1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus scaning

Discussion in 'Virus & Other Malware Removal' started by RS419, Sep 29, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. RS419

    RS419 Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    8
    I have been trying to use the pandasoftware active scan and every time i start it it don't get far and something comes up and said i have preformed a illegal operation and when i click it off it cuts my computer off.I have windows 98 and i have Mcafee.Then i tryed spyware and after i downloaded that when i went to open it that said setup files or corrupted.Please obtain a new copy of the programs.Don't know what to do now and my computer is very slow.
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Can you give the full, exact message regarding "corrupt" downloads. I fear you may have the "spaces" virus, but fortunately there is a repair for it if we know for sure.

    Can you download, unzip and run HijackThis and post a Scanlog?

    http://www.tomcoyote.org/hjt/
     
  3. RS419

    RS419 Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    8
    Logfile of HijackThis v1.97.2
    Scan saved at 3:37:07 AM, on 10/1/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
    C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
    C:\AMERICA ONLINE 6.0\WAOL.EXE
    C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {9EBE0402-27C2-11D6-A9D5-00500413153C} (DFRun Class) - http://webpdp.gator.com/download/iegator_3090_webpdpgeneric.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4028.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0312.dll
    O16 - DPF: {9EBE0412-27C2-11D6-A9D5-00500413153C} (DFRun Class) - http://webpdp.gator.com/download/iegator_3090B_hd3ptdm.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, I see a few spy/adware problems there, but I don't know if they are responsible for the problem you are encountering. In any case they need to be cleaned.

    Here's what I'd like you to do for starters. Download and install Spybot. Once it is installed, click the Online tab, then "search for updates". Download all updates.

    http://tomcoyote.org/SPYBOT/index1.html

    Before actually running Spybot to "check for problems", go to Add/Remove programs and remove:

    new.net

    and reboot.

    If New.net is not found in Add/Remove progrms, you will have to follow instructions here for removal:

    http://www.newdotnet.com/#remove

    Once new.net is removed have Spybot "check for problems" and once the scan has completed have it fix everything it checks. Reboot afterwards and post another Scanlog.
     
  5. RS419

    RS419 Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    8
    I downloaded and installed spybot. I searched for updates and downloaded all updates. I removed new.net and then reboot. I checked for problems and fixed everything it checked and reboot afterwards. I tryed to scan for virus again and the you have preformed a illegal operation came back up again and it said when i clicked details WAOL caused an invalid page fault in module OLE32.DLL at 017f:7ff847f4. and now here is the new scanlog:


    Logfile of HijackThis v1.97.2
    Scan saved at 11:56:08 AM, on 10/1/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\AMERICA ONLINE 6.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4028.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0312.dll
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    The scanlog looks faultless now.

    If you use IE instead of AOL as your browser, do you get the same error?

    It might be worthwhile to install the dcom98 1.3 update for OLE files. If you have mismatched versions, this should set them straight:

    http://www.microsoft.com/com/dcom/dcom98/dcom1_3.asp

    I do notice that you do not have ScanRegistry listed in your startups. Although unrelated to your problem, this should be present in any Win98/ME starting profile.

    Would you run msconfig and click on the Startup tab.

    Do you see ScanRegistry there? If it is UNchecked, please check it.
     
  7. RS419

    RS419 Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    8
    I used IE and AOL as my browser and still got the same error.I installed dcom98 1.3 update and still got the error.When I clicked on details it said EXPLORER caused an invalid page fault in module MSHTML.DLL at 017f:70c32cdf.

    I also did run Msconfig and ScanRegistry was unchecked so I checked it.
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Is the error always the same one, or is it changing?

    Mshtml errors are tough nuts to crack. Sometimes they are caused by outdated video drivers. Others seem peculiar to particular browser versions. IE 5.5 was one, but the issue was supposed to pertain to the WinME version.

    When doing these online virus scans, I've found it best not to do any browsing or anything else until they complete -- in spite of what they say!
     
  9. RS419

    RS419 Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    8
    It seems they are not always the same.I had one that said explorer executed an invalid instruction in module VSAPI32.DLL at 017f:67272 ead.

    Then another one said explorer caused an invalid page fault in module MSHTML.DLL at 017f: 70c32cdf

    Another one said explorer caused an invalid page fault in module <unknown> at 0000:72dlb087.

    Then i have to click the x to get it off and then it shuts me down.Then it takes a few mins to every get back on.
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    It could be a video driver problem or perhaps a hardware issue such as overheating. It doesn't sound like a Windows file issue if they are happening randomly like that.

    Do they tend to happen after the system has been on for a while, as opposed to soon after a startup? I'm leaning towards a heat issue, actually.
     
  11. RS419

    RS419 Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    8
    actually it has not done it in awhile.Seems it only does it now when i try to do the virus scan.Every time i do the virus scan it will start scanning but then not long that will pop up there.If I don't do that it don't come up.
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    The virus scanning could be making high, sustained use of the cpu which might then get overly hot.

    Have you tried HouseCall as well as Panda?

    You can also try downloading and running Trends Cleaner; it does not use ActiveX like the others and is a full fledged virus scan:

    http://www.trendmicro.com/download/tsc.asp

    If you want to install a freeware antivirus program, try AVG:

    http://www.grisoft.com/us/us_dwnl_free.php

    I would recommend this as it will give you real time protection.
     
  13. RS419

    RS419 Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    8
    I have tried House Call as well as Panda.I also wanted to let you know I do already have Macafee installed before I install another antivirus.
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I didn't see anything in the startups, did you completely disable McAfee?

    You need to have some real time protection.

    And if the Mcafee version was an old one, it might not have been offering the level of protection necessary for the newer threats.
     
  15. RS419

    RS419 Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    8
    Could you please tell me why after i have been online for awhile I will get something that saids you have preformed and illegal operation and will be shut down then it cuts me off and have to restart my computer.Another problem when i first sign on it takes little bit for my welcome screen to pop up.Can you help me with these problems.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168409

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice