Microsoft KB Archive/253098

From BetaArchive Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Windows May Not Shut Down or Restart When Msdos98.exe Is Running



The information in this article applies to:


  • Microsoft Windows 98





SYMPTOMS

When you click Shutdown or Restart in the Shut Down Windows dialog box and then click OK, the Windows desktop may reappear and the computer may not shut down or restart properly.

If you press CTRL+ALT+DELETE, you may see that the Msdos98.exe file is currently running.



CAUSE

This issue can occur if your computer is infected with the APStrojan virus.

NOTE: This virus is also known as APStrojan.pz, APStrojan.qa, and Mine.exe.



RESOLUTION

To resolve this issue, obtain an antivirus program or update your current antivirus program.



MORE INFORMATION

The Uninstallms.exe file is not always in the Windows\Command folder. It sometimes exists in the root folder or the Windows folder. Also, in the Win.ini there may be many spaces after the Run= line that make it appear empty, yet the Uninstallms.exe file is off the screen to the right.

APStrojan is a Trojan type virus. This Trojan virus can infect Windows 98-based computers. It can also infect Microsoft Windows 95-based computers if the Msvbvm50.dll file is present.

This Trojan virus is a password-stealing Trojan that targets America Online client software. When the virus is run, the virus tries to send the stolen information to the author of the virus.

The APStrojan virus is distributed through e-mail with the subject "Hey you" and with an attached file called Mine.exe.

When the infected file is executed, it modifies the Win.ini file and the registry, and copies four files to the local hard disk. The following are the changes the virus may make:

In the Win.ini file, it adds C:\Windows\uninstallms.exe to the run= line in the [Windows] section.

NOTE: Remove this executable from the run= line if it exists after you successfully remove the virus with an antivirus program.

The windows registry may be modified to load the Trojan at startup. The following key may be added to the registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ Windows="c:\msdos98.exe"

NOTE: Remove this key if it exists after you successfully remove the virus with an antivirus program.


The following files may be copied to the local hard drive:

c:\msdos98.exe

c:\WINDOWS\COMMAND\uninstallms.exe
c:\WINDOWS\SYSTEM\mine.exe
c:\WINDOWS\SYSTEM\ReadMe.Txt

NOTE: Delete these files if they exist after you successfully remove the virus with an antivirus program.


The APStrojan virus first appeared in January 2000.


For additional information about computer viruses, click the article number below to view the article in the Microsoft Knowledge Base:

Q129972 Description of Computer Viruses



NOTE: This virus is created and modified by individuals not associated with Microsoft, and the preceding troubleshooting steps may not alleviate problems caused by variant strains of this virus. Customers should contact their antivirus software manufacturer for a more comprehensive solution.


Additional query words: start up shut down reboot off on nothing happens screen grays greys fail

Keywords : kb3rdparty kbenv kbnetwork kbui winboot
Version : WINDOWS:
Platform : WINDOWS
Issue type : kbprb
Technology :


Last Reviewed: May 10, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.