Multibooter

I have several external USB enclosures with special-purpose CD burners, which are like precious old wine, I don't want to use them on a regular basis. Being in an external enclosure, I can connect them to any of my computers, if needs be. For example, one of these old burners has a 10x better error correction than current CD/DVD burners and can read badly damaged CDs, which is very useful for archiving old CDs. In general yes, for 1.44MB format. For other formats there are differences, some floppy drives for example, can handle 720kB formats, others can't. Just like a few CD burners can handle Mount Ranier format, most can't. The internal UJ-815 burner in my 10-year-old laptop can only handle 1x DVD-RAM media, but such media is not available anymore, only 2-4x media.

Make sure you can return the burner, in case it didn't work. Nero v6.6.0.13 under Win98 should work with DL.

You're right. I guess mdgx never got around to do it. "Each Fix above copies... into %windir% ...and renames (backs up) your original file from %windir% (if any) to EXPLORER.ORI , used by Uninstall (see below) to restore original file." http://www.mdgx.com/files/EXPLOR9X.TXTI have to correct my preceding posting #77, the disappearance of the context menu entries of Quick View Plus 10 was caused by my restoring some wrong files after the Tenga infection, not by installing IE6 SP1 or a different version of explorer.exe. I re-installed Quick View Plus 10 under Win98 and the context menu entries for Quick View were back again, Quick View works fine now. BTW, Quick View Plus 10 is a great tool for Win98. I have it integrated under Win98 with WinRAR, UltraISO, Total Commander and Beyond Compare. To view a .docx file, or many other file types, inside a .rar archive, I just double-click on the .rar, and then double-click on the .docx file in the opened WinRAR window, and a Quick View window opens up, displaying the .docx (or .pdf, .ppt etc) file. When I double-click on a .htm file inside the .rar archive, the .htm file gets displayed inside a Quick View Plus window - inside Firefox. Just amazing, under Win98. Under Beyond Compare I have created 2 context menu entries, Quick View and Quick Print, so that I can print, for example, a .docx file in the Beyond Compare window. In my particular setup, Quick View doesn't print directly to the printer, but first to FinePrint, where I can preview and select the pages to be printed. Under Quick Print I could also send it to the Acrobat PDFWriter and convert the .docx to .pdf, under Win98 ... By using Quick View instead of MS Office to view documents, one is much less vulnerable to malware. The acute phase of my Tenga infection started 6 weeks ago when I was in a rush and double-clicked on a .doc file instead of opening it with Quick View. The Tenga-infected file was sleeping inside of Office for about 8 months, and it woke up when I used MS Office by mistake. I wasn't able to get Quick View 10 to work with WinImage v8.1. When I double-click on a file in the WinImage window, only a blank Quick View window opens up, apparently the file name is not passed thru to Quick View. What parameters should I add under WinImage to the Viewer path specified in -> Settings -> General? With Beyond Compare I use for example H:\QuickView\PROGRAM\qvp32.exe %f

While I was repairing my computer from an infection with Tenga.a (see this topic http://www.msfn.org/board/infection-tengaa-virus-t142726.html ) I had installed Avast under WinXP. The main reason for selecting Avast was that about 13 years ago, when I was more knowledgeable about this subject, Avast was very good at detecting hard-to-detect viruses. Avast was then kind of complementary to Kaspersky, which I am using now under Win98. After having used Avast for a while under WinXP to find out how this Tenga.a infection came about, I can confirm that Avast is still complementary to Kaspersky and a good second choice. But Avast, in contrast to Kaspersky, gives a lot of false positives. When Kaspersky identifies something as a virus, it most likely is one. Kaspersky still updates fine under Win98, but the difficulty is how to buy a valid key for the version 6 which runs under Win98. Using a virus scanner in a problematic case like the Tenga.a infection could be compared to using a "telephone joker" in the game "Who wants to be a millionaire": there is a good chance that the opinion is right, and a good chance that the opinion is wrong. At www.virustotal.com you can submit suspicous files, and they get checked by 40+ virus checkers. But what do you do if 20 virus checkers say that the file is infected, and 20 say that the file is good?

Yes. If the external USB burner has a PATA burner inside, it should work under Win98 if you have nusb installed. If the external burner comes with a SATA burner inside I don't know, you may need a manufacturer-provided Win98 driver.I would prefer buying an empty external USB burner enclosure plus any internal PATA burner of your choice, so if your next burner dies, you just replace it inside the same enclosure. But empty USB enclosures for burners are not that easy to find in stores, Fry's in California didn't have any 3 months ago, but you can find them at ebay. I got my USB burner enclosures years ago, stackable, with a built-in fan, 110/220V external power supply, power switch, audio connectors and a Win98 driver. They were no-name from China, but used the same Genesys Win98 driver as my 3.5" and 5.25" Adaptec HDD enclosures.

Most likely any off-the-shelf internal PATA burner will work with Win98, even if the box states WinXP as system requirement. Maybe you can get one at a store, not thru the mail, so you can return it more easily if it doesn't work.Buying a burner is mainly a matter of luck, what is important is not tested in the reviews: top burn quality with a few selected brands of media, the ability to burn at a reasonable quality many different brands of media and the ability to read damaged/low quality old media. But these 3 qualities don't come together. I have 4 stacked external USB burners, each marked differently: "good reader", "good burner", "burns everything" and a special purpose "good CD reader". I am content with NEC, LG and LiteOn burners. BTW, I have a SATA and a PATA burner inside of my dual-core desktop running Win98SE, but I prefer PATA burners mainly because I can use them inside the desktop and inside my USB PATA enclosures. Eventually I will have to get switchable external PATA/SATA USB/eSATA enclosures, but there are not that many with Win98 drivers. It is time to stock up on PATA burners, they seem to get scarcer on the shelves. 750GB PATA HDDs, for example, now cost MUCH MORE at ebay than what I paid for in the store 2 years ago (maybe $130 a piece) http://cgi.ebay.com/ST3750640A-RK-SEAGATE-750GB-7200RPM-PATA-IDE-16MB-FAC_W0QQitemZ130380658913QQcmdZViewItemQQptZLH_DefaultDomain_0?hash=item1e5b4af8e1.

I view burners not as durables, but as consumables. I had already several burners which just died after burning maybe 200 DVDs. Only the USB enclosures of my burners are real durables.Given that your burner does work sometimes under Win98 I would exclude hardware incompatibility with Win98 as the cause of your problem. I would defrag the HDD, run ScanDisk, change the cable and try it under WinXP. If the intermittent problems still continue, I would then buy another burner.

I had no issues under Win98 with an internal LiteOn PATA burner I bought off the shelf at Fry's 4 months ago. My initial guess would be that your burning software, not your hardware, has a compatibility problem under Win98.I am burning CDs/DVDs always under WinXP, not under Win98, it gives me a better burn quality, especially with my 10-year-old 750MHz laptop, for which I use burners in external USB enclosures. I am also using the slowest burning speed possible for a particular media (usually 2x with DVDs), and only media which that specific burner can burn well, as identified afterwards by Nero CD-DVD Speed. Media made in Japan is usually good, but it's always the combo media+burner which is important. About 30% of my DVD burns with my slow laptop are "coasters", i.e. Nero CD-DVD Speed indicates a burn quality of less than 95; my desired target is 97-98.

Tenga hasn't come back up to now, after a thorough house-cleaning. Eventually I'll list here all the steps I have taken. With the "Unofficial Windows 98 SE 256 Colors Icons Explorer EXPLORER 4.72.3612.1710 Fix" by mdgx I am having a little problem with the installer under Win98SE: the Uninstall doesn't work for me. Although the installer Explor98.exe by mdgx updates Ok from the explorer.exe version of nusb, no entry is made in the Add/Remove list. I do like the new My Computer icon of the mdgx-installer better than the previous icon, but how could I get the old icons back? Also, the context menu entries for Quick View v10, which seems to be deeply integrated with Windows explorer, have disappeared after the installation of the mdgx-explorer.exe, but this may also have been caused by my test-installation of Internet Explorer 6 SP1. All other context menu entries, like that of Kaspersky Anti-Virus, are Ok. Previously I had installed the mdgx-explorer.exe by just replacing explorer.exe while in another operating system. CORRECTION: The context menu entries of Quick View did not disappear because of a different explorer.exe or IE SP1. See posting #79

