I ended up having to take the inlaws compaq home with me to try to fix it, as there is buku problems. First off there is a dialer trojan horse which AVG picked up, problem is that the file is in c:\_restore path and that whole folder is in use when the os is up and running, so the horsey can't be removed. The problem is further implicated with rundll32 being loaded up to 3 or 4 times during windows boot in safe mode as well. I can not gain access into the system folder in control panel (it just won't load), nor add remove programs. I really need to do so, since that is the only way i can disable the restore function and thus be able to delete the viri within the restore folder. I tried running norton AV from cd, which took several hours, but did not pick up the trojan. Is there a way i can run a dos proggie virus scanner which will delete the horse, plus is free? There also is no IE access as it comes up with a kernal error, whenever trying to access out. Ive also ran spybot and adaware, along with Norton utils to try to fix some of the bugs, but no avail...

I think F-Prot can run from a floppy: take a look over at http://www.f-prot.com/

I don't have that program myself, but I see it recommended a lot.

The multiple entries for Rundll32 could point to more than just one worm. Might be one or more of the Lovegate type. Since I don't have F-Prot, I'm not sure if they have an anti-worm/trojan/spyware component in their scanner or not. Maybe another tech will know, or you might find that info on the F-Prot website.

Seems like if you can boot into normal mode at all, you should be able to disable System Restore from there.
--Right-click on the 'My Computer' icon, and click properties
--Click the performances tab
--Click the file system button
--Click the repair tab and check the 'Disable System Restore' checkbox
[apologies if you've tried this already: if so, what error or behavior keeps it from working?]

If you can still install a program, try downloading SpyBot Search&Destroy or Lavasoft's AdAware [probably on another computer, then burn it to CD] = then install and run one of those.

Best of luck
. . . Gary

"bump" havn't had time to run fprot, would like just to hose the hard drive but the problem being that its a comcrap and I don't have the orig restore disks, but i may revert to loading WIN 98 SE on...i Do have a copy of XP but the comp won't run it, and Id kinda like to save whats on the HDD but I'm out of ideas...

You can slave it in another computer [that has an up-to-date anti-virus scanner & anti-spyware scanner], scan it, clean it, [even delete the Restore partition from there if you'd like] and then try it back in the original box if you'd like.

Should that not work, you could back up the data using that other computer.

Then you'd have to decide how to go from there. If your inlaws have the Restore Cds, they can use those [even if they don't have them, Compaq can send them another copy for around $20 (USD)]. Or you can try the Win98se, but you'd lose the Compaq software bundle - you'd definitely want to check and see if that's OK with the family or not.
. . . Gary

I did what you said and slaved the drive and used Norton to clean it up...only had 60 some trojans, so its running a little cleaner, but I still have a problem with a webdialer loading into rundll32 and that causes some lockups, and still won't let me into IE or any of the control panel options, which is getting aggrevating, can't find this webdialer anywhere on the hdd even scanned through the registry and didn't come up with anything, also ran Spybot and Adaware, and it did not pick it up. Kazaa was installed on this computer, I know its slew full of spyware, and i'm not sure if all of the components are gone, and there was also several versions of AOhell installed as well, which were promptly deleted. Thx

Were you able to delete the Restore folder? If AVG or Norton were able to identify the dialer & it's location, perhaps you could delete both it and rundll32, and restore a clean rundll32 from an installation disk using the System File Checker [check the box "extract one file from disk"] . . . Of course, if the drive will boot back in it's original box, try to disable System Restore as in the steps in the earlier post. And clean every Temp file you can find: then you can try AVG on it again . . .

Or a last-ditch try to eradicate that might be CWShredder. I see it recommended a lot, but I haven't had the chance to try it yet. Some members have reported it helping with some things the other two (Lavasoft & Spybot) didn't catch.

The other option is simply to back up what you can [scanning those as much as possible to make sure they're clean], then wipe the disk and start over with either Recovery or fresh installation, depending on their preferences and what disks you have available. As I mentioned before, Compaq usually still has Recovery disks available somewhere in that reasonable $20 (USD) range.

If anyone you know has a WinMe disk, you could borrow it & try an over-the-top reinstall. This is assuming you first were able to get rid of the dialer. As long as the computer retains the original product key [which it does in an over-the-top], it's perfectly legal to use another disk to repair it. Here's an over-the-top guide http://forum.pcmech.com/showthread.php?s=&threadid=70846 The main reason to use an over-the-top would be to restore a functional Control Panel and IE.

KaZaa certainly helps support sales of headache medicine.
Let's hope this one is easily curable!
. . . Gary

Hey all, need a little more help, have IE running, ended up having to delete rundll32.exe as it was corrupt, gary there is no SFC in ME unfortunately, and I placed an XP rundll32 into the C:\windows directory, and that did not do the fix, as before i did so It was looking for rundll32.exe but I deleted it. Since I replaced it, it is now giving me an invalid path name number yadda yadda and I still can not access those paths in control panel. Any other suggestions as to where I can obtain the proper rundll32 file. I can not get a hold of a copy of ME until next week to run the repair, so the PC is functional for them now, until I can get out there to tweek things up so it is 100% functional.

Never mind gary, I found a copy in the cabs folder, everything is back to normal with out having to do a format and reinstall, although its been one hell of a pain in the ass....I just hope their kids don't manage to download all of that garbage again, because next time I'm not going to be so eager to help.
Thanks for everything, Mike

. . . I imagine they appreciate all your hard work!

. . . Gary