i keep getting an error message in windows 98 saying that WINKAIG
caused a divide error in module WINKAIG.EXE at 0167:00403b21.

i want to find WINKAIG.EXE and dump it from my computer but neither
find file nor zip hunter sees it when they do searches. it might show up
in MSDOS mode but even if it did i wouldn't know how to dump it from
there.

HELP!

---

Request for Question Clarification by huntsman-ga on 20 Aug 2002 09:42 PDT

Star_toucher,

Some questions for you:

1. Are you using Windows 98 or Windows 98SE (Second Edition)?
Right-mouse-click on your desktop's My Computer icon and select
"Properties" in the popup menu. In the System Properties > General
tab, exactly what is listed under "System:" ?

2. Are you sure about the spelling? Google Web and newsgroup searches
give zero results for "WINKAIG.EXE" and for "WINKAIG".

3. What is the full and exact text of the error message? 

4. Does the error occur randomly, or only when you're using a
particular application? Does it occur mainly when you boot up or shut
down?

5. Is WINKAIG.EXE running all the time? Press Ctrl + Alt + Delete and
check the Task Manager's "Close Program" list.

6. If you do Start > Find > Files or Folders and do a wildcard search
for all "*.exe" files on your computer, does WINKAIG.EXE show up then?

7. Are your Windows 98 file options set so you can see hidden files?
Open "My Computer" (or Windows Explorer), select View menu > Folder
Options... > View tab. In the Advanced Settings list:

- under "Files and folders", check the box "Display the full path in
title bar"
- under "Hidden Files", select the radio button "Show all files" 
- uncheck the box "Hide file extensions for known file types"

Click OK and try your search again. Any luck this time?

Thanks,
Huntsman

Hi there,  star_toucher.

I hate to be the bringer of bad news, but it looks almost 100% certain
that your computer is infected with the W32.Klez virus. It will have 
arrived at your computer via email, probably through Outlook Express,
and may have already corrupted some of your files beyond repair. The 
one ray of sunshine is that it seems to be crashing, so perhaps it
isn't taking full effect.

I recommend taking immediate action. If you already own a virus
scanning program, this virus may already have attacked and disabled
it, and I  therefore recommend visiting the website below to obtain a
free tool which will attempt to detect and remove this virus.

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

I would recommend printing a copy of this so you can follow the
instructions carefully.

However, if you just want to speed through it, then essentially, you
need to download the program called FIXKLEZ.COM. Save this somewhere
you'll  remember easily. You then need to reboot, and start the
computer in safe mode. The way you do this, is by holding the F8 key
down during  bootup. You'll be presented with a menu from which you
can choose "Safe Mode". Once your computer starts up again (this may
take longer than  normal) you should then run FIXKLEZ.COM. Hopefully,
it should then remove the virus, and clean up any infected files.

There are fixes available for Outlook Express, which make it less
vulnerable to these kinds of viruses. To obtain these, run Internet
Explorer. Click on "Tools", then "Windows Update". If you download all
the Critical Updates that Microsoft suggests to you, you may find that
your computer is less vulnerable to these kinds of attacks in the
future.

Good luck with fixing that. Viruses are nasty things, and my
computer's been infected a couple of times in the past. These days, I
run a virus scanner, which does help get rid of some of the more
common ones. If you don't already have one, then have a look at what's
available at:

http://directory.google.com/Top/Computers/Security/Anti_Virus/Products/

If you already have one, see if it has an Update feature to bring it
up to date with the latest threats.

If you need any clarification, then don't hesitate to ask!

-- seizer-ga

PS: The reason that huntsman-ga was unable to turn up any results for
WINKAIG, is that this virus generates random names beginning with
"WIN", to confuse attempts to fix it!

Search strategy: searching for viruses which yielded divide errors in
Windows 98.

---

Request for Answer Clarification by star_toucher-ga on 20 Aug 2002 13:10 PDT

i ran the FixKlez tool and it gave me the message that it found a
number of viruses and that it could not delete ONE remaining one. it
said i would have to boot up in the safe mode and run it again. i
tried this on the Sony Vaio XG-9 laptop being used and while booting
to the safe mode i get a freeze and the error message:

"SBS.DRV cannot load because VSBS.386 is not available. check your
system.ini windows config file."

since everything came pre-installed no windows discs even came with
the computer.

also now sometimes the system is hanging up when trying to restart. it
gets to the desktop and just keeps showing the windows flag or hangs
at the windows screen. :(

how can i get it to boot in the safe mode to get rid of this final
virus to see if this fixed the problem?

---

Clarification of Answer by seizer-ga on 20 Aug 2002 14:12 PDT

I'm glad that you're removing these viruses. Unfortunately, it sounds
like they have damaged the SYSTEM.INI configuration file, something
which Windows needs to start up successfully.

If you CAN reach your Windows desktop and use your computer, the way
to solve your problem is as follows:

Click on Start, then Run, then type "system.ini" without the quotes.
When this file opens up, scroll down until you see a section marked
"[386enh]" (again, without the quotes). In this section below, you
should see two lines which look something like this:

Device=C:\[path]vsmb.386
Device=C:\[path]vsbs.386

(Where [path] represents something like C:\WINDOWS\SYSTEM32, or
C:\DRIVERS).

If either of these lines are missing, or have the word "rem" or a
semi-colon in front of them, then replace them with the above.

If neither of them are there, you will need to search for their
location on the hard drive.

This advice comes from:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q273012

If you cannot get it to boot up to your desktop, there is another way
to do it. Instead of using Safe Mode from the menu, choose Command
Prompt. Then, when it finishes loading, type "c:\windows\command\edit
c:\windows\system.ini" and edit the file as above.

Good luck!

---

Request for Answer Clarification by star_toucher-ga on 20 Aug 2002 14:45 PDT

here's what i see in start, run, system.ini:
[boot]
oemfonts.fon=vgaoem.fon
shell=Explorer.exe
system.drv=system.drv
drivers=mmsystem.dll power.drv C:\PROGRA~1\BATTER~1\SBS.DRV
user.exe=user.exe
gdi.exe=gdi.exe
sound.drv=mmsound.drv
dibeng.drv=dibeng.dll
comm.drv=comm.drv
mouse.drv=lmouse.drv
keyboard.drv=keyboard.drv
*DisplayFallback=0
fonts.fon=vgasys.fon
fixedfon.fon=vgafix.fon
386Grabber=vgafull.3gr
display.drv=pnpdrvr.drv
;atm.system.drv=system.drv

[keyboard]
keyboard.dll=
oemansi.bin=
subtype=
type=4

[boot.description]
system.drv=Standard PC
keyboard.typ=Standard 101/102-Key or Microsoft Natural Keyboard
mouse.drv=Logitech
aspect=100,96,96
display.drv=NeoMagic MagicMedia 256AV

[386Enh]
device=*COMBUFF
device=TURBOVCD.VXD
device=C:\PROGRA~1\BATTER~1\VSMB.386
device=C:\PROGRA~1\BATTER~1\VSBS.386
ebios=*ebios
woafont=dosapp.fon
mouse=*vmouse
device=*dynapage
device=*vpd
device=*int13
device=*enable
keyboard=*vkd
display=*vdd,*vflatd

[NonWindowsApp]
TTInitialSizes=4 5 6 7 8 9 10 11 12 13 14 15 16 18 20 22

[power.drv]

[drivers]
wavemapper=*.drv
MSACM.imaadpcm=*.acm
MSACM.msadpcm=*.acm
VPM=NMGC5VPM.drv
wave=mmsystem.dll
midi=mmsystem.dll
MIDI1=vpiano.drv

[iccvid.drv]

[mciseq.drv]

[mci]
cdaudio=mcicda.drv
sequencer=mciseq.drv
waveaudio=mciwave.drv
avivideo=mciavi.drv
videodisc=mcipionr.drv
vcr=mcivisca.drv
MpegVideo=mpeg16.dll
ActiveMovie=mciqtz.drv
RealMagic=mpeg16.dll
Magic=mpeg16.dll
ReelMagic=mpeg16.dll
DVDVideo=mpeg16.dll
MPEGVideo2=mciqtz.drv

[vcache]

[Password Lists]
DEFAULT=C:\WINDOWS\DEFAULT.PWL
VALUED SONY CUSTOMER=C:\WINDOWS\VALUEDSO.PWL

[MSNP32]

[VSBS]
CACHE=0
BATTSELECTOR=1

[drivers32]
msacm.lhacm=lhacm.acm
VIDC.VDOM=vdowave.drv
MSACM.imaadpcm=imaadp32.acm
MSACM.msadpcm=msadp32.acm
MSACM.msgsm610=msgsm32.acm
msacm.msg711=msg711.acm
MSACM.trspch=tssoft32.acm
vidc.CVID=iccvid.dll
VIDC.IV31=ir32_32.dll
VIDC.IV32=ir32_32.dll
vidc.MSVC=msvidc32.dll
VIDC.MRLE=msrle32.dll
msacm.msg723=msg723.acm
vidc.M263=msh263.drv
vidc.M261=msh261.drv
VIDC.IV50=ir50_32.dll
msacm.iac2=C:\WINDOWS\SYSTEM\IAC25_32.AX
VIDC.MJPG=sonymjpg.dll
VIDC.dvsd=C:\PROGRA~1\COMMON~1\SONYSH~1\DVLIB\SONYDV.DLL
msacm.msaudio1=msaud32.acm
msacm.sl_anet=sl_anet.acm
msacm.voxacm160=vct3216.acm
vidc.mpg4=mpg4c32.dll
vidc.mp42=mpg4c32.dll
vidc.mp43=mpg4c32.dll
msacm.l3acm=C:\WINDOWS\SYSTEM\L3CODECA.ACM
msacm.l3codec=l3codeca.acm

[TTFontDimenCache]
0 4=2 4
0 5=3 5
0 6=4 6
0 7=4 7
0 8=5 8
0 9=5 9
0 10=6 10
0 11=7 11
0 12=7 12
0 13=8 13
0 14=8 14
0 15=9 15
0 16=10 16
0 18=11 18
0 20=12 20
0 22=13 22

Any ideas on how to fix this or does it seem ok? i have not tried the other method.

---

Request for Answer Clarification by star_toucher-ga on 20 Aug 2002 14:53 PDT

as a point of clarification - it appears this has something to do with
the battery?, which mysteriously stopped charging around the same time
the problems started. can a battery problem prevent a safe mode boot
up? the laptop is obviously plugged in, because it wouldn't work
otherwise.

---

Clarification of Answer by seizer-ga on 20 Aug 2002 15:17 PDT

You are discovering what I found out a while back - cleaning up after
a virus is extremely hard work!

The answer here, is that Sony laptops seem to have this as a problem
across the range. Yes, the driver it cannot load is part of
BatteryScope, so I imagine that it is impeding your battery's
charging. If you boot normally again, it will resume charging.

I found this information here:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&th=5b12de78b14a6a34&rnum=14

and also here:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&th=d77eb768874332e1&rnum=1

Of particular interest, is the line that reads: "Sony has confirmed
this is not a malfunction. Click "OK" and proceed with the operation
without taking any action." It appears that Sony has no wish (or
ability) to fix this.

However, if you cannot use FIXKLEZ.COM to remove the last traces of
this nasty virus, perhaps it might be best to try another product.
huntsman's excellent (and free) suggestion was AVG, available from:

http://www.grisoft.com

Other options include:

Antivir: http://www.free-av.com/
Avast: http://www.avast.com/avad1.htm

You can also do it without a full download, by going here:

http://housecall.antivirus.com/

I hope one of these products will clean up the last vestiges of the
virus. In the meantime, may I recommend contacting Sony and pestering
them about the error that they don't intend to fix?

Good luck!

-- seizer-ga

---

Request for Answer Clarification by star_toucher-ga on 20 Aug 2002 16:13 PDT

if i could have clicked on OK and proceeded i would have! as i
mentioned previously it FREEZES when the message comes on the screen.
so this is no fix. i think if i can just get into safe mode and run
the klez fix i will be fine - a BIG IF.

---

Clarification of Answer by seizer-ga on 20 Aug 2002 16:26 PDT

Hi there - I thought the mention of clicking "OK" was odd, but I
included it because I was quoting. As I mentioned above, it looks like
this error is unfixable until Sony address it themselves, and thus I
recommend taking a look at the four different (and free) antivirus
possibilities in the clarification above. Each of those should be able
to deal with Klez (as it is a common virus).

If you still wish to attempt booting in Safe Mode, then the only thing
left to try is to temporarily remove the two lines which are causing
the problem. I DO NOT RECOMMEND THIS COURSE OF ACTION, AS IT MAY MAKE
YOUR LAPTOP WORSE. However, if you still wish to try, repeat the
instructions above until SYSTEM.INI is being shown. Find the two
lines:

device=C:\PROGRA~1\BATTER~1\VSMB.386 
device=C:\PROGRA~1\BATTER~1\VSBS.386 

and add the word "rem" with a space after it, before the lines, as
follows:

rem device=C:\PROGRA~1\BATTER~1\VSMB.386 
rem device=C:\PROGRA~1\BATTER~1\VSBS.386 

Try safe mode after saving those changes. Once you have finished
removing the virus, be sure to restore the lines to their original
state.

Good luck - my preferred course of action is still the virus scanner,
however!

Good advice from Seizer.

Like he/she says, don't do anything else on your computer until you
have checked it for viruses. Above all, don't send any email.

If you do have the W32/Klez virus, it spreads itself by email. During
the time you have seen this error, you may have unknowingly sent out
infected emails to others. After cleaning up your own machine, you
should notify co-workers, friends, and family and urge them to check
their machines. Otherwise, you might just get it right back.

If you would like some additional information about the W32/Klez
virus, you can read about it here:

   Symantec Security Response
   W32.Klez.gen@mm
   http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html

   McAfee AVERT
   W32/Klez.e@MM 
   http://vil.nai.com/vil/content/v_99367.htm

Although divide errors can also be caused by various hardware/software
problems, it is unusual that Google didn't find anything at all about
a "WINKAIG.EXE" error that might be associated with them.

One nice free anti-virus application is:

   AVG 6.0 Free Edition
   http://www.grisoft.com/

Huntsman