I assume that a "recent" USB Composite Device is a device for which there is no manufacturer-provided Win98 driver. BTW, could you explain very briefly what a Composite Device is, I am not quite sure. I thought it was kind of an internal USB hub, built into the box, under the hood. I am using an HP2605dn Color LaserJet printer, which has a USB connector and an Ethernet connector. On both my laptop and desktop I have installed first the OrangeWare driver, then NUSB 3.3, without uninstalling the OrangeWare driver, so both drivers co-exist. When I installed the HP2605dn printer under Win98SE, it first detected a USB Composite Device and the location of the USB 2.0 driver was \INF\OEM0.INF [=the OrangeWare driver, ousb2.INF]. \INF\USB.INF was used only when I installed the printer at the USB 1.1 connector of my old laptop.The HP2605dn is the only Composite Device I use (except for a special foreign language USB keyboard). It works fine, but it was a big can of worms to install under Win98SE. The HP2605dn has manufacturer-provided drivers for Win98SE, your KVM switch probably doesn't. Congratulations that you got it to work under 98SE2ME anyway. I use NUSB as a driver for USB mass storage devices, not as a driver for a USB hub. Expanding the functionality of nusb to more USB devices would be a great next step.

IE4.01 SP2 can be downloaded here http://browsers.evolt.org/download.php?/ie/win32/4.01-sp2/ie401sp2.exeThe explorer.exe in it is has the same time header stamp as mdgx-explorer.exe, 2/8/1999. I made a little test with this special build of explorer.exe for IE4, and as I had suspected, it has a perceptibly less severe sluggish-file-delete problem than the other versions of explorer.exe for Win98SE. This is a very interesting finding.

I've tried the MiTeC EXE Explorer http://www.mitec.cz/Downloads/EXE.zip you mentioned there, it is an excellent tool for finding header time stamps. I have tried to find where the explorer.exe build 1710 of mdgx comes from, it has a header time stamp of 2/8/99, in contrast to explorer.exe in IE55SP2 and nusb, which have a header time stamp 1/30/99. i found some info here http://www.msfn.org/board/beta-t61749-pid-686070.html/page__view__findpost__p__686070 I modded this one, Gape. explorer.exe build 1710 is no different from 1700 except for very minor tweaks that I'll keep quiet about. but when I looked into the installation source of IE6 SP1, I couldn't find an explorer.exe in it. The MyComputer icon in mdgx-explorer.exe looks like from Win2k. Any idea where erpdude8 got this version of build 1700 from, with the later header time stamp 2/8/99? BTW, finding a full installation source of IE6 SP1 isn't that easy, I found one on my Tenga-infected 1TB USB HDD, as a backup iso image of the original Norton SystemWorks 2005 CD. I have on my main laptop IE6 6.00.2600.0000 of 20-Aug-2001, and have test-installed IE6 SP1. msfn.org seems to load under SP1 substantially slower than under the initial release of IE6. The 2 byte difference is the system tray bit-depth fix. That's also why the safely remove hardware tray icon is darker for you since you reverted. Thanks Queue. BTW, I was only checking on explorer.exe because StartUp Organizer had identified a vulnerability on my system: I had in the startup info just "explorer.exe", without a path to its location in \Windows\. As one of the many precautionary measures I have taken against Tenga was to have StartUp Organizer check every 10 seconds for modifications to my startup entries. This nagged me a little during the test-installation of IE6 SP1, but that's Ok.

No, I wasn't lucky and I probably didn't identify the cause. Ten minutes after I posted the previous posting (5 days ago), Tenga was back. This was my 3rd infection with Tenga.Since then I have restored the HDD from a .gho forensic backup, and taken all safety precautions I could think of. Tenga hasn't come back since. I cannot exclude the possibility that the 3rd infection was caused by a handling error while I had the 2 HDDs with still-Tenga-infected stuff connected to my laptop. It's still an unresolved puzzle how binder.exe and findfast.exe were infected in July 2009, and why Tenga was sleeping for half a year. The clean findfast.exe cannot have contributed to this infection #3 because I had it renamed on the restored .gho image, just in case. But I think that the most likely cause of the 3rd infection was unidentified malware on the supposedly clean .gho backup. I have the feeling that there is an invisible tank somewhere doing target practice at my laptop, with Tenga being the shell. I have installed a 2nd virus checker, Avast, on another operating system, but no major findings, probably all false positives. When I searched the Internet for experiences with Tenga, I didn't find any useful recipe for recovering from a Tenga infection, except for formating the HDD and re-installing everything from original installation CDs. I assume the anti-virus people don't know yet how the infection really starts, because people having a Tenga infection reformat their HDDs, thereby wiping its origin. I am not posting all the measures I have taken, it would take just too long, I have probably been just barking up the wrong tree in most cases. I am only posting measures where I have open questions. Question 1: Does nusb install a more vulnerable version of explorer.exe? The software and setup of my dedicated eMule computer is very similar to that of my main laptop; both laptops are identical models, Inspiron 7500. The dedicated eMule computer, however, contains an earlier version of the stuff on my main laptop and uses manufacturer-provided USB drivers, while my main laptop contains nusb v3.3. I had installed nusb3e on my main laptop on 20-Jun-2010. The unnoticed infection of binder.exe and findfast.exe on my main laptop occurred on 21-Jul-2010. Again, binder.exe and findfast.exe on my non-nusb laptop were not infected. BTW the dedicated eMule laptop is used only very rarely for browsing the Internet, it is used nearly exclusively for eMule, as a print server and for transferring downloaded files in a peer-to-peer network. The reason for using a dedicated computer for eMule is to obtain a long uptime (e.g. 7+ days under full load), without system hangs caused by other applications. Given that the dedicated eMule computer was not Tenga-infected, I would exclude the possibility that the Tenga-infection is related to a vulnerability of the eMule software. When I checked the files installed by nusb3e, I noticed 2 puzzling things: a) 2 bytes of explorer.exe installed by nusb3e differ from explorer.exe in the digitally signed ie4shl95.cab in MS Internet Explorer v5.5 SP1 and SP2. Why? b ) Why does nusb3e replace Explorer.exe v4.72.3110.1 of 4/23/99, which came with Win98SE, with an older and smaller Explorer.exe v4.72.3612.1700 of 1/29/99? There is an apparent inconsistency between the build numbers and the modification dates of explorer.exe. I suspect (please correct me if I am wrong) that the more current version in this case is indicated by the later modification date, NOT by the higher build number. Explorer.exe of Win98FE [version of 24-Nov-1998], for example, has the same size and build number as that of Win98SE, but is different, only the modification date of 5/11/98 indicates that it is an earlier version. Did MS release different versions of IE5.5 for different operating systems, with Explorer.exe v4.72.3612.1900 possibly intended for Win95 systems, not for Win98 systems? One version of IE5.5 in my archive, apparently for WinME, does not include ie4shl95.cab. See also http://www.msfn.org/board/maximus-decim-native-drivers-t43605-pid-787828.html/page__view__findpost__p__787828 Could it be that MS has removed vulnerabilities from the Explorer.exe of Win98SE, which still exist in the Explorer.exe released with IE4 and which is used by nusb, assuming the 2-byte-difference is not important? Could this explain why the nusb-system was infected, but not the non-nusb system? BTW, the name "ie4shl95.cab" of the archive containing explorer.exe used by nusb, implies that this version of explorer.exe was originally made for Win95. I have currently replaced on my main laptop the 3 instances of nusb-explorer.exe with Win98SE-explorer.exe in the locations \Windows\Explorer.exe, \Windows\\Options\Cabs\explorer.exe and \Windows\Explorer.sav. But I am not sure whether this precautionary measures is useful, or whether I am barking up the wrong tree. My main laptop has been running nusb with the Win98SE-explorer.exe for the past 24 hours, the Safely-remove icon in the system tray is of a slightly darker green, and Windows Explorer seems to be slightly slower. I have not encountered any problems yet with Win98SE-explorer.exe under nusb3 when connecting and re-connecting USB devices. ADDENDUM: I have just tried out mdgx's modification of Explorer.exe http://www.mdgx.com/files/EXPLORER.EXE (displays "Windows 98 Second Edition" when pressing the Start button, also the My Computer icon looks different, more info at http://www.mdgx.com/files/explor9x.php, installer at http://www.mdgx.com/files/EXPLOR98.EXE ). On the first look it seems to work fine with nusb, also with WinBoost v4.60. BTW, after I had replaced the nusb-explorer.exe with the Win98SE-explorer.exe, WinBoost wouldn't come up anymore, it gave an error msg when loading, strange, but no major problem, I haven't used it for a long time and might uninstall it.

I'd like to keep the swap files, but with zeroed out content. BTW, when you have multiple operating systems on your computer, you can delete index.dat etc of the other non-active operating systems (if the current opsys can access the files of those other operating systems).

Is there a utility which zeroes out Win98 and WinXP swapfiles, similar to sdelete, leaving zeroed out but functioning swapfiles? This could reduce the size of compressed disk/partition images containing swapfiles, besides deleting bad stuff, such as spyware or infected files. No idea whether a computer could get infected via the content of a swapfile.

\WINDOWS\UserData\ contains an index.dat file, so you are trying to interfere with stuff put there by Microsoft for some purpose. Could it have something to do with US agencies? "Remember earlier we talked briefly about a computer forensics expert being able to retrieve data regarding everywhere a computer has been on the Internet? The key to this is the index.dat files. These files are mini-databases cataloging the contents of directories relating to your Internet behavior. Your search queries, cookies, web history and other peculiar items are recorded in these files. You can easily delete the contents of Internet Explorer directories (history, cookies, temporary files), but you cannot easily delete the index.dat files that record their contents. Interestingly enough, it seems that Microsoft does not want you to play with these index files, so if you attempt to access or display them, access will be denied" http://www.5starsupport.com/tutorial/windows-data-security.htm Maybe this helps: http://support.it-mate.co.uk/?mode=Products&p=index.datsuite

Hi herbalist,I guess I was lucky. I am making this posting now from the formerly Tenga-infected laptop, after having restored my system from a backup of 25-Jan-2010. I most likely have identified the cause of the system-wide infection with Tenga, without using a default-deny tool. When I re-checked the system restored from the backup of 25-Jan-2010, Kaspersky detected 2 infected files on it: - H:\MSOffice\Office\Binder.exe, infected with Tenga.a, modification date 21-Jul-2009 8:43AM - H:\MSOffice\Office\Findfast.exe, infected with "new threat type_Win32 (modification)", Kaspersky didn't have a name for it, modification date also 21-Jul-2009 8:43AM No other .exe file besides Binder.exe was infected with Tenga.a in the backup of 25-Jan-2010. So the original infection with Tenga started on 21-Jul-2009, not on 28-Feb-2010, with the infection of 2 files of MS Office 2000, installed under Win98. Tenga apparently was just sleeping for a while because I had previously de-activated Findfast.exe from startup, I don't like unneeded startup processes. Restoring from an already infected backup is not a smart thing to do. The blazing speed with which Tenga can infect .exe files is probably explained by its use of Microsoft's Findfast.exe I have restored clean versions of Binder.exe and Findfast.exe from an uninfected backup of 5-Jun-2009. To reduce the risk of re-infection with Tenga (I have on my 1TB USB HDD still 10.000+ Tenga-infected .exe files to be dealt with), I have disabled the clean Binder.exe and Findfast.exe by renaming them. MS Office/Word 2000 seem to run fine without Binder.exe and Fastfind.exe. What does puzzle me is that after the 2nd infection with Tenga the file binder.exe, already Tenga-infected on 21-Jul-2009, had a changed modification date of 27-Mar-2010; Tenga supposedly doesn't modify already Tenga-infected files, that's what the "V" marker (=virus) in byte 51 is for. Maybe the virus writer allowed this exception, to make the search for the source of the infection more difficult. After the 2nd infection with Tenga, binder.exe has a later modification date (27-Mar-2010 11:18) than the first newly-infected .exe file BC2.exe (27-Mar-2010 11:13). It looks like the infection with tenga.a on my system has been solved. I will eventually post here what I have done to improve the security of my system.

Before doing anything else I have backed up most of the infected HDD into .rar files, in contrast to my 1st Tenga infection. I have also backed up the infected E: partition, which contained the infected Win98, as a .gho image. Maybe these snapshots of the infected HDD help me later identify how the 2nd infection started.In my posting #24 I quoted Panda "Tenga.A shows a very a complex infection routine" http://www.pandasecurity.com/homeusers/security-info/about-malware/encyclopedia/overview.aspx?idvirus=82383&sind=0&sitepanda=particulares Usually things look quite simple once you fully understand them. This 2nd infection with Tenga.a is different from the 1st infection: .exe files in \Windows\ and \Program Files\ of the infected Win98 WERE infected, in contrast to the 1st infection. Also, the FAT32-based WinXP and the NTFS-based WinXP were not infected, maybe because I was fast enough to detect an ongoing re-infection. All .exe files in the test-Win98, which I had not used for a while, were infected, as during my 1st infection. There is a slight possibility that I may have triggered the 2nd Tenga-infection inadvertently myself, when I was dragging Tenga-infected .exes to separate folders, maybe I double-clicked on one instead of selecting it. On the internal HDD there was no file "C:\DL.exe" after the 2nd infection with Tenga, in contrast to the 1st infection.

Hi herbalist,This Tenga infection has hit me just at the wrong time: I am travelling in Europe, away from my desktop in the US, until about June. I don't have all my resources, they are back in the US. What I miss most is my fast dual-core desktop. Using a 10-year-old 700-Mhz laptop for virus-scanning, burning DVDs, raring up stuff, creating and restoring backups is really slow. On the positive side, my computer stuff back in the US is most likely not Tenga-infected (yet).

This may be Panda's name for the trojan downloader I mentioned in posting #49 I had noticed about 2 days ago that the registry files were about 400kB larger than one the restored backup of 25-Jan. Thanks.BTW, I am right now raring up all relevant stuff on the HDD, to help me trace later the cause of the infection. WinRAR just gave me an err msg "Cannot open F:\W98DIAG\MSNMGSR1.EXE and SIGVERIF.EXE. The file or directory is corrupted and unreadable". When I had noticed the 2nd infection (again unusual flashing disk activity light), I had pulled the plug. Maybe Tenga was at that moment in the process of infecting these 2 files when I pulled the plug. F:\W98DIAG\ is the name of the \Windows\ directory of my test-Win98. I haven't repaired the lost clusters yet. That's one more possibility...Another possibility is that I got re-infected by comparing with Beyond Compare and its Hex Viewer infected vs. clean files. Time-wise, the 1st .exe file to get infected/modified on the system was BC2.exe (Beyond Compare) at 11:13:38. H:\Beyond Compare\ is, alphabetically, not the 1st folder on my H: partition. Beyond Compare triggering the infection????

Thanks for helping. In my earlier posting, now corrected, I had gotten the time mixed up, it was not AM that the infection occurred (when I was running the overnight AV scan-job), but around 1:42PM, I got confused with the time displayed on my NTFS-based WinXP, which is an ideosyncratic Middle Eastern version. It will be a challenge to fix this infection, without knowing what caused it. Yes. For now I'll use my clean backup of 25-Jan. But in contrast to my first infection with Tenga, I am now backing up everything conceivable accessed under Win98 as .rar before having Kaspersky run as virus checker, so that will keep me busy for a little while. Kaspersky changes the modification dates of files it detects as infected with Tenga. If I later need to, I will have all files, including registry backups, as they were very shortly after the 2nd infection.

Thanks dencorso, but it's not that important, I am much more concerned with the 2nd infection by Tenga.

My laptop is infected AGAIN with Tenga, but on the first look the infection hasn't spread to other operating systems yet, only my main-Win98 (and new downloads and recovered stuff) seems to be affected. Many .exe files on the laptop got infected at 1:42 PM (about 45 minutes ago), while others got infected while I was making my earlier postings at msfn.org, around 11:50 AM Persfw.conf (the file with the rules) of the Tiny Personal Firewall was modified at 1:41 PM, PFWADMIN.EXE got infected at 01:43, but the actual firewall engine PERSFW.EXE did not get infected. Any suggestions as to what stuff I should save as a .rar, before restoring a clean Win98, so that I may find the cause/culprit of this 2nd infection? I am posting from my 2nd uninfected laptop. I guess there goes my weekend.

ADDENDUM - CORRECTION: The content of this posting is not correct, it seemed to be correct during my 1st infection with Tenga, but during my 2nd infection with Tenga, Tenga infected \Windows\ and \Program Files\ of the currently active Win98. See my posting #62. Multibooter 28-March-2010 Tenga.a does NOT infect .exe files in \Windows\ and in \Program Files\ of the currently active Win98/XP. This characteristic of Tenga.a does not seem to be mentioned in the Internet, and has permitted me to retrace chronologically the infection by Tenga: 1) \Windows\ and \Program Files\ of my main Win98 on the infected internal HDD were NOT infected by Tenga. Since I install nearly all of my software to specially-named folders outside of \Program Files\, e.g. to H:\eMule\, the existence of Tenga under Win98 was noticed immediately, because my apps were infected and wouldn't work anymore, or would not behave as usual. 2) All .exes in the \Windows\ directory of my test-Win98 (exact directory name: F:\W98DIAG\) were infected with Tenga on the infected internal HDD, i.e. the infection must have started under another operating system, NOT under the test-Win98. Tenga, not recognizing that F:\W98DIAG\ was the \Windows\ directory of my test-Win98, infected all .exes in F:\W98DIAG\. I can therefore exclude the possibility that I got the Tenga infection during my experimenting with possibly-infected stuff under my test-Win98. I never experiment with unknown stuff on my main Win98. 3) After the infection with Tenga I had trouble booting into FAT32-based WinXP and shortly afterwards FAT32-based WinXP wouldn't work anymore. Unfortunately I had then restored a clean FAT32-WinXP partition from backup onto the infected internal HDD, so that I don't have a direct proof anymore that the WinXP \Windows\ folder was infected (only possible if WinXP was infected while I was running another operating system, i.e. my main Win98). But here is an indirect proof, answering a very good point raised by Queue in posting #21: Tenga under my main Win98 had infected the .exes in the \Windows\ folder of the FAT32-WinXP partition. When WinXP came up, using infected .exes, it didn't work properly anymore and Tenga, which uses some WinXP APIs, didn't work properly anymore either and couldn't infect files on the NTFS partition of the NTFS-based WinXP.The original infection with Tenga was probably caused on my main Win98 by an undetected trojan downloader, which then downloaded Tenga from somewhere, similar to Trojan-Downloader.Win32.Small.bdc: "When launched, the Trojan checks whether the victim machine is connected to the Internet. If a connection is detected, the Trojan will download the following files from u***ti.lycos.it/vx9: cback.exe – will be detected by Kaspersky Anti-Virus as Backdoor.Win32.Small.gl gaelicum.exe - will be detected by Kaspersky Anti-Virus as Virus.Win32.Tenga.a These files will be saved to the same file that the original Trojan file was saved to. They will be registered in the system registry, and launched for execution." http://www.viruslist.com/en/viruses/encyclopedia?virusid=87572 Whether in my case the trojan also downloaded a backdoor is unknown. If so, the backdoor most likely was ineffective or didn't work under Win98 since my Tiny Personal Firewall didn't report anything and with the subsequent system restore it must have gotten wiped out. In case I get this undetected trojan downloader again, I will probably get Tenga again. I am still pondering how to improve my defenses, with as little effort as possible. The downloader+virus combo seems to be very hard to stop in my current multi-booting setup, unless I spend a lot of time. I probably will focus on improving my backups, especially of the external USB HDD, and just HOPE not to get infected again by something like Tenga. BTW, I have been using Firefox quite a lot over the past few months, and Firefox has been reported to have a lot of security problems recently. Maybe I should use Opera most of the time.

Estimated averages per week: Adding 2 new applications, replacing 1 existing application with a more current version, deleting 1 application which I don't expect to use anymore, testing 3 new applications, most of them installed, not standalone. The installations/uninstalls may occur in different operating systems and in multiple instances of an operating system.About once a month I restore the last clean opsys backup (of about a month ago) and repeat very carefully all the recent installations/uninstalls of what I want to make permanent and then create another clean backup. Usually I restore the last clean backup 5-10 times a month, after having creating a new clean backup and before creating the next clean backup, wiping out with the restores malware which Kaspersky may not have detected. Undetected malware could stay 3-5 days on my system, but then it gets wiped out with the next restore. Tenga, unfortunately, just needed a few minutes to infect all operating systems installed on my laptop, except for the NTFS-based WinXP. If I had given internet access to WinXP during my trip, just as WinXP has internet access when I am in the US, the infection with Tenga could have started just as well under WinXP and then spread to Win98. So a tool to allow only permitted processes would have to be active also under WinXP and on all my installed operating systems, which is just too time-consuming.A default-deny tool looks useful to protect a computer which has only a single operating system (or to protect a Win98 installed on a hidden partition, invisible to other operating systems), but less so on a computer with various operating systems, because of possible infections across operating systems, as with Tenga. If I remember right, on the WinXP FAT32 partition even the file avp.exe (= the virus scanning engine of Kaspersky) was infected by Tenga under Win98, but WinXP was killed already at that time. Yes. But my dedicated eMule laptop was not infected. My main laptop, on which I process downloads (virus checks), browse the internet, etc was infected with Tenga. This not-infected dedicated eMule laptop was connected in a peer-to-peer network under Win98 to the infected laptop, and completed downloads were transferred via WLAN from the eMule laptop to the main laptop. The eMule laptop was running normally, it even posted a record uptime then of 7 days 11 hours. I don't know how credible rumors are that some chips have built-in backdoors for the US agencies. But my 10-year-old laptops, built before 11-Setp-2OO1, are unlikely to contain such chips.