Computer Hope
Microsoft => Microsoft Windows => Windows NT/2000 => Topic started by: Soviet_Genius on April 06, 2006, 06:43:25 PM
-
i vh this old laptop:
Pentium 1 120 mhz
16 mb RAM
SVGA Video
I want to reformat the drive and reinstall Windows 98 on it beacuse there is a lot of spyware and viruses on it. First, I am a noob at this and have no clue how. Second, there is no floppy drive and when i boot up into the command prompt and try D:\ it says invalid drive selection, so i have no idea how to get a startup disk to work. It still boots into Windows 98SE normal mode, if that could help. Also I have a friend who has an external floppy drive that i might be able to borrow. Oh and also I obviously have a Windows 98 CD and there are Windows 98 setup files are on the HDD, but since i want to reformat those are probably useless.
-
Soviet Genius... Have you tried cleaning out all the bugs ?
So the machine will boot up and run ok .... ?
Do you have a Anti virus on in ?
If you want to learn about cleaning your machine ....this would be a great way to start .
dl65 ::)
-
I'm not that stupid >:( I've tried many anti-virus and anti-spyware programs and they all make the system crash exept ad-aware and spybot- search and destroy I've also been able to set up a network on it and I scanned with norton from another computer through the network. it found 5 trojans and couln't remove any of them and I can't scan for them while it's in safe mode because there is no "sfe mode with networking" on the F8 screen
-
When these programs crash, what errors do you get?
-
It's not the programs, its just windows in general. I get like "Norton AV has preformed an illegal operation and must be shut down" and then "systray has performed......" and then "explorer............................" and then "rundll32..............." adn then i just see the background on my desktop and thats it! i can't do anything exept press ctrl alt del and press shut down
-
If you can run it, I think a HiJack This (http://www.majorgeeks.com/download3155.html) log is in order. Please download, run, post a logfile. Preferred is a zip file with the log in it, instead of posted text, as posted text will require several posts.
-
Since it's so short I'm posting it:
Logfile of HijackThis v1.99.1
Scan saved at 5:14:01 PM, on 07/04/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {D3C00A80-F19C-11D8-9451-0009B8B21AFE} - C:\WINDOWS\SYSTEM\IAHAC.DLL (file missing)
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.download.com
O15 - Trusted Zone: www.google.ca
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
-
Wow, that is short! :o At first glance (do not click the links):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
Get rid of one of each of these (not both!) as there are duplicates in there you don't need.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
Been having internet trouble recently? This may be a factor. Nothing in any HijackThis log need include about:blank. Get rid of it.
R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
Fix this one.
O2 - BHO: (no name) - {D3C00A80-F19C-11D8-9451-0009B8B21AFE} - C:\WINDOWS\SYSTEM\IAHAC.DLL (file missing)
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
Fix.
That's all I see for now. However, are you sure that's the whole log? I think there's more to it. There's usually stuff with O23 at the end.
And also remember that any damage done can be restored. But I don't think this'll cause any trouble.
-
yeI'm SURE thats the whole log.......i'm a bit confused about what to do with the first one? you said delete one beacuse there are duplicates but there are three? :-?
and yeah in IE the home page uset to change to about:blank but it wasn't a blank page, it was some kinda crappola that i'm sure is spyware and stuff but it stopped after i installed spybot- s&d
-
OK, in that list of three, there are two of each of those three in your Log. Delete one of each of those, leaving one of each. So delete one SearchAssistant, one Search Bar, etc...
Delete the about:blank anyway. It's a trace of the spyware that reset your home page. Deleting it will finish it off.
See, you have:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
You ought to have:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
-
OH Ok thanks
-
Hold the presses!
I did a little research on Google. I wasn't comfortable with leaving even those three there. It turns out, those are all spyware of a sort.
So, I was mistaken. Delete both copies, so that none of the
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
remain. At least three forums recommended their destruction. Keep in mind that if removing this causes problems, you can always restore them.
My apologies for not doing my homework. ;)
-
No problem ;)
-
Soviet Genius....Before you run hijackthis .......I would suggest using CCleaner to do a good clean out of your machine ....... Get it at
http://www.filehippo.com/download_ccleaner/ ...... Once you have it downloaded and installed ........ configue it as outlined ...... at ...... http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1144186359
Once you have it configured , run the "cleaner" part and then the "Issues"
You can safely remove anything it finds.
Then again before you run hijackthis ......... download and run " A-Squared" from ...... http://www.emsisoft.com/en/software/free/
norton from another computer through the network. it found 5 trojans and couln't remove
Norton is a Anti -Virus scanner , and while it may identify some trojans , it may not remove them ...... ( thats were A-Squared comes in )
I wont comment on your hijackthis log , because after running the ccleaner and A-squared, it will probably change ..... so please post a new logfile after you have ran the others.
dl65 ::)
-
Soviet Genius, I received a PM from Backdated, the virus-removal expert:
You've all missed the fact that SpywareBegone is installed on this laptop of Soviet Genius and this is a well known rogue program.
But, my reason for contacting you once again is this that my suspicions are becoming confirmed that there is something going on here where SG is concerned.
How does a "Windows Genuine Advantage Validation" entry appear in a Win98 logfile? My sources, which include experts both inside and outside of Microsoft say it's impossible!
-
UG! First CCleaner doesn't work! Second no one has helped me do what i want to do so read the first thing!
-
For the record ....... from the MicroSoft site .........
Validation is required for all genuine Windows downloads on Microsoft Download Center. It is also required by the Windows Update service for users of Windows XP including Windows XP Home, Windows XP Professional and Windows XP Media Center Edition. All users can access security updates via Automatic Updates. [highlight]Genuine Windows downloads are available, without [/highlight]validation, to customers running Windows 98, Windows ME, Windows 2000, Windows Server 2003, Windows XP Professional x64 Edition, Windows Vista, and Windows NT 4.0 with Service Pack 3. Genuine Windows downloads are not available for older versions of Windows (Windows 95, Windows NT 4.0 with Service Pack 2, and earlier), or non-Microsoft operating systems.
dl65 ::)
-
Format the hard drive and then install dos cd drivers and mouse on it. Oakcdrom.sys should do-
http://www.onecomputerguy.com/software/oakcdrom.sys
You need himem.sys and emm386.exe in config.sys as well as mouse.com and mscdex.exe in autoexec.
DEVICE=HIMEM.SYS /TESTMEM:OFF
DEVICE=EMM386.EXE AUTO
DEVICE=OAKCDROM.SYS /D:CD001
MOUSE
MSCDEX /D:CD001
Easier still just copy the contents of a win98 bootdisk and alter the paths to suit.
I've got 4 win98 computers myself and Ive never seen the windows genuine advantage check in any of them or in anybody elses. Its not there cos win98 update uses a different system to xp-
xp - http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
98 - http://v4.windowsupdate.microsoft.com/en/default.asp
Its not possible for a 98 computer to use wgav as it doesnt exist in win98 so how its there is a complete mystery.