Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Virus in rbbad.cab

0 views
Skip to first unread message

Mike Burgess

unread,
Dec 28, 2002, 11:30:35 AM12/28/02
to
Peter,
Yes you can delete the "rbbad.cab" file without any problems.
Note: there is no need to replace it, as it's not needed.
Never replace a [rb000-rb004] cab file from another PC!
_____________________________
Mike Burgess
Information isn't free if you can't find it!
Please post replies to this Newsgroup, email address is invalid
--
"Peter C" <pjla...@earthlink.net> wrote in message
news:025401c2ae87$a97b18f0$89f82ecf@TK2MSFTNGXA01...
> Despite 2002 Norton A-V, have w32.opaserv(win.ini) worm in
> Windows\sysbackup\rbbad.cab.
>
> Could not repair, quarantine nor remove with Norton auto
> tool or manual instructions. Attachment explains what I've
> done.
>
> Question: Can I remove Windows\sysbackup\rbbad.cab without
> detriment to my computer?
>
> OR, can I delete it and then replace it with rbbad.cab
> from my other computer -- also with Windows me?
>
> Appreciate any help or advice.


Noel Paton

unread,
Dec 28, 2002, 6:08:07 PM12/28/02
to
Mike -
Can you review another thread for me, and see what I've missed?
First post is news:uBUF1BMoCHA.1880@TK2MSFTNGP10...

TIA
--
Seasons Greetings to one and all!

Noel Paton (MS-MVP 2002-2003, Win9x)

Nil Carborundum Illegitemi
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"Mike Burgess" <winhe...@NOhome.com> wrote in message
news:endQf6orCHA.432@TK2MSFTNGP10...

Mike Burgess

unread,
Dec 29, 2002, 12:08:22 AM12/29/02
to
Noel,
Sounds like the info in Msconfig | Enviornment doesn't match Autoexec.bat?
Default ME Autoexec.bat should read:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

Possibly the anti-virus app Donna had installed made some changes?

The default Enviornment tab should read:

PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
PROMPT=$p$g
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP

This info is also found in the Registry: [default]

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\Environm
ent]
"EnvAction"=dword:00000000
"windir"="C:\\WINDOWS"
"winbootdir"="C:\\WINDOWS"
"COMSPEC"="C:\\WINDOWS\\COMMAND.COM"
"PATH"="C:\\WINDOWS;C:\\WINDOWS\\COMMAND"
"PROMPT"="$p$g"
"TEMP"="C:\\WINDOWS\\TEMP"
"TMP"="C:\\WINDOWS\\TEMP"
"RegEnvSize"=dword:00000091
"RegEnvCRC"=dword:1230f245
"ConfigEnvMod"=dword:2d966185
"ConfigEnvSize"=dword:00000000
"ConfigEnvCRC"=dword:00000000
"AutoexecEnvMod"=dword:2d966185
"AutoexecEnvSize"=dword:000000c2
"AutoexecEnvCRC"=dword:ed310c5c

Possibly have Donna export that key and compare?


_____________________________
Mike Burgess
Information isn't free if you can't find it!
Please post replies to this Newsgroup, email address is invalid
--

"Noel Paton" <NoelDPs...@aol.com> wrote in message
news:#5O6yXsrCHA.2036@TK2MSFTNGP12...


> Mike -
> Can you review another thread for me, and see what I've missed?
> First post is news:uBUF1BMoCHA.1880@TK2MSFTNGP10...
>
> TIA
> --
> Seasons Greetings to one and all!
>
> Noel Paton (MS-MVP 2002-2003, Win9x)
>
> Nil Carborundum Illegitemi
> Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

<snip>


Noel Paton

unread,
Dec 29, 2002, 2:59:42 AM12/29/02
to
Wonderful, Mike - I've got the autoexec.bat, and config.sys corrected
already - I'll find out about the reg branch today (with lick).

--
Seasons Greetings to one and all!

Noel Paton (MS-MVP 2002-2003, Win9x)

Nil Carborundum Illegitemi
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"Mike Burgess" <winhe...@NOhome.com> wrote in message
news:eMy16hvrCHA.1808@TK2MSFTNGP09...

Steve Sweet

unread,
Dec 29, 2002, 4:04:31 PM12/29/02
to
Hi Peter

You have a virus infection yet you still send attachments!!, doh!!.

> Despite 2002 Norton A-V, have w32.opaserv(win.ini) worm in
> Windows\sysbackup\rbbad.cab.


--


Regards Steve

Rope me a sheep and I'll make it smile.


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.434 / Virus Database: 243 - Release Date: 25/12/2002


Noel Paton

unread,
Dec 30, 2002, 2:38:09 AM12/30/02
to
Mike - got the results back from Donna- and can't see anything wrong with
them:(
only differences are the dword values for AutoexecEnv CRC/Mod/Size,
RegEnvSize /CRC, and ConfigEnvMod - and no entry at all for EnvAction.

Here's the entries -


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\Environment]

"PATH"="C:\\WINDOWS;C:\\WINDOWS\\COMMAND"
"PROMPT"="$p$g"
"TEMP"="C:\\WINDOWS\\TEMP"
"TMP"="C:\\WINDOWS\\TEMP"
"windir"="C:\\WINDOWS"
"winbootdir"="C:\\WINDOWS"
"COMSPEC"="C:\\WINDOWS\\COMMAND.COM"
"RegEnvSize"=dword:00000091

"RegEnvCRC"=dword:d6ed6886
"ConfigEnvMod"=dword:2d9da2e7


"ConfigEnvSize"=dword:00000000
"ConfigEnvCRC"=dword:00000000

"AutoexecEnvMod"=dword:2d9da2e7
"AutoexecEnvSize"=dword:000000c2
"AutoexecEnvCRC"=dword:3b1b1986


Any ideas?


--
Seasons Greetings to one and all!

Noel Paton (MS-MVP 2002-2003, Win9x)

Nil Carborundum Illegitemi
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"Mike Burgess" <winhe...@NOhome.com> wrote in message
news:eMy16hvrCHA.1808@TK2MSFTNGP09...

Mike Burgess

unread,
Dec 30, 2002, 5:22:38 PM12/30/02
to
Noel,
I would have Donna create a new "Dword" value =

"EnvAction"=dword:00000000

Is Config.sys a "zero-byte" file? (by default it should be)
"ConfigEnvSize"=dword:00000000

_____________________________
Mike Burgess
Information isn't free if you can't find it!
Please post replies to this Newsgroup, email address is invalid
--
"Noel Paton" <NoelDPs...@aol.com> wrote in message

news:ekFegZ9rCHA.2628@TK2MSFTNGP09...

<snip>


Noel Paton

unread,
Dec 31, 2002, 2:42:53 AM12/31/02
to
Yup - I had her delete the old config.sys and autoexec.bat, which was
apparently one off a startup disk!
Tx - I'll update her and we'll se what happens.

Just checked back on the thread - KB joined the fray yesterday, and has
pinned it down already (woods and trees, I think) - it was PcCillin 2003
causing her 'could not update env variables' message - she's uninstalled it
and is contacting them for support.

--
Seasons Greetings to one and all!

Noel Paton (MS-MVP 2002-2003, Win9x)

Nil Carborundum Illegitemi
Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"Mike Burgess" <winhe...@NOhome.com> wrote in message
news:eFbdcIFsCHA.2516@TK2MSFTNGP09...

Mike Burgess

unread,
Dec 31, 2002, 1:17:06 PM12/31/02
to
Noel,
Thanks for the feedback ...........
Yeah PcCillin is a known headache!

_____________________________
Mike Burgess
Information isn't free if you can't find it!
Please post replies to this Newsgroup, email address is invalid
--
"Noel Paton" <NoelDPs...@aol.com> wrote in message
news:euWryAKsCHA.868@TK2MSFTNGP12...

> Yup - I had her delete the old config.sys and autoexec.bat, which was
> apparently one off a startup disk!
> Tx - I'll update her and we'll se what happens.
>
> Just checked back on the thread - KB joined the fray yesterday, and has
> pinned it down already (woods and trees, I think) - it was PcCillin 2003
> causing her 'could not update env variables' message - she's uninstalled
it
> and is contacting them for support.
>
> --
> Seasons Greetings to one and all!
>
> Noel Paton (MS-MVP 2002-2003, Win9x)
>
> Nil Carborundum Illegitemi
> Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
>
> "Mike Burgess" <winhe...@NOhome.com> wrote in message
> news:eFbdcIFsCHA.2516@TK2MSFTNGP09...
> > Noel,
> > I would have Donna create a new "Dword" value =
> >
> > "EnvAction"=dword:00000000
> >
> > Is Config.sys a "zero-byte" file? (by default it should be)
> > "ConfigEnvSize"=dword:00000000
> >
> > _____________________________
> > Mike Burgess
> > Information isn't free if you can't find it!
> > Please post replies to this Newsgroup, email address is invalid
<snip>


0 new messages