Solved: Smitfrad virus deleted wininet.dll file!

[Crowfoot]

I hope you can help me.

I am running Windows 98 SE (Win9x 4.10.2222A) and my browser is Internet Explorer v5.00 (5.00.2614.3500).

Recently my computer was, and still is, infected with the Smitfrad/Antivirus Gold ver2.0 virus which I am unable to remove. This virus has apparently deleted my wininet.dll file as it is not to be found in the directory when a file search is done.

Unfortunately, the Vendor, who is no longer in business, installed Win98SE with zip files(approximately 100 of them) and did not provide me with a disk operating system CD.

I am unable to open Internet Explorer and get this error code when I attempt to do so:

IEXPLORE caused an exception c06d007eH in module URLMON.DLL at 0167:7705cd3d.
Registers:
EAX=005850d0 CS=0167 EIP=7705cd3d EFLGS=00000246
EBX=00000000 SS=016f ESP=00585094 EBP=005850c4
ECX=c16e5430 DS=016f ESI=7703d780 FS=3ba7
EDX=81625a6c ES=016f EDI=00000000 GS=0000
Bytes at CS:EIP:
8b 45 f8 e9 d2 09 fe ff 6a 08 6a 40 ff 15 ec 13
Stack dump:
00000200 005892b8 0000000a 00000024 7703d780 77084084 7703d768 00000001 7707f568 00000000 00000000 00000002 00585930 7703d64d 0000007c 005850a0

In addition, most of my desktop Icons won't work and many of the programs I need to remove this virus and other malware will not function without the wininet.dll file.

My HijackThis_Log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 6:14:45 AM, on 7/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\TOOLS\REXPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\HIJACK THIS\HIJACKTHIS NEW 062505.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.152.119.34:14524
F1 - win.ini: run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE C:\WINDOWS\SYSTEM\SERVICES\IR.EXE C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\b0diltfu.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\b0diltfu.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\SYSTEM\6080.EXE
O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program Files\Windows Media Components\Tools\nsppthlp.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O15 - Trusted IP range: 195.190.118.157 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O20 - Winlogon Notify: style2 - C:\WINDOWS\Q17583396_DISK.DLL (file missing)

No one I know has a CD of Win98SE and, as my computer is fairly old, I really don't want to go to the expense of buying a copy if at all possible.

Any suggestions on what I might do to resolve this problem would be greatly appreciated as browsing with the bloated Netscape 7.1 is slow and cumbersome.

Thank-you very much for your anticipated reply and assistance.

Regards,

Crowfoot

 

[Flrman1]

Hi Crowfoot

Welcome to TSG!



* I am attaching a copy of the wininet.dll file from a 9x box to this post. It is zipped in the 98Wininet.zip file. Don't use it yet. Just unzip it and have the file ready to copy to the C:\Windows\System folder later. We need to remopve the infection first or it will just reinfect the new wininet.dll file.


* Click here to download smitRem.zip.

• Save the file to your desktop.
• Unzip smitRem.zip to extract the two files it contains.
• Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

* Go here to download CCleaner.

• Install CCleaner
• Launch CCleaner and look in the upper right corner and click on the "Options" button.
• Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
• Click OK
• Do not run CCleaner yet. You will run it later in safe mode.

* Go here and download Ad-Aware SE.

• Install the program and launch it.
• First in the main window look in the bottom right corner and click on Check for updates now
• Click Connect and download the latest reference files.
• Do not run Adaware yet. Just download the updates and have it ready to run later in safe mode.

* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

F1 - win.ini: run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE C:\WINDOWS\SYSTEM\SERVICES\IR.EXE C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE

O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe

O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\SYSTEM\6080.EXE

O20 - Winlogon Notify: style2 - C:\WINDOWS\Q17583396_DISK.DLL (file missing)


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM\6080.EXE

C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE

C:\WINDOWS\SYSTEM\SERVICES\IR.EXE

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Delete this folder:

C:\WINDOWS\SYSTEM\SERVICES


* Now launch Adaware:

• From main window click Start then under Select a scan Mode tick Perform full system scan.
• Next deselect Search for negligible risk entries.
• Now to scan just click the Next button.
• When the scan is finished mark everything for removal and get rid of it.
• Right-click the window and choose select all from the drop down menu and click Next

* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Now copy the new wininet.dll file to your C:\Windows\System folder.

Go to Start > Run and copy and paste this line in the Run box:

regsvr32 wininet.dll

Click OK.


* Restart back into Windows normally now.


* Download DelDomains.inf from here.

Rightclick DelDomains.inf and choose install.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

 

[Crowfoot]

Hello flrman1,

Thank-you for your prompt reply.

I have followed your instructions, downloaded the programs mentioned, and things appeared to go well up until the point when you asked me to RunThis.bat file.

The RunThis.bat tool appeared to run ok but the disk cleanup process only ran for about one half second before exiting the program. I found this to be unusual.

The Killbox procedure seemed to work well as the pop-ups from the Start Up Menu no longer appear.

I have no C:\WINDOWS\SYSTEM\SERVICES folder in my directory.

I was unable to launch the Ad Aware program because of the wininet.dll problem.

CCleaner would not run. I got this error:

This program performed an illegal operation and will be shut down

CCLEANER caused an invalid page fault in
module <unknown> at 0000:00000013.
Registers:
EAX=007004d5 CS=0167 EIP=00000013 EFLGS=00010a82
EBX=006af084 SS=016f ESP=006af014 EBP=006af030
ECX=5dc94200 DS=016f ESI=000080a8 FS=2f0f
EDX=8162f9ac ES=016f EDI=006af038 GS=0000
Bytes at CS:EIP:
00 54 ff 00 f0 4c e1 00 f0 6f ef 00 f0 00 00 00
Stack dump:
0000016f 0042c95d 00000508 00000084 00000000 00be01d8 000080a8 006af050 bff7363b 00000508 00000084 00000000 00be01d8 80822caf 0000016f 006af064

"Reset Web Settings" to the original Internet Explorer defaults seemed to go ok.

There is no "Desktop tab" in the Display Properties of the Display Program. I did manage to change the color of desktop background, however.

My attempt to paste the wininet.dll file to the registry as per your instructions failed and gave me this error code:

LoadLibrary("wininet.dll") failed GetLastError returns 0X00000002.

But, I do have a wininet.dll file in my directory now, after following your earlier instructions.

I rebooted back into Normal Mode but now my desktop icons and Netscape 7.1 browser have the same appearance as if I was operating in Safe Mode, which I'm not. So, I'm unsure what's going on there!

The "DelDomains.inf" procedure wasn't doable as Internet Explorer still gives me the same error code as before when I try to open it and most of the Desktop Icons remain unfunctional.

I thought it pointless by this time to do the Panda Anti-virus scan, so I didn't do this.

Attached is a new HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 5:35:53 PM, on 7/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\TOOLS\REXPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\HIJACK THIS\HIJACKTHIS NEW 062505.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.152.119.34:14524
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\b0diltfu.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\b0diltfu.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program Files\Windows Media Components\Tools\nsppthlp.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O15 - Trusted IP range: 195.190.118.157 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

Thanks again for your help. It is very much appreciated!

Crowfoot

 

[khazars]

hi there.

Try this.


I'm uploading the smitfraud fix.reg, unzip it and doube click it to enter it into your registry.


if you don't have a copy of wininet.dll

download a new copy here.

http://www.dll-files.com/dllindex/dll-files.shtml?wininet



use the killbox to delete


C:\WINDOWS\SYSTEM\wininet.dll

then drop or register wininet.dll, follow flrman's instructions above for that.


rerun deldomain.


run panda's scan

run ccleaner.

post a new log and the panda scan log

 

[Crowfoot]

Hello flrmn1

 

[khazars]

flrman is not on just now, he's in America, so you might have a long wait as it's only 5-6am there, but you can wait for him if you wish!

 

[Crowfoot]

Hello Khazars,

Please delete the last reply message to ferlman1 which contains no information as it was sent by accident. Sorry!

Further to your reply, the smitfrad.reg zip file never arrived with the message you sent. So, I can't proceed.

In addition, the wininet.dll file that flrman1 sent is the Internet Extension for Win32, v.6.00.2600.0000 and I believe I need the Internet Extension Win32, v5.00.2614.3500 version of the wininet.dll file. Dll-files.com does not have this version in their dll library. My browser details are contained within the HiJack This Log sent earlier.

Also, are you able to help me restore my desktop and browser settings back to "normal", as although I am running in Normal Mode, the desktop icons and Netscape browser I am using have all the features as if I'm running in Safe Mode as per my earlier reply to flrman1.

Thanks for the help,

Crowfoot

 

[khazars]

If you look at my first message, post 4, there is a smitfraud reg fix attached to the post, you just click on it to download it!

I just checked it and it's working. This should hopefully restore your desktop, and might free up IE to allow you to fix the wininet.dll problem?

Do you have IE 5, why not download IE 6, you can use Netscape, mozilla until you download it?

 

[Crowfoot]

Hello khazars,

Ok, I've downloaded and successfully installed the smitfrad.reg file and added it to the registry.

I deleted the wininet.dll file located in the C:\windows\system directory\ path using Killbox and Exited the program.

I downloaded a new wininet.dll file from dll-files.com, unzipped it, and extracted the file to C:\windows\system directory\ . Flrman1's earlier instructions requested that I "copy" the wininet.dll file to the system directory. Am I doing something wrong here???

I then tried to do the regsvr32 wininet.dll procedure ie.) Start > Run> copy and paste regsvr32 wininet.dll in the box > pressed OK and got the same error message as before.

I then rebooted and the only thing that changed is the background color (blue) on the Desktop. Everything else continues to function as if I'm operating in Safe Mode.

A search of the system directory now shows two wininet.dll files. One in C:\windows\system directory\ and the other is in C:\!Submit which I guess is a Killbox cache of some sort.

My apologies for not noticing the file attachment you sent earlier.

I'm not sure but I believe I have to be using Internet Explorer (which I'm unable to do presently) to upgrade to IE 6.0. I'll see if I can find a version of IE 6.0 that corresponds with the wininet.dll file version and try to install it as the default browser using Netscape, if we can't make any progress in resolving these problems.

Kind regards,

Crowfoot

 

[Crowfoot]

Khazars,

I just Googled IE 6.0 and unfortunately the wininet.dll file we have corresponds to a version of IE 6.0 for the Windows XP operating system. I thought this might be the answer to many of our problems, but I guess not as I'm using Win 98 SE.

Crowfoot

 

[khazars]

ok. wait for flrman, he knows all about IE , if anyone can work this one out he'll do it for ya!

hang in there, check back in a few hours or so!

 

[Flrman1]

We can probably have you download and install IE 6 SP1 and take care of the wininet.dll problem, but first we need to remove the infection or it will just reinfect the file.

You mentioned having several problems doing all the fixes in my first post. Were you doing it all in safe mode?

 

[Crowfoot]

Khazars/flrman1,

I did a forum search for Win98 SE and looked at a number of HiJack This Logs in the threads; I came across a member (daviduu) who has the exact same Win 98SE/IE 5.0 set up as me.

He has not been active here since May 29th and I'm wondering if it would be appropriate to ask a favor of him to make a copy of his wininet.dll file and upload it to one of the forum moderators.

His profile indicates he doesn't want e-mail from other members and if he's been inactive for 5 weeks, its hard to say if he'd respond to a message left by a member he doesn't know.

I understand an Administrator may be able to send an e-mail to this member, but again I don't know if this would be an appropriate course of action or is against the Forum Rules!

It's just a thought!!!

Crowfoot

 

[Flrman1]

There are easier ways to get the file. Did you see my last post?

 

[Crowfoot]

Yes I did and thanks for all of your help!