1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] W98 opaserv virus and scandisc/defrag freezing up PC - please help

Discussion in 'Earlier Versions of Windows' started by Korky, Oct 8, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Korky

    Korky Thread Starter

    Joined:
    Oct 8, 2003
    Messages:
    6
    I have had a good look around the topics previously posted. There are related discussions, but despite trying out a number of ideas posted, I just can't seem to fix this one. I am reasonably proficient with the PC (Dell 650 PII, W98) and have hijackthis and spybotinstalled and ready to go. I guess I may need to calm down a little and do things in an orderly sequence, but these problems are really driving me mad. I will be eternally grateful if anyone can help me sort out the problems below. I'm sure I need to install a decent firewall and some viral protection software and would welcome any recomendations.

    First symptoms were different bits of software failing (HP printer software, Wordpad, etc.) The PC was also getting slow.

    I tried scandisk and the W98 defrag, but these no longer work. They hang up on me (even in safe mode or using MSCONFIG to load without other tasks running). Not the usual poroblems when the PC is busy. Both applications just stop and completly hang the PC. I guessed it may be a corrupted FAT or boot record and looked for a virus.

    I found what I think is opaserv (Brasil, alevir, etc) and cleaned out the EXEs. I installed the MS patch. (I have been on this for several days). It has all been to no end. The virus keeps coming back to me.

    I seem to have things stable enough to use the PC, but am being very careful (using system mechanic) to check/stop anything suspicious from running. I really need some guidance with a process to remove the virus properly.

    I am very worried about scandisc and defrag freezing up, and wonder what damage has been done. All my files/apps seem OK(ish), but I have lost my confidence.

    Please can you help me?
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  3. Korky

    Korky Thread Starter

    Joined:
    Oct 8, 2003
    Messages:
    6
    Rollin' Rog,

    This for replying to me. The log is appended and attached as a TXT file (Created this morning). The PC seemed to start up OK this morning (although I have had a few false dawns with this). Yesterday I cleaned off this suspect EXE's and anything that looked odd in Win INI. I am sure it will come back.

    Thanks again for offering to help me.

    Korky

    ------------------------------------------------------------------------------------

    Logfile of HijackThis v1.97.2
    Scan saved at 08:03:37, on 09/10/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.snapy.net/index2.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.snapy.net/index2.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/index_new_002.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.snapy.net/index2.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ALiUSBfix] c:\windows\SYSTEM\GREENMK.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
    O4 - Startup: USB Manager.lnk = C:\PROGRA~1\BELKIN\BELKIN~1\WLANMO~1.EXE
    O4 - User Startup: USB Manager.lnk = C:\PROGRA~1\BELKIN\BELKIN~1\WLANMO~1.EXE
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
    O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
    O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
    O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Dell Home (HKCU)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37608.4219560185
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: ChatSpace Java Client 2.1.0.95 - http://69.33.12.11:8000/Java/cs4ms095.cab
    O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
     

    Attached Files:

  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I don't see any software causes of those problems there. They sound like they may be hardware issues, possibly overheating.

    Is the fan working? You may need to take the cover off and keep a small table fan blowing to see if it helps. When problems tend to occur after the system has been on a while, that tends to point to heat.

    I would also check the ram.

    You can run a software tester such as this one. It should pass all tests without any errors.

    http://www.memtest86.com/
     
  5. Korky

    Korky Thread Starter

    Joined:
    Oct 8, 2003
    Messages:
    6
    Rollin' Rog,

    I wasn't the memory, but you got me thinking about what could be causing the problem. I think it is all fixed now.

    This is what I did for each problem. I hope it may be useful to others.

    Thanks for trying to help me. I did scan the memory, but all was OK. Read on though.

    Best wishes

    Korky

    The worm OPASRV - and the SPACES virus
    -----------------------------------------------------
    OPASRV was still there, even though it was not showing up on the hijackthis log. Probably because I had just completed a half-baked attempt to remove it just before doing the log. In the end, it was really hard to get rid off.

    I used the VCOM Systems Suite to get rid of most of the virus, but it is not 100% (running in W98). Things were further complicated by discovery of the 'SPACES' virus (1663 flavour) , which had infected about 500 files. I lost a few of these, but most came through OK. I thought I would be OK to clean the disc in safe mode, but that was not good enough. In the end I got hold of an evaluation copy of 'SOLO' virus. This will reboot the W98 system and clean down the files before W98 comes up. (Some infected files were locked by W98SE). SOLO did the trick - in the end. VCOM is very useful to use as a dynamic virus scanner. I will run it now and put up with the slower speed. I also have a firewall in place and am scanning e-mails. I have learned my lesson this time!

    Freezing up SCANDISC and DEFRAG
    ---------------------------------------------
    Another big pain. The W98 SCANDISK & DEFRAGGER would not run. Worse still, the VCOM versions were just as bad. In the end it turned out to be a corrupted FAT. Not too bad, but enough to do this. Again VCOM repaired the damage, and it is OK now. I did have a few corrupted files, but was lucky. I did a W98SE reload, and it is fine now. MORPHEUS got badly corrupted. Good I say. I think that is where the problem may have originated. I have canned it for good. Not worth the agro.

    I hope nobody else has these problems - very stressful!
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Thanks for the follow up Korky.

    Spaces is a particularly nasty one too if not fully cleaned. I assume it was or you will be having problems running newly downladed setup files which will be reported corrupted.

    It is spread mainly through infected floppy disks I believe, so you might want to be careful about what you have been using on the infected system.
     
  7. Korky

    Korky Thread Starter

    Joined:
    Oct 8, 2003
    Messages:
    6
    Thanks for trying to help. It all seems swell now. I have moved on to trying to sort out my USB 2.0 drive now. It only seems to work on the USB 1.x ports (backwards comp). The USB 2.0 ports seem to be OK though. I suspect I may be pushing this old box too hard!

    I have set up a separate thread with some details under W98.

    If you hear of any others getting problems with the viruses SPACES, etc., and they are getting frustrated, put them on to me whilst it is all fresh in my mind.

    Thanks again for your support.

    Korky
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/170433

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice