1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows 98 freeze caused by virus brought in .gif file

Discussion in 'Virus & Other Malware Removal' started by johnpetroff, Aug 10, 2006.

Thread Status:
Not open for further replies.
  1. johnpetroff

    johnpetroff Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    1
    Hi all,

    On August 7 I opened an email message 31K in size (not attachment, message itself)
    apparently containing or asking for a .gif file. Immediately, two alerts appeared one
    saying something to the effect ".GIF file could not be opened", and the other saying some
    other file not opened. I deleted the message right away. But that did not prevent the
    computer to freeze soon after. For the past three days, I have restarted the computer
    with diverse success: sometime using it for over two hours, sometime not even
    reaching a complete loading of Windows 98. When Windows does not load, the only
    way for it to load again is not to restart it, but to turn it off for some time.

    Although I have mostly removed the antivirus software McAfee four years ago
    because it did not prevent some virus from creeping in at that time, and because I
    need to use SSH almost on a daily basis, I have not had virus infection since then. I
    attribute that to using Pegasus to process some 100,000 emails without snag. But
    this time it is not work.

    Naturally, I am posting this thread on a different computer than the one that is infected.

    During the few moments the infected computer functioned, I managed to run
    Hijack this, Ad-Aware, Spybot and taskmanager16. Registryfix did not manage
    to scan all registries before dying, but reported 446 critical objects. Readings
    various forums and listings in Sysinfo.org in particular, I turn off (foolishly
    probably) mdm.exe, cftmon.exe, sm56hlpr.exe and Mosearch.exe with msconfig,
    and removed cmesys.exe with regedit. This helped make Scandisk to work better,
    but did not prevent the computer to continue on crashing.

    Here is the log file produced Hijack this:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:45:12 PM, on 8/10/06
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\CY_BG.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\WINZIP100\WZQKPICK.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe,
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://weather.yahoo.com/forecast/Albany_NY_US_f.html"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\VZBB.DLL
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
    O3 - Toolbar: Systran40perso.IEPlugIn - {D3919E86-D6A5-11D6-AC3E-00B0D094B576} - C:\PROGRAM FILES\SYSTRAN\4_0\PERSONAL\IEPLUGIN.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\VZBB.DLL
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Atikey] Atitask.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\McAfee\McAfee VirusScan\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Startup: Mount Safe & Sound Volumes.lnk = C:\Program Files\McAfee\McAfee Shared Components\Safe & Sound\fbmount.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip100\WZQKPICK.EXE
    O4 - Startup: AutoSpell 5.lnk = C:\Program Files\Plus!\SYSAGENT.EXE
    O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
    O8 - Extra context menu item: SYSTRAN: &Translate - C:\Program Files\Systran\Premium\menuTranslate.html
    O8 - Extra context menu item: SYSTRAN: Translate All &Frames - C:\Program Files\Systran\Premium\menuTranslateAll.html
    O8 - Extra context menu item: SYSTRAN: &Clear Translation Cache - C:\Program Files\Systran\Premium\menuClearCache.html
    O8 - Extra context menu item: SYSTRAN: &Register - C:\Program Files\Systran\Premium\menuRegister.html
    O8 - Extra context menu item: SYSTRAN: Check for &Updates - C:\Program Files\Systran\Premium\menuUpdate.html
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: @sysiecom.dll,[email protected],Translate (SYSTRAN) - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,[email protected],SYSTRAN: Translate - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslate.html
    O9 - Extra button: @sysiecom.dll,[email protected],Translate Frames (SYSTRAN) - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,[email protected],SYSTRAN: Translate All Frames - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuTranslateAll.html
    O9 - Extra button: @sysiecom.dll,[email protected],Options (SYSTRAN) - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,[email protected],SYSTRAN: Options - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuConfigure.html
    O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,[email protected],SYSTRAN: Clear Translation Cache - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuClearCache.html
    O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,[email protected],SYSTRAN: Register - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuRegister.html
    O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
    O9 - Extra 'Tools' menuitem: @sysiecom.dll,[email protected],SYSTRAN: Check for Updates - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Premium\MenuUpdates.html (file missing)
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .txt: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: AllClasses - http://www.questia.com/AllClasses.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

    You may advise me to switch to a newer computer. And I have done that already.
    But I need to work on my old Windows 95 (which is not infected) and Windows 98
    computers because I manage a volunteer not-profit web site at peoi.org that serves
    students located mostly in developing countries where many recycled computers
    are used.

    Please help me get rid of the bug.

    Thanks.

    John
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/491219

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice