Jump to content

Does Spybot SD Work on Win98 ?


JorgeA

Recommended Posts

georg,

Would I be correct in surmising that the answer is that Spybot works on Windows 98 -- but not when Norton Internet Security is on the system?

The odd thing is that they seemed to work well together for 4-5 years, and then NOT, all of a sudden.

I checked out the Wikipedia entry you cited, and noticed that PC Magazine downgraded its rating for Spybot in the same year (2008) that Spybot stopped working fully for me. Wonder if there is any connection there.

Last night I spent time navigating the DW Help files, and came across the same texts you cited regarding first chance exceptions. Unfortunately, the question remains opaque to me since, as I understand the explanations, a "First chance exception" is no big deal until and unless you get a "second chance exception." And that's the thing -- at the end of the Spybot scan, I was getting tons of "firsts," but NO "second chance exceptions." Perhaps you or an observer can throw light on the subject.

In view of the ASOEHOOK.DLL issue, as a test I've disabled Norton's antispam and e-mail scanning features (I no longer do e-mail on that PC anyway), and have been running a series of SSD scans to see what happens. For faster results I started with a very limited file set and then have been adding more each time. So far, every time the whole screen has frozen at the end, requiring a cold reboot. (When I was running full scans, it wouldn't freeze the computer, just give the illegal operation message.)

If that doesn't do the trick, I may delete that DLL and see what happens. (Is there any other way to disable it, short of uninstalling NIS?)

Anyway, I want to thank you for all the time and information that you've put into this over the past couple of weeks. It's been a very educational experience for me, and I appreciate it.

Gratefully,

--JorgeA

Link to comment
Share on other sites


Is there any other way to disable it, short of uninstalling NIS?

Yes. Unregister it with regsvr32 /u and change its extension to, say, .off... That should be enough, and is easily reversible!

Link to comment
Share on other sites

Is there any other way to disable it, short of uninstalling NIS?

Yes. Unregister it with regsvr32 /u and change its extension to, say, .off... That should be enough, and is easily reversible!

dencorso,

This forum is just great, there are so many knowledgeable people in it who are willing to share their knowledge. :thumbup

Thank you.

--JorgeA

Link to comment
Share on other sites

Is there any other way to disable it, short of uninstalling NIS?

Yes. Unregister it with regsvr32 /u and change its extension to, say, .off... That should be enough, and is easily reversible!

dencorso,,

Well, when it comes to Norton, apparently nothing is as simple as it sounds. I tried the REGSVR32.EXE utility, and it returned the following message:

"asoehook.dll was loaded, but the DllUnregisterServer entry point was not found.

"DllUnregisterServer may not be exported, or a corrupt version of asoehook.dll may be in memory. Consider using PView to detect and remove it."

Two questions --

1) What does it mean when it says that the "entry point was not found," and that the unregister server "may not be exported"?

2) What do we do now? "Find Files" didn't come up with anything called PView on my computer.

Still plugging away,

--JorgeA

Link to comment
Share on other sites

JorgeA,

Hope this helps. I had run spybot on my 98 for many years. I read in early 200? that Norton/Symantec and Spybot were in a fight over adware and spyware definition and tactics. Their disagreement lead to Norton not allowing Spybot to run on a system with their software. You can read about this on their(Spybot) website under the news forum.

Have you contacted The Spybot Team for support on this issue? They have always been great support when their have been difficulties running on systems.

I have been using spybot on all my systems since the product came out and have never had any difficulty running it on systems unless Symantec/Norton products were installed with it. Their website states fully compatible and working on win98.

http://www.safer-networking.org/en/spybotsd/index.html

Edited by athome
Link to comment
Share on other sites

...

JorgeA,

Have you tried scanning at startup to see if it will complete before the system loads completely. Before doing so, temporarily disable all Symantec services(restart if successfully scanned)

athome,

That's a great idea! I'll try it.

Regarding scanning in Safe Mode, I've tried that and unfortunately it hasn't helped.

And I do have Norton 360 and Spybot working together well (apparently!) on my Vista machine. I have a short thread going on over at the Safer Netowrking forum, asking about the latest round of warnings from the Symantec community about running Spybot at the same time as Norton products.

But I will definitely try having Spybot scan at startup, and see what happens. Thanks for the tip!

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites

JorgeA -

You wrote: "What does it mean when it says that the entry point was not found, and that the unregister server may not be exported?"

It means you can't unregister a loaded DLL that a Windows process is currently using.

You wrote: "Find Files didn't come up with anything called PView on my computer."

pview.exe is a Microsoft utility, a "Performance View Debugging Applet", that was released with the Win2K Resource Kit for network administrators. Among other things, it enables the user to identify and kill a running process. It runs on Windows 2000, Windows NT, and Windows Server. It runs for me on XP, but not on Win98.

If you merely remove the DLL's you will get an error, as Norton will still try to load them.

Symantec had a tendency to hide details from the user in an effort to make products "id*** proof," and versions from the period 2003-2008 were not easy to uninstall. Even if you disable components, all the DLL's are loaded with the main program. A security program that is easy to disable wouldn't have much value.

Symantec shares with Sony the dubious distinction of having put a rootkit on the machines of its own customers.

Mark Russinovich said at the time (2006) that use of rootkit-type features by commercial vendors was "very worrisome" and "Its a bad, bad, bad idea to start hiding things in places where it presents a danger. When you use rootkit-type techniques, even if your intentions are good, the user no longer has full control of the machine. It's impossible to manage the security and health of that system if the owner is not in control."

http://en.wikipedia.org/wiki/Mark_Russinovich

http://www.eweek.com/c/a/Security/Symantec-Caught-in-Norton-Rootkit-Flap/

Symantec has had a close working relationship with Microsoft, which may explain why the Norton program is so tightly integrated into every function of the Windows operaing system.

http://www.microsoft.com/business/enterprise/alliancepartner/symantec.mspx

"Symantec and Microsoft have been partners for nearly 20 years, collaborating on every major OS release..."

Link to comment
Share on other sites

georg,

Thanks very much for the information.

I may not be the world's most expert computer user (I rate myself as intermediate and learning), but I do hate it when vendors try to make things "simple" for me by automating more and more functions. That "simply" makes the process less flexible, as far as I'm concerned.

We realized this when my wife bought an iPod and we struggled to figure out how to work with iTunes (she only wanted the player for the occasional talk-show download, not to organize thousands of songs). As a result, for myself I bought a Sansa Fuze to which I can just download files individually as if it were a disk, and then play them. (You can put files on an iPod independently of iTunes, but it won't let you play them on the iPod.) I appreciate the Fuze's lack of automation.

Anyway, that's a longwinded way of saying that I prefer flexibility even at the cost of extra work, and to judge from your report it looks like in this case Symantec sinned in the opposite direction. :angry:

Short of disabling ASOEHOOK.DLL (which, you're right, it did not allow me to do), I renamed it in Safe Mode (with a .OLD extension) and rebooted. I do get an error message as NIS is loading, but I tell it to go on. Unfortunately, that didn't help the Spybot issue (same old error). My next step may be to uninstall NIS altogether and see how Spybot behaves then. But I do note your caveat about getting rid completely of Symantec products. We'll find out soon!

--JorgeA

Link to comment
Share on other sites

JorgeA -

How to Remove Norton Antivirus and Security Products

http://www.pchell.com/virus/uninstallnorton.shtml

Uninstalling the 2003 or earlier version of Norton Internet Security or Personal Firewall 2003 when Add or Remove Programs does not remove it

http://service1.symantec.com/support/nip.nsf/docid/2001090510510636

Norton Support for Dell Customers

http://www.symantec.com/norton/support/partner_faq.jsp?id=dell

Download and run the Norton Removal Tool to uninstall your Norton product

http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&selected_nav=partner

DOCID: 20080710133834EN

Operating System: Windows 2000,Windows 98,Windows Me,Windows Vista,Windows XP

Last modified: 7.4.10

Link to comment
Share on other sites

georg,

Thanks very much for another post full of useful information. I'm not sure how I missed the notification, but I'm glad I visited the site tonight!

