HoppaLong Posted January 25, 2010 Share Posted January 25, 2010 I want my elderly dad to move on to a newer Windows system.He won't, and I'm not going to argue with him at his age.He used 98SE mainly for email, so his system has always beenrelatively safe.My dad's firewall is practically screaming, MALWARE ALERT!Here's the popup from his firewall:"Windows Explorer has changed since the last time you opened it.This could be because you have updated it recently. Do you wantto allow it access to the network?"Almost everything I could find about this repititious warning is negative.Some kind of file that shouldn't be on your computer is trying to accessthe web. Ironically, I found a post from Bob Proffitt at CNET that givesa few benign reasons for this firewall popup.His main antivirus app is Avast. It found nothing.Running the latest version of Spybot (1.6.2) is a nightmare. The progressloading bar gets to the end and almost freezes. If the app actually launches,the system crashes during the scan. Even in Safe Mode it won't run.He has SystemSuite_v6.0 which includes an antivirus and spyware scanner.The definition updates are always weeks or months old for SystemSuite.It wouldn't hurt to run it anyway.I thought I could install SuperAntiSpyware as a substitute for Spybot. Right ontheir website they list a version compatible with 98SE. Unfortunately, theirdefinition files won't load on a 98 system.I was looking at the list of apps right here at MSFN. Some I've never heard oflike ClamWin.Online scans are not a good idea for an old desktop with limited system resources.I need some help selecting one or two more anti-malware apps. After the systemhas been scanned several times, I'll run HijackThis. Since HijackThis can only createa list of everything good and bad on your system, I would rather run a bunch ofscans first, then I'll let HijackThis do its thing.A little help picking a couple of apps that will run smoothly on 98SE is what I need.Thanks MSFN members! Link to comment Share on other sites More sharing options...
CharlesF Posted January 25, 2010 Share Posted January 25, 2010 1- With Process Explorer (or Ctrl + Alt + Del) have a look to what is running, ...and kill what is not suppose to2- In Start ->Run ->MsConfig (tab 'Startup') untick what is not suppose to be launched3- With HijackThis (even last version is running with Win98SE: http://go.trendmicro.com/free-tools/hijack...HijackThis.exe) have a deeper insight of the crap of your system, ...and clean it.4- I'm running also last Spybot S&D: slowly (= 90 mn for a complete scan), ...but it works.Charles. Link to comment Share on other sites More sharing options...
Prozactive Posted January 25, 2010 Share Posted January 25, 2010 I recently helped some friends with some particularly complex nasty malware rootkit infections, and one of the tools I found out about and used was AVZ (AntiViral Toolkit). It's not particularly user-friendly (developed in Russian) but it does seem very powerful and it runs in Win98. You can get it from here:http://www.z-oleg.com/avz4.zipYou need to update the definitions database via its update menu or you can manually DL and install the latest definitions via this file:http://z-oleg.com/secur/avz_up/avzbase.zipThe general advice for running a system scan is to use the "File" menu => "Standard scripts" and mark the "Advanced System Analysis with Malware removal mode enabled" checkbox.HTH Link to comment Share on other sites More sharing options...
lightning slinger Posted January 26, 2010 Share Posted January 26, 2010 I thought I could install SuperAntiSpyware as a substitute for Spybot. Right ontheir website they list a version compatible with 98SE. Unfortunately, theirdefinition files won't load on a 98 system.The last version of SAS Free that runs well on 98Se is V.4.24.1004 seehttp://www.msfn.org/board/index.php?showto...5936&st=363That version can be downloaded athttp://www.filehippo.com/download_superantispyware/5052/Before you download any definition updates, go to Preference and the Updates tab and remove both checks from the Automatic Updates!Big problem with SAS nowadays is opening the program and running updates as it really does bog the system down even on mine with a 1.4Ghz CPU and 1GB RAM. On a lesser system it might just bog it down to the point were it just freezes the PC. Trying it right after a reboot may help.The ESET or Symantec Online AV scanners in IE should not be too demanding on system resources.HTH Link to comment Share on other sites More sharing options...
submix8c Posted January 26, 2010 Share Posted January 26, 2010 Newest version of SpyBot runs poorly on older PC's. Run it in Safe Mode and let it load and run the scan (yes, it will still be extremely slow but it should run). Inside it (in Advanced Mode) you should be able to disable Startup items. As an alternative to disabling Startup Items, you can use CCleaner (which should also clear Temp files etc as well).Windows Explorer (EXPLORER.EXE) should only exist in the WINDOWS folder and should be dated 4/23/99 exact size 180,224 bytes. You could potentially extract the original (from WIN98_45.CAB?) and overlay the "changed" one (and ONLY one) from SafeMode/CommandPrompt.MalwareBytes may run, so get a copy of that. Safe Mode is best to use while scanning and best to be disconnected from internet (in all cases). HijackThis attachment is recommended (preferably after other scans).As I remember, this is one of those malwares that alter a number of files in addition to "generating" hard-to-kill processes under "strange names". Link to comment Share on other sites More sharing options...
HoppaLong Posted January 26, 2010 Author Share Posted January 26, 2010 (edited) All your replies are really great! Thank you guys.I Googled for any app that would stilll run on 98SE.I installed SAS_v4.24.1004 and manually downloaded the latestdefinitions file. The definitions file will not load on a 98 system.An error box appears letting you know that your system is too old.I posted on the SAS forum about this. Big surprise, no replies.If the defintions file won't load on a 98 system, all the links tov4.24.1004 should be removed. What good is this older versionof the app, if the latest definitions file is incompatible with 98?I purchased this desktop years ago when 98 was king. It's loadedwith all sorts of system info and tweaker apps. Process Explorershows nothing unusual. A tweaker app called WinBoost made backups of several critical systemfiles when it was installed, including explorer.exe. This firewall popupabout explorer started a few weeks ago. The backup of explorer.exe wasmade years ago, so I don't see how it could be the cause of this problem.Believe me, I've tried over and over with Spybot. In Safe Mode, theprogress loading bar reaches the end and then you get the BSOD.A few times, I got it running in the normal Windows environment.After several minutes the system pops up another error box, or itlocks up forcing a restart.I've read about that Russian app, AVZ. I'll definitely try this one. It mayfind some deeply buried or disguised file that's causing this problem.If you've been using computer for many years, like I have, you can almost"smell" malware. I became a "reg hacker" back in days of Windows 95, soI'm very comfortable with the registry. I've fixed a million problems thatmy friends and business partners thought were some kind of horrible virus.Obviously, millions of computers are infected with malware everyday. Thisdesktop my dad is using may have a nasty virus. I'm going to do everythingI can to track it down, if it exists.I've joined hundreds of forums over the years. I'm not sure why, but MSFNseems to attract more advanced and expert level computer users. Thanks again! Edited January 26, 2010 by HoppaLong Link to comment Share on other sites More sharing options...
submix8c Posted January 26, 2010 Share Posted January 26, 2010 (edited) FWIW, it may be the new version of SpyBot just won't run if you don't have sufficient RAM. Here is an older version that might work. Download and install it, then get the latest INCLUDES here (Detection Updates) and install after. Running this on an old HP (around 500mhz? + 256mb RAM) right now (LOADED w/bad stuff). And... if you have another stick of compatible RAM, that may help.edit -You mentioned that the "firewall" is what issues this message. Never heard of a firewall doing that. A quick search on the partial string indicated another user elsewhere (XP) had this message AND was running WinPatrol. Is this by chance what made the "backups" and is issuing the message?Oops - Sygate Firewall?... Edited January 26, 2010 by submix8c Link to comment Share on other sites More sharing options...
Prozactive Posted January 27, 2010 Share Posted January 27, 2010 I think you'll be pleased with AVZ. It seems very sophisticated and powerful, searching for rootkits, keyloggers, and the like.Curious you're having so many problems with Spybot. I'm running Spybot 1.6.2 on my old fairly slow RAM-limited Win98SE laptop without any problems, although it does continue to take more and more time loading as I keep its definitions updated. Right now it's up to around 5 minutes to load, which is very aggravating, but it does load without any errors or crashes. Ditto with the system scans.Thanks for the info about SuperAntiSpyware. I DL'ed it a while back and was thinking about loading it and trying it out, just to have another anti-malware tool in my arsenal. I may still do so to see if I encounter the same definitions compatibility problem you reported.I don't believe MBAM works in Win9x/ME although I have not tried it to see. They officially state it only works in Win2K/XP/Vista/7. I do use it and find it to be one of the best, most effective anti-malware tools out there. All of my Win98 systems are dual-boot, so I load MBAM and other non-Win98-compatible anti-malware programs in WinXP and scan my Win98 partition from there.Good luck and keep us posted. Link to comment Share on other sites More sharing options...
lightning slinger Posted January 29, 2010 Share Posted January 29, 2010 I installed SAS_v4.24.1004 and manually downloaded the latestdefinitions file. The definitions file will not load on a 98 system.An error box appears letting you know that your system is too old.I posted on the SAS forum about this. Big surprise, no replies.If the defintions file won't load on a 98 system, all the links tov4.24.1004 should be removed. What good is this older versionof the app, if the latest definitions file is incompatible with 98?I see from the SAS Forum that on January 25th you were advised by the Site Admin to "update the definitions file from within the program". If you had followed that advice and removed the checks from Automatic Updates, which prevents program updates as mentioned by both the Site Admin and myself, you would have V.4.24.1004 fully working. Link to comment Share on other sites More sharing options...
HoppaLong Posted January 30, 2010 Author Share Posted January 30, 2010 (edited) I apologize for not returning to MSFN sooner.I'm trying to run a business, and fix my dad's Gateway when I havesome spare time. Not an easy thing to do!I found a way to run Spybot on this old desktop. The procedure Iused is somewhat complicated, so I'll post it seperately. The resultswere much better than I expected. Spybot ran like a champ!If I understand correctly, SAS_v4.24.1004 can be updated manually if Iremove the ticks from Automatic Updates. In other words, the definitionsfile will load on this 98 desktop, and that error box about the system beingtoo old was erroneous. Is that what you are saying, lightning slinger?I freely admit guys, I'm don't like posting on any forum. When I do post,if there is no reply after a couple of hours I ususally don't return for weeks.The fact is, I'm a very shy person. I've been a partner in a small businessfor 15 years. Our clients almost never talk to me. I'm definitely not agood salesperson.When you reach a certain level of computer expertise, it's almost painfulto post about any computer problem. After I've tried everything I can think of, I force myself to post a question. 98% of the time I get no reply.As an example, I posted a clean HJT log, along with the text from thatfirewall popup. About 150 views, no replies. I wouldn't reply either! Whena solution is not easy or obvious, plugging away, sometimes for weeks,may be the only way to resolve a difficult problem.I'm convinced that this desktop clean.Avast, Trend Micro (part of SystemSuite) Spybot, and AVZ found nothing.Well, AVZ listed a script I created for my dad's desktop as a possible threat!I've been creating scripts for years to automate all sorts of processes thatwould be incredibly repititous and time consuming if done manually. This isthe first time a script created by me has appeared on a list of possible malware.It's kind of depressing. If you ran fifty scans using different apps how manyfalse positives would there be? A few hundred, I bet. From a full command prompt, I deleted the old copy of explorer.exe andreplaced it with a fresh one. Before deleting the old copy, I removedWindows Explorer from the firewall list of apps. After the new copywas back in the Windows directory, I put explorer.exe back on thefirewall list as a blocked entry. So far, my dad says that popup hasn'treturned. Maybe the old copy of Windows Explorer was corrupt. Ihope the problem is fixed. Only time will tell. Edited January 30, 2010 by HoppaLong Link to comment Share on other sites More sharing options...
lightning slinger Posted January 30, 2010 Share Posted January 30, 2010 If I understand correctly, SAS_v4.24.1004 can be updated manually if Iremove the ticks from Automatic Updates. In other words, the definitionsfile will load on this 98 desktop, and that error box about the system beingtoo old was erroneous. Is that what you are saying, lightning slinger?With V.4.24.1004 on 98SE before anything else go to Preferences, Updates tab and yes remove the checks under the heading "Automatic Updates". Yes ,it is badly worded terminology SAS has used here.The check at "Automatically check for program and definition updates every 8hrs" is for SAS Pro only and not the free version. The important check to remove is that for "Check for program updates when the application starts". This will keep you on V.4.24.1004 and not automatically download the newest program version which will not run on 98SE.Then you must update from within the program with the "Check for Updates" button on the opening GUI, this will download first the core definitions and secondly the trace defintions. Downloading from the Manual Installer does not work as you have found.By the way addition of KernelEx will allow you to run the latest version of SAS Free which is alot less thirsty as regards CPU and RAM usage.I don't think any malware infection is easy to deal with if not recognised straight away, I have just spent my spare time of the last three days removing 24 infections from a friends XP machine using a combination of around half a dozen apps from BitDefender Rescue Disc 2009 through Malwarebytes etc and the only app that would remove the last stubborn infected file was TrendMicro's HouseCall Online scanner of all things.HTH Link to comment Share on other sites More sharing options...
Prozactive Posted January 31, 2010 Share Posted January 31, 2010 I don't know what's causing your problem with Windows Explorer but I'm pretty sure you don't have a malware problem if Avast, Spybot, and AVZ scans are clean. AVZ is very thorough and does seem to flag various legitimate processes and files for various reasons. If you know you're the author of a script, then it's obviously not a problem. I have a similar and more aggravating problem with AntiVir in that it continues to detect several batch files I've created as FPs, and I can't seem to exclude them from its real-time scan. BTW, I came across another anti-malware program called Dr.Web CureIT! that claims to work in Win98. It gets good reviews but I have not personally tried it yet.You may want to try updating your version of Windows Explorer. Mine has been updated by NUSB33 (Native USB drivers) then again by Explor98, both of which are available at MDGx's website. HTHAnd thanks lightning slinger for the information on how to update SAS for Win98SE. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now