adware?
<pft> You're wasting your time scanning with such old definitions. Might
was well uninstall that version of Ad-Aware.
<snip>
>>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>>> subscription current?
>>>
>>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>>> also recent.
>>>
>>> The machine is connected through a NAT router and has a SW firewall
>>> limiting/monitoring access to/from the outside world and maintaining
>>> MD5 manifests for most processes that use these contacts.
>>
>> Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>>
> I've had no notice of potential incompatabilities. Subscription is
> current for 4 systems, W98 through to XP.
http://download.eset.com/manuals/Standa ... lGuide.pdf confirms that v2.x
is Win98-compatible.
>> AFAIK, no currently-supported version of Ad-Aware is supported in Win98.
>
> Right, and the last definitions for W98 were issued in mid'06. I guess
> I just don't take the adware threat that seriously. The scan is
> current. Is there an issue with explorer.exe and adware?
<pft> You're wasting your time scanning with such old definitions. Might
was well uninstall that version of Ad-Aware.
Re: Explorer invalid page fault in and in Kernel32
On Sat, 16 May 2009 15:53:58 -0400, "PA Bear [MS MVP]"
<PABearMVP@gmail.com> wrote:
>legg wrote:
><snip>
>>>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>>>> subscription current?
>>>>
>>>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>>>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>>>> also recent.
>>>>
>>>> The machine is connected through a NAT router and has a SW firewall
>>>> limiting/monitoring access to/from the outside world and maintaining
>>>> MD5 manifests for most processes that use these contacts.
>>>
>>> Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>>>
>> I've had no notice of potential incompatabilities. Subscription is
>> current for 4 systems, W98 through to XP.
>
>http://download.eset.com/manuals/Standa ... lGuide.pdf confirms that v2.x
>is Win98-compatible.
>
>>> AFAIK, no currently-supported version of Ad-Aware is supported in Win98.
>>
>> Right, and the last definitions for W98 were issued in mid'06. I guess
>> I just don't take the adware threat that seriously. The scan is
>> current. Is there an issue with explorer.exe and adware?
>
><pft> You're wasting your time scanning with such old definitions. Might
>was well uninstall that version of Ad-Aware.
Is adware an issue for explore.exe?
Is it not covered by NOD32 or HijackThis?
Are you recommending something as a replacement for use in W98 2Ed?
RL
<PABearMVP@gmail.com> wrote:
>legg wrote:
><snip>
>>>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>>>> subscription current?
>>>>
>>>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>>>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>>>> also recent.
>>>>
>>>> The machine is connected through a NAT router and has a SW firewall
>>>> limiting/monitoring access to/from the outside world and maintaining
>>>> MD5 manifests for most processes that use these contacts.
>>>
>>> Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>>>
>> I've had no notice of potential incompatabilities. Subscription is
>> current for 4 systems, W98 through to XP.
>
>http://download.eset.com/manuals/Standa ... lGuide.pdf confirms that v2.x
>is Win98-compatible.
>
>>> AFAIK, no currently-supported version of Ad-Aware is supported in Win98.
>>
>> Right, and the last definitions for W98 were issued in mid'06. I guess
>> I just don't take the adware threat that seriously. The scan is
>> current. Is there an issue with explorer.exe and adware?
>
><pft> You're wasting your time scanning with such old definitions. Might
>was well uninstall that version of Ad-Aware.
Is adware an issue for explore.exe?
Is it not covered by NOD32 or HijackThis?
Are you recommending something as a replacement for use in W98 2Ed?
RL
Re: Explorer invalid page fault in and in Kernel32
legg wrote:
>>
> I'm afraid I've never heard of these, and would need more than just
> one recommendation before considering using them. The NOD32 and other
> programs currently installed will have to do for the moment.
>
> I don't use IExplorer, though it is installed, unless I run across web
> sites that insist on no other. I'm not sure I have 'repair' capacity
> for the last rev installed by the last enforced MSupdate to ver.
> 6.0.2800.1106IC.
>
> RL
Don't blame you for being cautious. Actually, MBAM is just for Win2000 and
up so I don't believe it will work in 98SE, sorry.
Also, I really doubt that it is a malware causing your problem, but I
thought I would suggest in anyways.
These are the system requirements for SAS:
"SUPERAntiSpyware.com software is compatible with Windows 98, 98SE, ME,
2000, XP Home/Professional, 2003, and Vista.
SUPERAntiSpyware will work in 32-bit mode under 64-bit versions of Windows.
We will have native 64-bit drivers later this year.
Our software is not compatible with the Mac OS at this time."
Buffalo
>>
> I'm afraid I've never heard of these, and would need more than just
> one recommendation before considering using them. The NOD32 and other
> programs currently installed will have to do for the moment.
>
> I don't use IExplorer, though it is installed, unless I run across web
> sites that insist on no other. I'm not sure I have 'repair' capacity
> for the last rev installed by the last enforced MSupdate to ver.
> 6.0.2800.1106IC.
>
> RL
Don't blame you for being cautious. Actually, MBAM is just for Win2000 and
up so I don't believe it will work in 98SE, sorry.
Also, I really doubt that it is a malware causing your problem, but I
thought I would suggest in anyways.
These are the system requirements for SAS:
"SUPERAntiSpyware.com software is compatible with Windows 98, 98SE, ME,
2000, XP Home/Professional, 2003, and Vista.
SUPERAntiSpyware will work in 32-bit mode under 64-bit versions of Windows.
We will have native 64-bit drivers later this year.
Our software is not compatible with the Mac OS at this time."
Buffalo
-
- Posts: 117
- Joined: 01 Mar 2009, 00:00
Re: Explorer invalid page fault in and in Kernel32
legg wrote:
>> <snip>
>>>>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>>>>> subscription current?
>>>>>
>>>>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>>>>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>>>>> also recent.
>>>>>
>>>>> The machine is connected through a NAT router and has a SW firewall
>>>>> limiting/monitoring access to/from the outside world and maintaining
>>>>> MD5 manifests for most processes that use these contacts.
>>>>
>>>> Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>>>>
>>> I've had no notice of potential incompatabilities. Subscription is
>>> current for 4 systems, W98 through to XP.
>>
>> http://download.eset.com/manuals/Standa ... lGuide.pdf confirms that
>> v2.x is Win98-compatible.
>>
>>>> AFAIK, no currently-supported version of Ad-Aware is supported in
>>>> Win98.
>>>
>>> Right, and the last definitions for W98 were issued in mid'06. I guess
>>> I just don't take the adware threat that seriously. The scan is
>>> current. Is there an issue with explorer.exe and adware?
>>
>> <pft> You're wasting your time scanning with such old definitions.
>> Might
>> was well uninstall that version of Ad-Aware.
>
> Is adware an issue for explore.exe?
> Is it not covered by NOD32 or HijackThis?
> Are you recommending something as a replacement for use in W98 2Ed?
[I prefer to avoid the term 'adware' as too many people confuse it with
Ad-AwareT.]
EXPLORER.EXE = Windows Explorer, not Internet Explorer (IEXPLORE.EXE).
Hijackware infects the OS, not IE, and EXPLORER.EXE is part and parcel of
Windows and can be affected/compromised by hijackware, yes.
I'm sure you're aware that no critical security updates for Win4.x (AKA
Win9x; i.e., Win98 & WinME) machines have been released since June 2006 and
that all support for Win4.x ended in July 2006.
NOD32 v3.x and v4.x provide infinitely more robust and effective protection
than v2.x. AFAIK neither newer version is supported in Win4.x.
While HijackThis v2.0.2 can be used to scan Win9x machines, it's not very
useful. (Then again, Win9x doesn't include the infectable Services of
Win5.x and higher either.)
There are very few, if any, effective anti-spyware applications which are
supported in Win4.x.
*If* your Win98 box is infected, your best bet would be to format & do a
clean install. Don't even think of doing a Repair Install.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
>> <snip>
>>>>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>>>>> subscription current?
>>>>>
>>>>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>>>>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>>>>> also recent.
>>>>>
>>>>> The machine is connected through a NAT router and has a SW firewall
>>>>> limiting/monitoring access to/from the outside world and maintaining
>>>>> MD5 manifests for most processes that use these contacts.
>>>>
>>>> Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>>>>
>>> I've had no notice of potential incompatabilities. Subscription is
>>> current for 4 systems, W98 through to XP.
>>
>> http://download.eset.com/manuals/Standa ... lGuide.pdf confirms that
>> v2.x is Win98-compatible.
>>
>>>> AFAIK, no currently-supported version of Ad-Aware is supported in
>>>> Win98.
>>>
>>> Right, and the last definitions for W98 were issued in mid'06. I guess
>>> I just don't take the adware threat that seriously. The scan is
>>> current. Is there an issue with explorer.exe and adware?
>>
>> <pft> You're wasting your time scanning with such old definitions.
>> Might
>> was well uninstall that version of Ad-Aware.
>
> Is adware an issue for explore.exe?
> Is it not covered by NOD32 or HijackThis?
> Are you recommending something as a replacement for use in W98 2Ed?
[I prefer to avoid the term 'adware' as too many people confuse it with
Ad-AwareT.]
EXPLORER.EXE = Windows Explorer, not Internet Explorer (IEXPLORE.EXE).
Hijackware infects the OS, not IE, and EXPLORER.EXE is part and parcel of
Windows and can be affected/compromised by hijackware, yes.
I'm sure you're aware that no critical security updates for Win4.x (AKA
Win9x; i.e., Win98 & WinME) machines have been released since June 2006 and
that all support for Win4.x ended in July 2006.
NOD32 v3.x and v4.x provide infinitely more robust and effective protection
than v2.x. AFAIK neither newer version is supported in Win4.x.
While HijackThis v2.0.2 can be used to scan Win9x machines, it's not very
useful. (Then again, Win9x doesn't include the infectable Services of
Win5.x and higher either.)
There are very few, if any, effective anti-spyware applications which are
supported in Win4.x.
*If* your Win98 box is infected, your best bet would be to format & do a
clean install. Don't even think of doing a Repair Install.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
Re: Explorer invalid page fault in and in Kernel32
On Sat, 16 May 2009 17:18:03 -0400, "PA Bear [MS MVP]"
<PABearMVP@gmail.com> wrote:
>legg wrote:
>>> <snip>
>>>>>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>>>>>> subscription current?
>>>>>>
>>>>>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>>>>>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>>>>>> also recent.
>>>>>>
>>>>>> The machine is connected through a NAT router and has a SW firewall
>>>>>> limiting/monitoring access to/from the outside world and maintaining
>>>>>> MD5 manifests for most processes that use these contacts.
>>>>>
>>>>> Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>>>>>
>>>> I've had no notice of potential incompatabilities. Subscription is
>>>> current for 4 systems, W98 through to XP.
>>>
>>> http://download.eset.com/manuals/Standa ... lGuide.pdf confirms that
>>> v2.x is Win98-compatible.
>>>
>>>>> AFAIK, no currently-supported version of Ad-Aware is supported in
>>>>> Win98.
>>>>
>>>> Right, and the last definitions for W98 were issued in mid'06. I guess
>>>> I just don't take the adware threat that seriously. The scan is
>>>> current. Is there an issue with explorer.exe and adware?
>>>
>>> <pft> You're wasting your time scanning with such old definitions.
>>> Might
>>> was well uninstall that version of Ad-Aware.
>>
>> Is adware an issue for explore.exe?
>> Is it not covered by NOD32 or HijackThis?
>> Are you recommending something as a replacement for use in W98 2Ed?
>
>[I prefer to avoid the term 'adware' as too many people confuse it with
>Ad-AwareT.]
>
>EXPLORER.EXE = Windows Explorer, not Internet Explorer (IEXPLORE.EXE).
>
>Hijackware infects the OS, not IE, and EXPLORER.EXE is part and parcel of
>Windows and can be affected/compromised by hijackware, yes.
>
>I'm sure you're aware that no critical security updates for Win4.x (AKA
>Win9x; i.e., Win98 & WinME) machines have been released since June 2006 and
>that all support for Win4.x ended in July 2006.
>
>NOD32 v3.x and v4.x provide infinitely more robust and effective protection
>than v2.x. AFAIK neither newer version is supported in Win4.x.
>
>While HijackThis v2.0.2 can be used to scan Win9x machines, it's not very
>useful. (Then again, Win9x doesn't include the infectable Services of
>Win5.x and higher either.)
>
>There are very few, if any, effective anti-spyware applications which are
>supported in Win4.x.
>
>*If* your Win98 box is infected, your best bet would be to format & do a
>clean install. Don't even think of doing a Repair Install.
I have no evidence of infection. Are you suggesting that this is the
only possible source of explorer.exe misbehavior? Suggesting that W98
is indefensible, without offering more accurate info as to the issue
at hand seems a little diversionary.
As there is a W2K OS (with it's own protection software) on a second
hard disc of this dual boot system, could not this be used to police
the contents of the W98 system HDD?
Have you any comments on SFC finding files with their last-modified
date-stamps incremented by one hour?
This system will not be re-installed. The option is reversion to the
last working physical HDD back-up, with intervening work files being
transfered. Once working, this would produce the missing ternary
back-up in the corrupted sequence.
I'd like to address the actual issue. Bemoaning the state of W98, or
it's innevitable fate is not constructive at this time.
RL
<PABearMVP@gmail.com> wrote:
>legg wrote:
>>> <snip>
>>>>>>> What version of NOD32 is installed (e.g., v2.51.26 ) and is your
>>>>>>> subscription current?
>>>>>>
>>>>>> AV and trojan status is per NOD32 v2.70.32 (defns 4080) and Trojan
>>>>>> Remover 6.7.8. (database 7329). Adaware and HijackThis surveys are
>>>>>> also recent.
>>>>>>
>>>>>> The machine is connected through a NAT router and has a SW firewall
>>>>>> limiting/monitoring access to/from the outside world and maintaining
>>>>>> MD5 manifests for most processes that use these contacts.
>>>>>
>>>>> Is NOD32 v2.70.32 supported in Win98? Is your subscription current?
>>>>>
>>>> I've had no notice of potential incompatabilities. Subscription is
>>>> current for 4 systems, W98 through to XP.
>>>
>>> http://download.eset.com/manuals/Standa ... lGuide.pdf confirms that
>>> v2.x is Win98-compatible.
>>>
>>>>> AFAIK, no currently-supported version of Ad-Aware is supported in
>>>>> Win98.
>>>>
>>>> Right, and the last definitions for W98 were issued in mid'06. I guess
>>>> I just don't take the adware threat that seriously. The scan is
>>>> current. Is there an issue with explorer.exe and adware?
>>>
>>> <pft> You're wasting your time scanning with such old definitions.
>>> Might
>>> was well uninstall that version of Ad-Aware.
>>
>> Is adware an issue for explore.exe?
>> Is it not covered by NOD32 or HijackThis?
>> Are you recommending something as a replacement for use in W98 2Ed?
>
>[I prefer to avoid the term 'adware' as too many people confuse it with
>Ad-AwareT.]
>
>EXPLORER.EXE = Windows Explorer, not Internet Explorer (IEXPLORE.EXE).
>
>Hijackware infects the OS, not IE, and EXPLORER.EXE is part and parcel of
>Windows and can be affected/compromised by hijackware, yes.
>
>I'm sure you're aware that no critical security updates for Win4.x (AKA
>Win9x; i.e., Win98 & WinME) machines have been released since June 2006 and
>that all support for Win4.x ended in July 2006.
>
>NOD32 v3.x and v4.x provide infinitely more robust and effective protection
>than v2.x. AFAIK neither newer version is supported in Win4.x.
>
>While HijackThis v2.0.2 can be used to scan Win9x machines, it's not very
>useful. (Then again, Win9x doesn't include the infectable Services of
>Win5.x and higher either.)
>
>There are very few, if any, effective anti-spyware applications which are
>supported in Win4.x.
>
>*If* your Win98 box is infected, your best bet would be to format & do a
>clean install. Don't even think of doing a Repair Install.
I have no evidence of infection. Are you suggesting that this is the
only possible source of explorer.exe misbehavior? Suggesting that W98
is indefensible, without offering more accurate info as to the issue
at hand seems a little diversionary.
As there is a W2K OS (with it's own protection software) on a second
hard disc of this dual boot system, could not this be used to police
the contents of the W98 system HDD?
Have you any comments on SFC finding files with their last-modified
date-stamps incremented by one hour?
This system will not be re-installed. The option is reversion to the
last working physical HDD back-up, with intervening work files being
transfered. Once working, this would produce the missing ternary
back-up in the corrupted sequence.
I'd like to address the actual issue. Bemoaning the state of W98, or
it's innevitable fate is not constructive at this time.
RL
Re: Explorer invalid page fault in and in Kernel32
On Sat, 16 May 2009 13:33:47 -0600, "Buffalo" <Eric@nada.com.invalid>
wrote:
>
>
>legg wrote:
>>> On Sat, 16 May 2009 12:18:14 -0600, "Buffalo"
>>> <Eric@nada.com.invalid> wrote:
>>
>>>
>>>
>>>> legg wrote:
>>>> Recently I've been battling with Explorer invalid page faults in
>>>>
>>>> module <unknown> at 0096:xxxxxxxx
>>>> module kernel32.dll at 0197:bff9dc19 (recently)
>>>> 0197:bff7b9f5
>> <snip>
>>>> I've been avoiding file transfer in the W98 mode for real work by
>>>> using W2K to manipulated files on the W98 HDD, over the last few
>>>> days.
>>>>
>>>> Any suggestions from people still nursing a W98 system out there?
>>>>
>>>> RL
>>> I know this may sound a little strange, but try repairing IE. I know
>>> you're talking about Explorer and not IE, but IE can still do
>>> strange things to Explorer.
>>> I believe you can go into Add-Remove and select IE and then it will
>>> give you the choice to 'repair' IE.
>>> I think you can also do it through System Informations under the
>>> Tools tab. If you have time, try downloading, installing, updating
>>> and running the following two free programs:
>>> SAS (SuperAntiSpyware) http://www.superantispyware.com/download.html
>>> MBAM (MalwareBytes AntiMalware) caution, only dl it from the
>>> http://www.malwarebytes.org/ site. Reason being that some folks
>>> misspelled MalwareBytes or left a space between Malware and Bytes
>>> and got a spyware site with a malware download.
>>> If you decide to get rid of them, they both uninstall cleanly.
>>> And NO, they do not ask you to upgrade to the paid version to fix
>>> anything they find.
>>> The free versions of both will find and clean just as well as the
>>> paid versions, but the free versions are manual scan only, not
>>> real-time.
>>>
>>> Before running them. it helps to delete your temp files, your TIF
>>> files and cookies that you don't need to keep.
>>>
>> I'm afraid I've never heard of these, and would need more than just
>> one recommendation before considering using them. The NOD32 and other
>> programs currently installed will have to do for the moment.
>>
>> I don't use IExplorer, though it is installed, unless I run across web
>> sites that insist on no other. I'm not sure I have 'repair' capacity
>> for the last rev installed by the last enforced MSupdate to ver.
>> 6.0.2800.1106IC.
>>
>> RL
>
>Check in the anti-spyware and anti-virus ngs and you will find high
>recommendations for the two programs I mentioned.
>As far as repairing IE, you do have that option. Check in SI
>(Start,Programs,SystemTools,System Information and then click on the Tools
>tab.
And how do I know the repair will be current revision specific?
>Also, letting Windows handle your swap file is highly recommended. Check in
>the Ahuma recommendations.
What is Ahuma?
>Some say to set the same value for min and max to keep the page file from
>changing size.
Never heard that suggestion before. How could you do this ans allow
native management? Do you recommend one or the other, and why?
>
>Where ever you got the idea to make the max size twice the physical ram is
>most likely wrong.
>IE: You have 1GB of ram so now you are going to set the max at 2GB??
>I have 1GB of ram in my dual boot 98SE-2000Pro system and I barely use any
>of the actual page file.
This machine uses 512Mb, which is as big as I'm prepared to go without
futzing around with the system. The max size was set at 1.5 the phys
ram. Sorry for the mis-rememberance.
>If you want to keep the pagefile size down, try adding this line to your
>System.ini file under the (386Enh) header:
>ConservativeSwapFileUsage=1
>This basically makes the computer use all your physical ram before it will
>use the pagefile.
>Mnay gamers swore by this addition.
>If it possibly causes problems, just change the value to 0 instead of 1
>or delete (or put a ; in front of) the entry and save and
>reboot.
>To make a value in System.ini not recognized, just put a ; in front of
>that line.
>For instance, I think you should put a ; in front of all your entries
>under the (vcache) header and then reboot.
>(minfilecache,maxfilecache,chunksize)
>
>That way you don't have to remember the spelling or anything to change it
>back, just remove the ; and save and reboot and it will be back.
>Buffalo
>
I'm not a gamer. Heaviest resource users are still spice simulation,
printing/pdf generation, and drafting or PIC/FPGA file
manipulation/transfer.
Can you cite a reference for the recommended ConservativeSwapFileUsage
entry? There seems to be little but chat on the issue before 2004,
mainly concerned with new options available when using >=128M of ram.
Does it have relevance to explorer.exe invalid page fault behavior?
RL
wrote:
>
>
>legg wrote:
>>> On Sat, 16 May 2009 12:18:14 -0600, "Buffalo"
>>> <Eric@nada.com.invalid> wrote:
>>
>>>
>>>
>>>> legg wrote:
>>>> Recently I've been battling with Explorer invalid page faults in
>>>>
>>>> module <unknown> at 0096:xxxxxxxx
>>>> module kernel32.dll at 0197:bff9dc19 (recently)
>>>> 0197:bff7b9f5
>> <snip>
>>>> I've been avoiding file transfer in the W98 mode for real work by
>>>> using W2K to manipulated files on the W98 HDD, over the last few
>>>> days.
>>>>
>>>> Any suggestions from people still nursing a W98 system out there?
>>>>
>>>> RL
>>> I know this may sound a little strange, but try repairing IE. I know
>>> you're talking about Explorer and not IE, but IE can still do
>>> strange things to Explorer.
>>> I believe you can go into Add-Remove and select IE and then it will
>>> give you the choice to 'repair' IE.
>>> I think you can also do it through System Informations under the
>>> Tools tab. If you have time, try downloading, installing, updating
>>> and running the following two free programs:
>>> SAS (SuperAntiSpyware) http://www.superantispyware.com/download.html
>>> MBAM (MalwareBytes AntiMalware) caution, only dl it from the
>>> http://www.malwarebytes.org/ site. Reason being that some folks
>>> misspelled MalwareBytes or left a space between Malware and Bytes
>>> and got a spyware site with a malware download.
>>> If you decide to get rid of them, they both uninstall cleanly.
>>> And NO, they do not ask you to upgrade to the paid version to fix
>>> anything they find.
>>> The free versions of both will find and clean just as well as the
>>> paid versions, but the free versions are manual scan only, not
>>> real-time.
>>>
>>> Before running them. it helps to delete your temp files, your TIF
>>> files and cookies that you don't need to keep.
>>>
>> I'm afraid I've never heard of these, and would need more than just
>> one recommendation before considering using them. The NOD32 and other
>> programs currently installed will have to do for the moment.
>>
>> I don't use IExplorer, though it is installed, unless I run across web
>> sites that insist on no other. I'm not sure I have 'repair' capacity
>> for the last rev installed by the last enforced MSupdate to ver.
>> 6.0.2800.1106IC.
>>
>> RL
>
>Check in the anti-spyware and anti-virus ngs and you will find high
>recommendations for the two programs I mentioned.
>As far as repairing IE, you do have that option. Check in SI
>(Start,Programs,SystemTools,System Information and then click on the Tools
>tab.
And how do I know the repair will be current revision specific?
>Also, letting Windows handle your swap file is highly recommended. Check in
>the Ahuma recommendations.
What is Ahuma?
>Some say to set the same value for min and max to keep the page file from
>changing size.
Never heard that suggestion before. How could you do this ans allow
native management? Do you recommend one or the other, and why?
>
>Where ever you got the idea to make the max size twice the physical ram is
>most likely wrong.
>IE: You have 1GB of ram so now you are going to set the max at 2GB??
>I have 1GB of ram in my dual boot 98SE-2000Pro system and I barely use any
>of the actual page file.
This machine uses 512Mb, which is as big as I'm prepared to go without
futzing around with the system. The max size was set at 1.5 the phys
ram. Sorry for the mis-rememberance.
>If you want to keep the pagefile size down, try adding this line to your
>System.ini file under the (386Enh) header:
>ConservativeSwapFileUsage=1
>This basically makes the computer use all your physical ram before it will
>use the pagefile.
>Mnay gamers swore by this addition.
>If it possibly causes problems, just change the value to 0 instead of 1
>or delete (or put a ; in front of) the entry and save and
>reboot.
>To make a value in System.ini not recognized, just put a ; in front of
>that line.
>For instance, I think you should put a ; in front of all your entries
>under the (vcache) header and then reboot.
>(minfilecache,maxfilecache,chunksize)
>
>That way you don't have to remember the spelling or anything to change it
>back, just remove the ; and save and reboot and it will be back.
>Buffalo
>
I'm not a gamer. Heaviest resource users are still spice simulation,
printing/pdf generation, and drafting or PIC/FPGA file
manipulation/transfer.
Can you cite a reference for the recommended ConservativeSwapFileUsage
entry? There seems to be little but chat on the issue before 2004,
mainly concerned with new options available when using >=128M of ram.
Does it have relevance to explorer.exe invalid page fault behavior?
RL
Re: Explorer invalid page fault in and in Kernel32
legg wrote:
> On Sat, 16 May 2009 13:33:47 -0600, "Buffalo" <Eric@nada.com.invalid>
> wrote:
>
>>
>>
>> legg wrote:
>>>> On Sat, 16 May 2009 12:18:14 -0600, "Buffalo"
>>>> <Eric@nada.com.invalid> wrote:
>>>
>>>>
>>>>
>>>>> legg wrote:
>>>>> Recently I've been battling with Explorer invalid page faults in
>>>>>
>>>>> module <unknown> at 0096:xxxxxxxx
>>>>> module kernel32.dll at 0197:bff9dc19 (recently)
>>>>> 0197:bff7b9f5
>>> <snip>
>>>>> I've been avoiding file transfer in the W98 mode for real work by
>>>>> using W2K to manipulated files on the W98 HDD, over the last few
>>>>> days.
>>>>>
>>>>> Any suggestions from people still nursing a W98 system out there?
>>>>>
>>>>> RL
>>>> I know this may sound a little strange, but try repairing IE. I
>>>> know you're talking about Explorer and not IE, but IE can still do
>>>> strange things to Explorer.
>>>> I believe you can go into Add-Remove and select IE and then it will
>>>> give you the choice to 'repair' IE.
>>>> I think you can also do it through System Informations under the
>>>> Tools tab. If you have time, try downloading, installing, updating
>>>> and running the following two free programs:
>>>> SAS (SuperAntiSpyware)
>>>> http://www.superantispyware.com/download.html MBAM (MalwareBytes
>>>> AntiMalware) caution, only dl it from the
>>>> http://www.malwarebytes.org/ site. Reason being that some folks
>>>> misspelled MalwareBytes or left a space between Malware and Bytes
>>>> and got a spyware site with a malware download.
>>>> If you decide to get rid of them, they both uninstall cleanly.
>>>> And NO, they do not ask you to upgrade to the paid version to fix
>>>> anything they find.
>>>> The free versions of both will find and clean just as well as the
>>>> paid versions, but the free versions are manual scan only, not
>>>> real-time.
>>>>
>>>> Before running them. it helps to delete your temp files, your TIF
>>>> files and cookies that you don't need to keep.
>>>>
>>> I'm afraid I've never heard of these, and would need more than just
>>> one recommendation before considering using them. The NOD32 and
>>> other programs currently installed will have to do for the moment.
>>>
>>> I don't use IExplorer, though it is installed, unless I run across
>>> web sites that insist on no other. I'm not sure I have 'repair'
>>> capacity for the last rev installed by the last enforced MSupdate
>>> to ver.
>>> 6.0.2800.1106IC.
>>>
>>> RL
>>
>> Check in the anti-spyware and anti-virus ngs and you will find high
>> recommendations for the two programs I mentioned.
>> As far as repairing IE, you do have that option. Check in SI
>> (Start,Programs,SystemTools,System Information and then click on the
>> Tools tab.
>
> And how do I know the repair will be current revision specific?
I believe it is automatic. Perhaps research it.
>
>> Also, letting Windows handle your swap file is highly recommended.
>> Check in the Ahuma recommendations.
>
> What is Ahuma?
Sorry, should have been :Aumha
http://aumha.net/
>
>> Some say to set the same value for min and max to keep the page file
>> from changing size.
>
> Never heard that suggestion before. How could you do this ans allow
> native management? Do you recommend one or the other, and why?
This is if you do not let Windows handle it. Just some suggest it and say it
works.
I would sure let Windows handle it for awhile and then experiment more if
needed.
>>
>> Where ever you got the idea to make the max size twice the physical
>> ram is most likely wrong.
>> IE: You have 1GB of ram so now you are going to set the max at 2GB??
>> I have 1GB of ram in my dual boot 98SE-2000Pro system and I barely
>> use any of the actual page file.
>
> This machine uses 512Mb, which is as big as I'm prepared to go without
> futzing around with the system. The max size was set at 1.5 the phys
> ram. Sorry for the mis-rememberance.
I don't know what you mean by 'the machine uses 512MB. How much physical ram
do you have installed?
Is the max ram for that mb 512MB?
There is an line you should put in the System.ini system if you have MORE
than 512MB of physical ram.
It is maxfilecache=512000 (or 524288) and it goes under the [vcache]
header. Many Win98SE machines operate well on 1GB of physical ram, but run
into many problems with more than 1GB. I use 1GB and my 98 works great.
>
>> If you want to keep the pagefile size down, try adding this line to
>> your System.ini file under the (386Enh) header:
>> ConservativeSwapFileUsage=1
>> This basically makes the computer use all your physical ram before
>> it will use the pagefile.
>> Mnay gamers swore by this addition.
>> If it possibly causes problems, just change the value to 0 instead
>> of 1 or delete (or put a ; in front of) the entry and save and
>> reboot.
>> To make a value in System.ini not recognized, just put a ; in
>> front of that line.
>> For instance, I think you should put a ; in front of all your
>> entries under the (vcache) header and then reboot.
>> (minfilecache,maxfilecache,chunksize)
>>
>> That way you don't have to remember the spelling or anything to
>> change it back, just remove the ; and save and reboot and it will
>> be back. Buffalo
>>
> I'm not a gamer. Heaviest resource users are still spice simulation,
> printing/pdf generation, and drafting or PIC/FPGA file
> manipulation/transfer.
>
> Can you cite a reference for the recommended ConservativeSwapFileUsage
> entry?
Check here:
http://aumha.org/search.htm
If the page doesn't load correctly, just use the search functions and enter
virtual memory in Win98 .
It is well written and very informative. Great read!!
It was mainly given credence by gamers, but I did not notice any increase in
performance using it. I also noticed no negative effects while it was in
use. I still use it. While some of the Win98MVPs said it didn't work, they
were overwhelmed by gamers that swore it did.
.. There seems to be little but chat on the issue before 2004,
> mainly concerned with new options available when using >=128M of ram.
> Does it have relevance to explorer.exe invalid page fault behavior?
>
> RL
Buffalo
PS: Look into using SAS.
> On Sat, 16 May 2009 13:33:47 -0600, "Buffalo" <Eric@nada.com.invalid>
> wrote:
>
>>
>>
>> legg wrote:
>>>> On Sat, 16 May 2009 12:18:14 -0600, "Buffalo"
>>>> <Eric@nada.com.invalid> wrote:
>>>
>>>>
>>>>
>>>>> legg wrote:
>>>>> Recently I've been battling with Explorer invalid page faults in
>>>>>
>>>>> module <unknown> at 0096:xxxxxxxx
>>>>> module kernel32.dll at 0197:bff9dc19 (recently)
>>>>> 0197:bff7b9f5
>>> <snip>
>>>>> I've been avoiding file transfer in the W98 mode for real work by
>>>>> using W2K to manipulated files on the W98 HDD, over the last few
>>>>> days.
>>>>>
>>>>> Any suggestions from people still nursing a W98 system out there?
>>>>>
>>>>> RL
>>>> I know this may sound a little strange, but try repairing IE. I
>>>> know you're talking about Explorer and not IE, but IE can still do
>>>> strange things to Explorer.
>>>> I believe you can go into Add-Remove and select IE and then it will
>>>> give you the choice to 'repair' IE.
>>>> I think you can also do it through System Informations under the
>>>> Tools tab. If you have time, try downloading, installing, updating
>>>> and running the following two free programs:
>>>> SAS (SuperAntiSpyware)
>>>> http://www.superantispyware.com/download.html MBAM (MalwareBytes
>>>> AntiMalware) caution, only dl it from the
>>>> http://www.malwarebytes.org/ site. Reason being that some folks
>>>> misspelled MalwareBytes or left a space between Malware and Bytes
>>>> and got a spyware site with a malware download.
>>>> If you decide to get rid of them, they both uninstall cleanly.
>>>> And NO, they do not ask you to upgrade to the paid version to fix
>>>> anything they find.
>>>> The free versions of both will find and clean just as well as the
>>>> paid versions, but the free versions are manual scan only, not
>>>> real-time.
>>>>
>>>> Before running them. it helps to delete your temp files, your TIF
>>>> files and cookies that you don't need to keep.
>>>>
>>> I'm afraid I've never heard of these, and would need more than just
>>> one recommendation before considering using them. The NOD32 and
>>> other programs currently installed will have to do for the moment.
>>>
>>> I don't use IExplorer, though it is installed, unless I run across
>>> web sites that insist on no other. I'm not sure I have 'repair'
>>> capacity for the last rev installed by the last enforced MSupdate
>>> to ver.
>>> 6.0.2800.1106IC.
>>>
>>> RL
>>
>> Check in the anti-spyware and anti-virus ngs and you will find high
>> recommendations for the two programs I mentioned.
>> As far as repairing IE, you do have that option. Check in SI
>> (Start,Programs,SystemTools,System Information and then click on the
>> Tools tab.
>
> And how do I know the repair will be current revision specific?
I believe it is automatic. Perhaps research it.
>
>> Also, letting Windows handle your swap file is highly recommended.
>> Check in the Ahuma recommendations.
>
> What is Ahuma?
Sorry, should have been :Aumha
http://aumha.net/
>
>> Some say to set the same value for min and max to keep the page file
>> from changing size.
>
> Never heard that suggestion before. How could you do this ans allow
> native management? Do you recommend one or the other, and why?
This is if you do not let Windows handle it. Just some suggest it and say it
works.
I would sure let Windows handle it for awhile and then experiment more if
needed.
>>
>> Where ever you got the idea to make the max size twice the physical
>> ram is most likely wrong.
>> IE: You have 1GB of ram so now you are going to set the max at 2GB??
>> I have 1GB of ram in my dual boot 98SE-2000Pro system and I barely
>> use any of the actual page file.
>
> This machine uses 512Mb, which is as big as I'm prepared to go without
> futzing around with the system. The max size was set at 1.5 the phys
> ram. Sorry for the mis-rememberance.
I don't know what you mean by 'the machine uses 512MB. How much physical ram
do you have installed?
Is the max ram for that mb 512MB?
There is an line you should put in the System.ini system if you have MORE
than 512MB of physical ram.
It is maxfilecache=512000 (or 524288) and it goes under the [vcache]
header. Many Win98SE machines operate well on 1GB of physical ram, but run
into many problems with more than 1GB. I use 1GB and my 98 works great.
>
>> If you want to keep the pagefile size down, try adding this line to
>> your System.ini file under the (386Enh) header:
>> ConservativeSwapFileUsage=1
>> This basically makes the computer use all your physical ram before
>> it will use the pagefile.
>> Mnay gamers swore by this addition.
>> If it possibly causes problems, just change the value to 0 instead
>> of 1 or delete (or put a ; in front of) the entry and save and
>> reboot.
>> To make a value in System.ini not recognized, just put a ; in
>> front of that line.
>> For instance, I think you should put a ; in front of all your
>> entries under the (vcache) header and then reboot.
>> (minfilecache,maxfilecache,chunksize)
>>
>> That way you don't have to remember the spelling or anything to
>> change it back, just remove the ; and save and reboot and it will
>> be back. Buffalo
>>
> I'm not a gamer. Heaviest resource users are still spice simulation,
> printing/pdf generation, and drafting or PIC/FPGA file
> manipulation/transfer.
>
> Can you cite a reference for the recommended ConservativeSwapFileUsage
> entry?
Check here:
http://aumha.org/search.htm
If the page doesn't load correctly, just use the search functions and enter
virtual memory in Win98 .
It is well written and very informative. Great read!!
It was mainly given credence by gamers, but I did not notice any increase in
performance using it. I also noticed no negative effects while it was in
use. I still use it. While some of the Win98MVPs said it didn't work, they
were overwhelmed by gamers that swore it did.
.. There seems to be little but chat on the issue before 2004,
> mainly concerned with new options available when using >=128M of ram.
> Does it have relevance to explorer.exe invalid page fault behavior?
>
> RL
Buffalo
PS: Look into using SAS.
-
- Posts: 16
- Joined: 24 Mar 2009, 00:00
Re: Explorer invalid page fault in and in Kernel32
Protection in the W2k system will provide some facility for scanning files
used by W98, but the protection will be patchy, is not real time, and will
fail completely for some types of infection. There are many reasons for
the error you are seeing, but some form of infection is a very common cause,
and this seems like the most obvious place to start investigating
(especially after you have cleared some of the other possibilities).
The SFC time stamp issue is associated with daylight saving and is not
relevant.
--
Jeff Richards
MS MVP (Windows - Shell/User)
"legg" <legg@nospam.magma.ca> wrote in message
news:nccu05t0o5tpf1km99igi601a2c2e98rmr@4ax.com...
> On Sat, 16 May 2009 17:18:03 -0400, "PA Bear [MS MVP]"
> <PABearMVP@gmail.com> wrote:
>
>>legg wrote:
>>>> <snip>
>>>>>>>> <snip>
>
> I have no evidence of infection. Are you suggesting that this is the
> only possible source of explorer.exe misbehavior? Suggesting that W98
> is indefensible, without offering more accurate info as to the issue
> at hand seems a little diversionary.
>
> As there is a W2K OS (with it's own protection software) on a second
> hard disc of this dual boot system, could not this be used to police
> the contents of the W98 system HDD?
>
> Have you any comments on SFC finding files with their last-modified
> date-stamps incremented by one hour?
>
> This system will not be re-installed. The option is reversion to the
> last working physical HDD back-up, with intervening work files being
> transfered. Once working, this would produce the missing ternary
> back-up in the corrupted sequence.
>
> I'd like to address the actual issue. Bemoaning the state of W98, or
> it's innevitable fate is not constructive at this time.
>
> RL
used by W98, but the protection will be patchy, is not real time, and will
fail completely for some types of infection. There are many reasons for
the error you are seeing, but some form of infection is a very common cause,
and this seems like the most obvious place to start investigating
(especially after you have cleared some of the other possibilities).
The SFC time stamp issue is associated with daylight saving and is not
relevant.
--
Jeff Richards
MS MVP (Windows - Shell/User)
"legg" <legg@nospam.magma.ca> wrote in message
news:nccu05t0o5tpf1km99igi601a2c2e98rmr@4ax.com...
> On Sat, 16 May 2009 17:18:03 -0400, "PA Bear [MS MVP]"
> <PABearMVP@gmail.com> wrote:
>
>>legg wrote:
>>>> <snip>
>>>>>>>> <snip>
>
> I have no evidence of infection. Are you suggesting that this is the
> only possible source of explorer.exe misbehavior? Suggesting that W98
> is indefensible, without offering more accurate info as to the issue
> at hand seems a little diversionary.
>
> As there is a W2K OS (with it's own protection software) on a second
> hard disc of this dual boot system, could not this be used to police
> the contents of the W98 system HDD?
>
> Have you any comments on SFC finding files with their last-modified
> date-stamps incremented by one hour?
>
> This system will not be re-installed. The option is reversion to the
> last working physical HDD back-up, with intervening work files being
> transfered. Once working, this would produce the missing ternary
> back-up in the corrupted sequence.
>
> I'd like to address the actual issue. Bemoaning the state of W98, or
> it's innevitable fate is not constructive at this time.
>
> RL
Re: Explorer invalid page fault in and in Kernel32
On Sat, 16 May 2009 17:07:30 -0400, MEB <meb-not-here@hotmail.com>
wrote:
>legg wrote:
>> On Fri, 15 May 2009 22:11:41 -0400, MEB <meb-not-here@hotmail.com>
>> wrote:
>>
<snip>
>>> Did/do you have an %windir%/Options/CABS folder?
>>> That might {have} contained updated files from which to fix the issue
>>>from [though it may have been a registry error].
>>> You used CABS [from what versions?] which may have overwritten newer
>>> files from later updates or changed registry entries [or are not
>>> set-up/registered correctly].
>>
>> The cabs are from the W98 2Ed disc, stored on the HDD for easy access
>> (in two locations). Explorer.exe for W98 hasn't changed since April'99
>> (ver 4.72.3110.1).
>>
>> The only file restored so far was the explorer executable.
>
> Okay.. what was the actual FULL error?
The last two, being typical, follow:
**********************************************************************
Date 05/16/2009 Time 16:53
EXPLORER caused an invalid page fault in
module <unknown> at 0096:02ef29c0.
Registers:
EAX=00000000 CS=0197 EIP=02ef29c0 EFLGS=00010202
EBX=019efa8e SS=019f ESP=019efa40 EBP=019efa5c
ECX=03090ff4 DS=019f ESI=0000cab2 FS=3307
EDX=0000cace ES=019f EDI=019efa44 GS=253f
Bytes at CS:EIP:
Stack dump:
bff7363b 000006a0 0000001c 00000000 fffa1d8b ca8c0ff7 0000019f
019efa70 bff9443b 253fcab2 0000253f 00000000 bff719b8 0000caac
019eff88 bff7186d
**********************************************************************
Date 05/16/2009 Time 17:23
EXPLORER caused an invalid page fault in
module kernel32.dll at 0197:bff9dc19.
Registers:
EAX=c00309d0 CS=0197 EIP=bff9dc19 EFLGS=00010206
EBX=0158ff88 SS=019f ESP=0154fe60 EBP=015500fc
ECX=00000000 DS=019f ESI=0155024c FS=21b7
EDX=bff76855 ES=019f EDI=0158ff74 GS=0000
Bytes at CS:EIP:
53 8b 15 e4 dc fc bf 56 89 4d e4 57 89 4d dc 89
Stack dump:
<snip>
>Component Checker
>http://msdn.microsoft.com/en-us/library/ms810805.aspx
>
I'm not sure what you are suggesting I do with this "Microsoft Data
Access Component (MDAC) Installation" SDK article. It does appear to
include a Component Checker utility, according to a search of MSDN,
but what it would check and how it would be employed is amystery to
me.
I thought MDAC was vaguely related to IE5.
>>> 2. Run QFE to see if your updates are still found/shown as installed.
>>> Note potential issues.
>>
>> Running QFE on this machine simply opens the QFE folder window, with
>> the W98 folder.
>
> HMM, were all your updates from local network sources? Ah, wait, was
>there a plus sign next to the folder? If it didn't open AND you have sub
>folders then you likely have no errors. It also contains the ability to
>actually check for installed files verses the QFE updates [second tab].
No plus sign. Any updates were MS Update, on-line.
<snip>
>>> 4. Run Dependency Walker on the target issues [such as explorer] and
>>> other base applications to find whatever errors occur. You should be
>>> able to locate the files or errors in files causing the issues, for
>>> comparison with searched issues and file version information.
>>
>> Not heard of this, or ever seen it used. Will see what I can make of
>> it.
>
> Excellent tool for debugging 9X code issues in installed or to be
>installed programs/applications. You can *profile* a program OR
>installation/set-up application, and it will provide the various
>issues/problem/errors involved. Microsoft had recommend its use for 9X
>[32 bit] issues in older support articles.
>
>Dependency Walker
>http://www.dependencywalker.com/
>http://www.dependencywalker.com/faq.html
>
Depend shows two dlls missing that aren't normally in W98, userenv and
apphelp. Makes me wonder if this is usefull in W98.
It also suggests that shell32 and ole32 are "either missing one or
more export functions that are required by its parent module, (is) of
the wrong CPU type, or failed to load at runtime."
This means nothing to me.
>>
>>> These four check tools are invaluable for maintaining Win98.
>>>
>>> 5. If necessary, run regmon and/or *filemon* [from
>>> sysinternals/Microsoft Tech] and monitor for the actual failures.
>>> CAPTURE the error(s) and review those issues.
>>>
>> The RegMon98 I have loaded seems pretty useless without a license. The
>> only info supplied with the package is info on obtaining same.
>>
>> I'm fairly sure there are no 'obvious invalid' links in the registry.
>> These are checked whenever sw is installed or removed, using simple
>> Norton tools from the 90s. There's no knowing what dlls or executables
>> are actually trying to do, however.
>>
>> This system has MS ODBC and MS Visual C++ v5 installed, courtesy of my
>> (late) younger brother, who was the programmer in the family. There
>> are instances where I'm offered the opportunity to troubleshoot a
>> noted hiccough, but it's outside my area of expertise. Seeing ???
>> occurring with increasing periodicity in the second column of the
>> report means nothing to me. They are also incredibly long and hard to
>> navigate with the GUI, without knowing what you're looking for (or
>> trying to do.....).
>>
>> Frankly, I'm temperamentally alergic to SW above machine code and
>> assembler levels for PICs/FPGAs and often need my arm twisted to work
>> even there, if there's someone else around who's more inclined that
>> way. I'm hardware hardwired. There comes a point where knowing more
>> than you ever wanted to know or should have ever have needed to know
>> about PCs, just to keep the bastards running, becomes an absolute
>> farce.
>>
>> RL
>
> Understood. Not unusual for hardware techs to avoid software issues in
>commercial/business environments, one could get fired for messing around
>in areas you're not assigned to.
>
>** File Monitor [sysinternals - filemon] would likely be more useful, as
>it monitors individual file/memory issues.
>
> For a short explanation on usage:
>http://peoplescounsel.org/ref/gen/sys_diagnos.htm
> Once you get used to the *normal* running processes, clear the view
>and start actually monitoring. Heck you may actually locate the issue
>with the first run.
>
>Sysinternals:
>http://technet.microsoft.com/en-us/sysi ... fault.aspx
>
> Pick up autoruns [9X ver] while you're there, its another invaluable
>tool for checking all the auto started issues, and relationships. Be
>careful with this tool, it can kill a machine if you disable to much or
>the wrong items. It can also be used to delete items as well.
>
> Seems the other help is working on other potentials, maybe we can iron
>this out for you.
>
Quite frankly, I think I'm getting in over my head with these tools.
I may just try restoring some system files from a previous back-up
that don't show the corrupted date/time stamp (+1 hour).
RL
wrote:
>legg wrote:
>> On Fri, 15 May 2009 22:11:41 -0400, MEB <meb-not-here@hotmail.com>
>> wrote:
>>
<snip>
>>> Did/do you have an %windir%/Options/CABS folder?
>>> That might {have} contained updated files from which to fix the issue
>>>from [though it may have been a registry error].
>>> You used CABS [from what versions?] which may have overwritten newer
>>> files from later updates or changed registry entries [or are not
>>> set-up/registered correctly].
>>
>> The cabs are from the W98 2Ed disc, stored on the HDD for easy access
>> (in two locations). Explorer.exe for W98 hasn't changed since April'99
>> (ver 4.72.3110.1).
>>
>> The only file restored so far was the explorer executable.
>
> Okay.. what was the actual FULL error?
The last two, being typical, follow:
**********************************************************************
Date 05/16/2009 Time 16:53
EXPLORER caused an invalid page fault in
module <unknown> at 0096:02ef29c0.
Registers:
EAX=00000000 CS=0197 EIP=02ef29c0 EFLGS=00010202
EBX=019efa8e SS=019f ESP=019efa40 EBP=019efa5c
ECX=03090ff4 DS=019f ESI=0000cab2 FS=3307
EDX=0000cace ES=019f EDI=019efa44 GS=253f
Bytes at CS:EIP:
Stack dump:
bff7363b 000006a0 0000001c 00000000 fffa1d8b ca8c0ff7 0000019f
019efa70 bff9443b 253fcab2 0000253f 00000000 bff719b8 0000caac
019eff88 bff7186d
**********************************************************************
Date 05/16/2009 Time 17:23
EXPLORER caused an invalid page fault in
module kernel32.dll at 0197:bff9dc19.
Registers:
EAX=c00309d0 CS=0197 EIP=bff9dc19 EFLGS=00010206
EBX=0158ff88 SS=019f ESP=0154fe60 EBP=015500fc
ECX=00000000 DS=019f ESI=0155024c FS=21b7
EDX=bff76855 ES=019f EDI=0158ff74 GS=0000
Bytes at CS:EIP:
53 8b 15 e4 dc fc bf 56 89 4d e4 57 89 4d dc 89
Stack dump:
<snip>
>Component Checker
>http://msdn.microsoft.com/en-us/library/ms810805.aspx
>
I'm not sure what you are suggesting I do with this "Microsoft Data
Access Component (MDAC) Installation" SDK article. It does appear to
include a Component Checker utility, according to a search of MSDN,
but what it would check and how it would be employed is amystery to
me.
I thought MDAC was vaguely related to IE5.
>>> 2. Run QFE to see if your updates are still found/shown as installed.
>>> Note potential issues.
>>
>> Running QFE on this machine simply opens the QFE folder window, with
>> the W98 folder.
>
> HMM, were all your updates from local network sources? Ah, wait, was
>there a plus sign next to the folder? If it didn't open AND you have sub
>folders then you likely have no errors. It also contains the ability to
>actually check for installed files verses the QFE updates [second tab].
No plus sign. Any updates were MS Update, on-line.
<snip>
>>> 4. Run Dependency Walker on the target issues [such as explorer] and
>>> other base applications to find whatever errors occur. You should be
>>> able to locate the files or errors in files causing the issues, for
>>> comparison with searched issues and file version information.
>>
>> Not heard of this, or ever seen it used. Will see what I can make of
>> it.
>
> Excellent tool for debugging 9X code issues in installed or to be
>installed programs/applications. You can *profile* a program OR
>installation/set-up application, and it will provide the various
>issues/problem/errors involved. Microsoft had recommend its use for 9X
>[32 bit] issues in older support articles.
>
>Dependency Walker
>http://www.dependencywalker.com/
>http://www.dependencywalker.com/faq.html
>
Depend shows two dlls missing that aren't normally in W98, userenv and
apphelp. Makes me wonder if this is usefull in W98.
It also suggests that shell32 and ole32 are "either missing one or
more export functions that are required by its parent module, (is) of
the wrong CPU type, or failed to load at runtime."
This means nothing to me.
>>
>>> These four check tools are invaluable for maintaining Win98.
>>>
>>> 5. If necessary, run regmon and/or *filemon* [from
>>> sysinternals/Microsoft Tech] and monitor for the actual failures.
>>> CAPTURE the error(s) and review those issues.
>>>
>> The RegMon98 I have loaded seems pretty useless without a license. The
>> only info supplied with the package is info on obtaining same.
>>
>> I'm fairly sure there are no 'obvious invalid' links in the registry.
>> These are checked whenever sw is installed or removed, using simple
>> Norton tools from the 90s. There's no knowing what dlls or executables
>> are actually trying to do, however.
>>
>> This system has MS ODBC and MS Visual C++ v5 installed, courtesy of my
>> (late) younger brother, who was the programmer in the family. There
>> are instances where I'm offered the opportunity to troubleshoot a
>> noted hiccough, but it's outside my area of expertise. Seeing ???
>> occurring with increasing periodicity in the second column of the
>> report means nothing to me. They are also incredibly long and hard to
>> navigate with the GUI, without knowing what you're looking for (or
>> trying to do.....).
>>
>> Frankly, I'm temperamentally alergic to SW above machine code and
>> assembler levels for PICs/FPGAs and often need my arm twisted to work
>> even there, if there's someone else around who's more inclined that
>> way. I'm hardware hardwired. There comes a point where knowing more
>> than you ever wanted to know or should have ever have needed to know
>> about PCs, just to keep the bastards running, becomes an absolute
>> farce.
>>
>> RL
>
> Understood. Not unusual for hardware techs to avoid software issues in
>commercial/business environments, one could get fired for messing around
>in areas you're not assigned to.
>
>** File Monitor [sysinternals - filemon] would likely be more useful, as
>it monitors individual file/memory issues.
>
> For a short explanation on usage:
>http://peoplescounsel.org/ref/gen/sys_diagnos.htm
> Once you get used to the *normal* running processes, clear the view
>and start actually monitoring. Heck you may actually locate the issue
>with the first run.
>
>Sysinternals:
>http://technet.microsoft.com/en-us/sysi ... fault.aspx
>
> Pick up autoruns [9X ver] while you're there, its another invaluable
>tool for checking all the auto started issues, and relationships. Be
>careful with this tool, it can kill a machine if you disable to much or
>the wrong items. It can also be used to delete items as well.
>
> Seems the other help is working on other potentials, maybe we can iron
>this out for you.
>
Quite frankly, I think I'm getting in over my head with these tools.
I may just try restoring some system files from a previous back-up
that don't show the corrupted date/time stamp (+1 hour).
RL
Re: Explorer invalid page fault in and in Kernel32
On Sun, 17 May 2009 09:06:38 +1000, "Jeff Richards"
<JRichards@msn.com.au> wrote:
>Protection in the W2k system will provide some facility for scanning files
>used by W98, but the protection will be patchy, is not real time, and will
>fail completely for some types of infection. There are many reasons for
>the error you are seeing, but some form of infection is a very common cause,
>and this seems like the most obvious place to start investigating
>(especially after you have cleared some of the other possibilities).
>
>The SFC time stamp issue is associated with daylight saving and is not
>relevant.
Most curious.
You mean that date/time stamps vary, after being set some many years
ago, due to current operating system time settings? That SFC will
detect variations one day after seasonal time adjustments are made,
but not the day before?
I find that very hard to believe.
RL
<JRichards@msn.com.au> wrote:
>Protection in the W2k system will provide some facility for scanning files
>used by W98, but the protection will be patchy, is not real time, and will
>fail completely for some types of infection. There are many reasons for
>the error you are seeing, but some form of infection is a very common cause,
>and this seems like the most obvious place to start investigating
>(especially after you have cleared some of the other possibilities).
>
>The SFC time stamp issue is associated with daylight saving and is not
>relevant.
Most curious.
You mean that date/time stamps vary, after being set some many years
ago, due to current operating system time settings? That SFC will
detect variations one day after seasonal time adjustments are made,
but not the day before?
I find that very hard to believe.
RL