I've removed NIS using Add/Remove Programs. We'll see if that works to obliterate it. Overnight I'm running a Spybot scan to see if it finally completes the process without crashing. If not, then I'll use the Norton Removal Tool and try another SSD scan.

The only reason I didn't just go ahead and use the NRT in the first place is that I also have SystemWorks on the PC, and NRT would remove that too. But if I have to I'll do it, and then reinstall NSW.

--JorgeA

Link to comment
Share on other sites

georg,

O.K., here's where we stand.

As I reported last night, I removed NIS using Add/Remove Programs, then rebooted, then ran another Spybot scan.

That didn't solve the original problem, so I used the Norton Removal Tool, then rebooted and ran a new scan.

That didn't solve the problem either, so I manually went through all my directories looking for vestiges of Symantec materials, and deleted every one that I found, even the empty folders. Then I rebooted and ran Spybot again to see if that finally took care of the problem.

It didn't. Amazing!! ASOEHOOK.DLL is long gone, and yet....

Short of radical measures, I have two more things to try. I'll search the Registry for traces of Norton/Symantec, eliminate them (hopefully in a safe manner), then reboot and run one more scan, using Dependency Walker to log the operation to see what's mucking up the works now.

--JorgeA

Link to comment
Share on other sites

JorgeA -

Ouch. Your screen name should be tenacity.

It will be interesting to see if you still get all those advcheck.dll first exceptions.

You might also try Process Explorer

ChalotteTheHarlot says version 11.11 is the last version that runs on Win9x

You can download it from filehippo (1.57MB) Freeware

http://www.filehippo.com/download_process_explorer/3854/

Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

Link to comment
Share on other sites

georg,

Thanks once more for the additional info and new links!

I downloaded the version of Process Explorer that you recommended, and checked out the data it returned. Nothing there looks suspicious -- mostly Microsoft stuff. A couple of items were for my HP scanner. (Come to think of it, and FWIW, several years ago the scanner one day stopped working through the USB connection. I let it sit connected uselessly for quite some time, till last summer I tried reviving it via the parallel port, and now it works again. Everything else that I put in the PC's USB port works fine, so it was the scanner and not the port.)

I chickened out on tinkering with the Registry, lest I cause real harm; but I did do a new profile of Spybot under Dependency Walker after eliminating every reference I could find to Symantec in the hard disk directories. This time the ADVCHECK.DLL first-chance exceptions were legion, but once again no second-chance exceptions that I could find.

There were a number of errors in red, where with a code 126 DW said that it could not find a certain DLL, but the odd thing was that in every case, just one or two lines previous it had reported loading that same DLL (at a slightly different address). My understanding of this is limited but, from what I can tell in the log, nothing in particular went wrong just as Spybot was crashing. (I saved the log just in case.)

"Tenacious" is a nice word, and I guess that I've been so. But I'm about ready now to throw in the towel, reinstall Norton SystemWorks, consign Spybot on that PC to oblivion, and investigate the alternative anti-malware programs that you, Prozactive, and rilef have recommended. The problem has proved to be even more stubborn than me.

Still, I count all of this as time well spent, as with your help I sure have learned a lot.

--JorgeA

Link to comment
Share on other sites

JorgeA -

Just a few additional thoughts--

Consider installing a prior version of Spybot, the one that last worked on your computer. When troubleshooting my very old computer, which didn't have enough resources to open Spybot with all its filesets active, I tried this very approach and it worked. The old version of Spybot downloaded and used the newest spyware definition files just fine. (One of the definition files, in the downloads available list, was a checkbox to download and install the latest version of Spybot. This item should be left unchecked and not be downloaded). Prior versions of Spybot are available from http://filehippo.com/ .

SuperAntiSpyware has a portable version of its antispyware, that works on Win9x, at http://www.superantispyware.com/ . I've never used this product, or the installed version of SuperAntiSpyware (prior win9x versions also available from http://filehippo.com/ ), so I make no recommendation.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...