1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win 98 problem with virus or worm need help

Discussion in 'Virus & Other Malware Removal' started by offfbyone, Apr 25, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. offfbyone

    offfbyone Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    6
    I am running windows 98, my computer is slowing down, all my incomming e-mail has been attachment form, would have to open the attachment to read the message. got e-mail from my server that message I sent out had virus in it. I had norton 2004 on computer but it wasn't working right so I tried to uninstall it so I could reinstall, but it wouldn't uninstall. I went to microtrend to do a online virus scan, it would not download, so I tried a couple of other on line virus scanners none would download. I downloaded Avast virus cleaner on another computer put it on a floppy, it wouldn't run, window stated it couldn't create file and wanted to know if I wanted to format it. tried several other cleaners on floppy drive they wont run on my computer but will run on other computers. What can I do I have no idea what virus I have and there seems to be no way to scan my computer HELP PLEASE. ken
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You do sound like you have dire problems; but for now let's see if we can tell just what is running.

    Download both HijackThis and Coolwebshredder, CWShredder.exe from the site below.

    Run the Coolwebshreder, have it "fix" problems and reboot. Then unzip HijackThis to a permanent folder, run it and select "Scan". Save the Scanlog and copy/paste its results to a reply here.

    I will move this thread to the Security forum as well.

    http://www.spywareinfo.com/~merijn/downloads.html
     
  3. offfbyone

    offfbyone Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    6
    thanks for the quick reply I will download these in the morning and post back, I will have to download from another computer because it wont let my computer download ken.
     
  4. offfbyone

    offfbyone Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    6
    I downloaded the 2 files they won't run, window pop up saying invalid picture with only one option and that is to close, still need help ken.
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    "invalid picture"?

    Did this message occur when trying to open the .zip file or trying to run the .exe file? If "zip" you need zip program to first unzip the actual program to a permanent folder, and Windows may generate bogus messages because it does not have a proper file association for zipped files.

    If it was the zipped version you downloaded, try this instead:

    http://209.133.47.200/~merijn/files/HijackThis.exe

    Just right click on that url and select "save target as". Save it to a permanent folder.

    Also how long ago did this problem begin? In Win98 you have the option of restoring a previous registry if the issue is less than 5 days old.

    To do this, select Start > Shutdown > Restart in MS-DOS mode.

    At the c:\windows> prompt enter:

    scanreg /restore

    Note the dates available. Do not try restoring a very old registry if those are all that are available. However if recent dates are available for either the "morning of" or prior to the onset of the problem, select one of those using your arrow keys.
     
  6. offfbyone

    offfbyone Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    6
    this has been going for awhile over 5 days I finally got the program to run here are the results thanks ken.
    Logfile of HijackThis v1.97.7
    Scan saved at 3:28:05 PM, on 4/26/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSGLOOP.EXE
    C:\WINDOWS\SYSTEM\MSG32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\EPROMPTER\EPROMPTER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You only gave us a partial copy/paste.

    When the log is open, select Edit>Select All (the entire text should highlight), then select Edit > Copy.

    Now you should be able to right click on a reply here and select "paste". The entire text of the Scanlog should appear.

    Also here is an unzipped version of the CoolWebShredder, have you tried running it and having it "fix" problems:

    http://www.spywareinfo.com/~merijn/files/CWShredder.exe
     
  8. offfbyone

    offfbyone Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    6
    sorry I didn't post all of the log I as still learning here is the complete log thanks ken.

    Logfile of HijackThis v1.97.7
    Scan saved at 3:28:05 PM, on 4/26/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSGLOOP.EXE
    C:\WINDOWS\SYSTEM\MSG32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\EPROMPTER\EPROMPTER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - Startup: Shortcut to Today.lnk = C:\unzipped\today\Today.exe
    O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: RealGuide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {2B98A688-64C7-11D4-A8C6-00D0B7434954} - http://www.visitalk.com/CommSite/DownLoad/VisiCheck.cab
    O16 - DPF: Go2CallClient - http://www.go2call.com/maindialer/CallClient.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37901.7767592593
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.5.cab
     
  9. offfbyone

    offfbyone Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    6
    I forgot to let you know but I did run the cobweb shredder then shut down rebooted and ran hijack ken.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223862

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice