Please be patient when reading this. I have been having issues for the last couple of days with my old computer using Windows 98SE OS. When I insert a cd in the D Drive, I get the following message on a blue screen:

A fatal exception has occurred at 0028:0000003. The current application will be terminated.

Upon pressing the enter key, the computer goes back to desktop. I am able to use all the existing programs on the computer and can even add new files (PROGRAMS LOAD BUT DON'T WORK) through the flash drive. However, it won't allow me to use the cd rom drive.

The machine hasn't been on-line in about 5 years, so we let the Norton anti-virus software lapse. We figured that since any new data/programs this computer sees would go through one of our newer computers first, it wouldn't be necessary to keep the anti-virus software up-to-date. After much thought, I decided to try out the free Clamwin anti-virus system.

After running a scan on this old computer, the results obtained were the following:

c:\WINDOWS\TEMP\ajclidnd.exe: Dialer-757 FOUND
c:\Backup\Used\Norton anti-virus Downloads\ setup.exe: Trojan.Downloader.FraudLoad-87 FOUND
WARNING: Can't openfile c:\WINDOWS\WIN 386.SWP: Permission Denied.

Since the the dialer is not an essential component of this computer anymore and I had recently deleted the Norton ant-virus from my system since it was outdated, I concluded that these files could probably be deleted. But to be cautious, I ran Clamwin a second time and directed the program to transfer all infected files to quarantine. After that, I went to the Jotti site and tried to scan those two files. The trojan was found by 15 out of the 20 AVs. The AV (Norton) for my on-line computer, however, wouldn't allow me to upload the file with the dialer virus on it. It simply deleted the file and displayed a statement that the file was HIGHLY suspicious. Norton does have a "proactive" feature if turned on and will make decisions like this about files. I reasoned that to mean a second positive that the file contains a virus so I didn't pursue the matter any further with Jotti.

I went back to my older computer but the drive still didn't work. However, the error message had subtly changed to the following:

A fatal exception 0E has occurred at 0028:00000013. The current application will be terminated (the 03 at the end became a 13).

I have no idea what either of these Fatal Exceptions mean but the results were still the same --- NO GO!!!

I surmised that the trojan/virus might have corrupted the registers and that maybe a registry scan would be beneficial. The registry freeware scan program (RegZooka) installed fine on the computer through the flash drive but then would not activate. A hour glass appeared on the screen for about 3 seconds before it dissappeared and then nothing (this is what I meant earlier about programs not running when installed through the flash drive).

Thinking that maybe Clamwin might have missed detecting a virus, I tried a ClamWin scan for a third time. This time the results I got were the following:

c:\WINDOWS\ Users\ clamwin\quarantine\ajclidnd.exe.infected not moved/copied since already in quarantine
c:\WINDOWS\All Users\clamwin\quarantine\setup.exe.infected not moved/copied since already in quarantine
WARNING: Can't open file c:\WINDOWS\WIN 386.SWP: Permission denied.
WARNING: Can't open file c:\Program Files\Desktop Manager\8876480\Users\Stephan Vargo\Data\chandir.idx: Permission denied
WARNING: Can't open file c:\Program Files\Desktop Manager\8876480\Users\Stephan Vargo\Data\storydb.idx: Permission denied
WARNING: Can't open file c:\Program Files\Desktop Manager\8876480\Users\Stephan Vargo\Data\chn.idx: Permission denied
WARNING: Can't open file c:\Program Files\Desktop Manager\8876480\Users\Stephan Vargo\Data\prs_die.idx: Permission denied
WARNING: Can't open file c:\Program Files\Desktop Manager\8876480\Users\Stephan Vargo\Data\prs_dnd.idx: Permission denied
WARNING: Can't open file c:\Program Files\Desktop Manager\8876480\Users\Stephan Vargo\Data\prs_ext.idx: Permission denied
WARNING: Can't open file c:\Program Files\Desktop Manager\8876480\Users\Stephan Vargo\Data\prs.rcv.idx: Permission denied
WARNING: Can't open file c:\Program Files\Desktop Manager\8876480\Users\Stephan Vargo\Data\prs.idx: Permission denied
WARNING: Can't open file c:\Program Files\Desktop Manager\8876480\Users \Stephan Vargo\Data\L0000028.FCS: Permission denied

c:\WINDOWS\All Users\clamwin\quarantine\setup.infected: Trojan.Downloader.FraudLoad-87 FOUND
c:\WINDOWS\All Users\clamwin\quarantine\ajclidnd.exe.infected: Dialer-757 FOUND

So this run did find the two infected files in quarantine where I had put them. However, it came up with nine additional Permission Denied statements.
I have read your comments about some files being denied access by Windows but have no clue in being able to determine whether or not these fall into that category or the virus/trojan has created this "firewall". I tried a fourth Clamwin scan in SAFEMODE but the program could not access those files from there either.

Right now I am inclined to believe that if the computer can't read that WIN 386.SWP folder and if the files to run the cd rom drive are located in there, the drive will not work until access is granted to that folder.

Do you Any ideas???? And what about those nine additional "Permission Denied" statements??? I'd really appreciate any thoughts that you might have because I have very little experience dealing with software issues. Much thanks in advance...

It can be tough to get rid of active malware that is already on the computer. There is not much security software for Win 98 now.
Did you update ClamWin before your scans to make sure you are using the latest signatures? You can update in Safe Mode if you
choose Safe Mode With Networking (I'm not sure about that on Win 98 though).

The SWP file is probably the Windows swap file (for virtual memory), which is probably okay. The idx files are probably some sort of database index file. They are probably not harmful in themselves, but I suppose they could contain information either for/used by malware. The fact they are "permission denied" means they are actively opened/used by another program during the scan. You can do a search for any filename.extension on Google and see if you can find out anything about the file. If you can get an MD5 hash for a file, you can Google that as well.

I am not sure if Win 98 has a Task Manager. On Windows 7 computers, it is located in C:\Windows\System32\taskmgr.exe. Task Manager is useful in seeing/investigating applications and services running on the computer. If you have it, look at the apps and processes/services and see if you can find on Google some information on any that might be strange. Right click on an item to get some options--such as going to a related process, service, or file location. Malware will sometimes have a name like a familiar Windows file/service, but it will not be listed in Task Manager as a system file. If you can find a malware file/process/service, you can delete via right click menu, then go to the location and delete the file.

Good luck, and let us know of any results.

Regards,

Well I have some news on my old WIN 98SE OS computer.

I googled on all the files which Clamwin couldn't open. The SWP file is a swap file for virtual memory, as you suspected, is critical to the timely operation of the computer but infections into that file are very rare. The eight .idx files are generic extensions for index files commonly used to download or play movies and have been known to receive infections by trojans.

The L0000028.FCS file is associated with the .idx files. However this file was created on Friday, 7/20/2012, at about 8:23 am --- the approximate time I started up that computer and first noticed the problems with the D drive.

In addition, two of the .idx files were modified at that time.; two additional .idx files were created two days later on Sunday, 7/22/2012 and the remaining four .idx files were modified at that same time.

I do realize how the new files could have been created yesterday. I went on-line to try to download the latest virus update from Clamwin. Since this machine only has a 256 k modem, I realized it could take a while. Well, I left the machine chugging along for almost two hours before I disconnected from the internet with no virus update downloaded. The computer was open for infection during that period of time from an outside source.

Now I do not and never have played movies on this computer. There is QUICK TIME software loaded on the machine but it was placed there when the computer was assembled in the factory. I also have REAL PLAYER software on my computer for CDs and I have used that but that is audio not video. As far as I am concerned, these files have no value to me as long as they aren't critical to the general operation of the computer. I could delete them from the computer EXCEPT for one problem: the machine won't let me. When I try to delete them, I get the following message:

Cannot Delete Make sure the disk is not full or Write Protected and that the file is not currently in use.

I reiterate that there is no reason for these files to be open since I am not (or ever have) downloaded videos and I am not viewing any videos. How would I check to see whether or not the disk is full or write protected??? There is no disk in the CD Rom drive!!!

I guess my problem now is how can I get rid of those files from my computer? Any thoughts???

There are some programs that can delete hard-to-delete files from your computer, but they may be for Windows XP and later models. Try Unlocker from File Hippo at https://www.filehippo.com/download_unlocker/ on the web. They have several versions, so perhaps one of the older ones will work with Win 98. Some other ideas below:

Download the free WinPatrol program from https://www.billp.com/ on the web. WinPatrol will run on Windows 98. It provides lots of system information about running applications, startup items, hidden files, active tasks and services. It will let you kill/end active items (note its location on your computer). Once you do that, you can then go to the related file's location and delete it.

If nothing else has worked, you may be able to delete a file from Windows Safe Mode. Or, you may be able to change the file attributes to a type of file that you can delete--do some Googling, I haven't done this in a long time. If Win 98 has something like Task Manger, you can use it to see applications, processes, and services that are open. You can stop applications in Task Manger with a right click on the name. You can end processes and stop services with a right click. Between Task Manager and Google, you may be able to find an evil application, process, or service, end/stop via right click in Task Manager, and then go to the related file and then delete it. This is a very methodical process and can take you some time.

As a last resort, you might consider re-installing the Win 98 operating system. You may have to re-install some programs afterwards. Once ClamWin is re-installed, update it and scan the entire computer. I also suggest you install the free Clam Sentinel program (a separate project from ClamWin) that lets you use ClamWin as a real-time scanner and has its own heuristic scan engine for malware without a ClamWin signature. Clam Sentinel is available at
https://clamsentinel.sourceforge.net/ on the web.

Regards,

It looks like I've pretty much resolved my problems! Here is what I did (I couldn't tell for sure which step/s who the most crucial in getting my computer's cd/rom drive running correctly):

1. I looked at the file hippo website but their software only goes back to Windows 2000. So no help there.

2. I did download the free Win Patrol software. There was one suspicious program that started automatically upon booting the computer called MixGhost.exe. I googled on that program and read that it is known for housing malware. Upon checking the file further I noticed that it had been updated on my computer within the past month. The application that originally placed it on my machine was a set of speakers that I discarded about five years ago. So I decided to delete the file by placing it in the recycle box.

3. I then went into SAFE MODE and was able to delete those eight .idx files and the one .FCS file from the computer but leaving them in the recycle box.

4. I then ran "Scan Disk" twice - once from the maintenance tab of the computer and then a second time (by accident) from the computer's diagnostic diskette.

5. After performing all of this work, I retried by Cd/Rom drive and it worked for one of my two test disks. The second disk still caused a blue screen to appear indicating that Fatal Error at 0028:00000003. However I tried a third disk and that one worked as well.

6. After rebooting, testing the drive several more times, rebooting after each test and getting the same results, I discarded all the files from recycle. The next day, I noticed that the eight .idx files had regenerated but the computer drive is still working for all but that one disk. However the L0000028.FCS and MIXGHOST.EXE files remain out of the system. Hopefully the computer needs those .idx files and did this work on its own NOT malware.

7. I tested that one disk with both ClamWin and my anti-viral software on my on-line computer and it tested clean. However it would be a small price to pay to only lose a 15 year old computer game from all of these headaches.

I am keeping my fingers crossed for the next month or so that these issues have been resolved but only time will truly tell.

I'd like to express my deepest thanks to you for the directions that you suggested I explore in order to resolve these issues. Without your input, I would have been clueless on how to proceed...

I'm glad you were able to mostly resolve the problem, Steve. It looks like you are a pretty resourceful guy.

The regeneration of those .idx files is a bit troublesome, but they are most likely database files and can't do anything malicious on their own. WinPatrol is very useful, so I would keep it around. Malwarebytes' Free version is also good against common malware but not against sophisticated rootkits, but Kaspersky's free TDSSKiller can plug that gap, and it is updated weekly. Keep your AV updated, and set Windows updates for automatic.

Regards,