Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Potential virus or spyware?

  1. #1
    Junior Member
    Join Date
    Dec 2003
    Posts
    22

    Potential virus or spyware?

    Hi,
    When my friend starts her computer she gets a runtime error that says the following
    Runtime error

    Program C:/Windows?explorer.exe
    This application has requested the runtime to terminate it in an unusual way. Please contact the applications support team for more information

    She is running windows 98 first editions and seems to be having some serious problems.
    Whenever i ran adaware it shut down the computer right as it started to scan first stating some error message about explorer.
    I have also ran AVG and deleted many trojan downloader viruses from the windows folder it did say that one remains. Im having trouble getting hijack this on her computer espicially cause the internet on her computer is not working.
    Anyone have any ideas
    Thanks
    -Fusiono71

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yes,

    Clear the browser history and cache

    Boot into Safe Mode and run everything again.................you might find it gets rid of more stuff.

    Please let us know what happens

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    in win 98 start in safe mode and enter "sfc" in the run box without the quotes. thats short for system file checker. you'll need the installation disk if the cab files arn't already on the machine.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Senior Member
    Join Date
    Jan 2005
    Posts
    128
    When it comes to fixing problems, you can always tell the newbies from their suggestion of formatting and starting again.

    But even with all my experience with Win98 it would be stupid not to format and reinstall.

    If spyware has gotten onto the computer, it can attach itself to any system file ... and by the looks of it, it already has.

    If i was you, i'd image the drive, (incase something goes wrong). Then copy her my documents (try not to copy system settings).... Do a format and check it for virii again.

    Thats what i'd do,i dont trust win98 one bit, so i'd go for the most successful option i can gurantee will work.
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

  5. #5
    Originally posted here by Double//Cut
    If spyware has gotten onto the computer, it can attach itself to any system file ... and by the looks of it, it already has.
    Actually this describes a virus more than spyware. It is true that spyware is starting to become more viral in behavior but not by the pure spyware definition. Spyware usually does not attach itself to existing files (re; definition of a virus) but rather creates it's own files. It is true that it also modifies existing program configurations (re.; IE home page, etc) but not usually DLLs or executables.

    Originally posted here by Double//Cut
    Thats what i'd do,i dont trust win98 one bit, so i'd go for the most successful option i can gurantee will work..
    I agree that this is the simplest and quickest way to get back up and running however it isn't just exclusive to Win98: any O/S which has been compromised is suspect. I dont necesarily think this type of "cut your losses" activity should be jumped to right away with a spyware infection. A viral infection, yes, but not necesarily with spyware.

    fusiono71: If you're UP for a challenge...or simply looking to impress the lady, try the following. Warning, all of this WILL take time:

    Summary of steps
    1. Boot Windows normally
    2. Anti-virus software check:
    - www.eicar.org/anti_virus_test_file.htm
    - Update signatures
    3. Anti-spyware software check:
    - Install if not already installed
    - Update signatures
    4. Reboot Windows into SAFE MODE
    5. Scan for viruses
    6. Scan for spyware
    7. Reboot Windows normally
    8. Scan for viruses using Internet scanner
    9. Your done and HOPEFULLY clean! But NOT 100% guaranteed!!!

    Step 1: Anti-virus Software Check
    1. Boot into Windows normally

    Ensure anti-virus is working properly...
    1. Go to http://www.eicar.org/anti_virus_test_file.htm
    2. Attempt to download and save EICAR.COM file
    3. You should be alerted by your anti-virus program
    4. If not, try running it

    Ensure anti-virus signatures are up-to-date...
    1. Stay in Windows which was booted normally
    2. Run anti-virus program (console, etc)
    3. Instruct it to update the virus signatures (sometimes called definitions)
    - How to do this varies with product

    Note: If this test did not work (you didn't get an alert) STOP, you're anti-virus software may not be working properly - re-install program from original install media/files and/or contact vendor for support

    Step 2: Anti-spyware Software Check
    If don't have Ad-aware and Spybot Search & Destroy installed do the following:
    1. Boot into Windows normally
    2. Download and install Ad-aware SE Personal edition
    - Lavasoft: http://www.lavasoftusa.com
    3. Run Ad-aware and update database
    4. Download and install Spybot Search & Destroy
    - http://www.spybot.info
    5. Run Spybot S&D and update database
    6. Reboot Windows into SAFE MODE

    Ensure anti-virus signatures are up-to-date...
    1. Stay in Windows which was booted normally
    2. Run anti-spyware program (console, etc)
    3. Instruct it to update the spyware signatures (sometimes called definitions)
    - How to do this varies with product

    Step 4: Scan for Viruses
    Boot Windows up in SAFE MODE...
    1. At the "Starting Windows..." screen press F8 (black screen with white lettering at bottom)
    2. Select option "Safe Mode with Networking"
    Check to ensure networking is working...
    3. Open Internet Explorer
    4. Type http://www.microsoft.com or http://www.cnn.com
    5. If page does not come up do the following:
    a) Close Internet Explorer
    b) START menu and select RUN
    c) Run a command prompt by typing "cmd.exe" and hit OK button
    d) Type "ipconfig /release" and hit ENTER key
    e) Type "ipconfig /renew" and hit ENTER key. This should get an IP address for your PC
    f) Exit command prompt by typing "exit" and hit ENTER key
    g) Try step 3 above again
    h) If still having problems then reboot normally into Windows

    Scan with Existing Software...
    1. Stay in Windows SAFE MODE mode
    2. Run anti-virus scan of entire system: make sure you are scanning all files
    3. Remove anything found

    Step 5: Scan for Spyware
    1. Stay in Windows SAFE MODE mode

    Ad-aware Scan...
    1. (if not installed already) Install Ad-aware by Lavasoft: http://www.lavasoftusa.com
    2. Run Ad-aware
    3. Update the database inside Ad-aware
    4. Scan entire system
    5. Remove anything found

    Spybot Search & Destroy Scan...
    1. Stay in Windows SAFE MODE mode
    2. (if not installed already) Install Spybot Search & Destroy: http://www.spybot.info
    3. Run Spybot S&D
    4. Update the database inside Spybot
    5. Scan entire system
    6. Remove anything found

    CWShredder...
    1. Stay in Windows which was booted normally
    1. (if not installed already) Install CWShredder: http://www.intermute.com/spysubtract..._download.html

    Tip/Recommendations:
    - Run Ad-aware and Spybot S&D weekly; you can run them in normal mode in Windows for this regular scanning
    - Make sure to update signature files prior to scanning system

    Step 5: Scan for Viruses using Internet Scanner
    1. Reboot into Windows normally
    2. Go to one of the web sites below and perform a full anti-virus scan
    3. Remove anything found

    Web Sites:
    http://housecall.trendmicro.com/
    http://security.symantec.com/
    http://www.pandasoftware.com/activescan/
    http://www.bitdefender.com/scan/license.php


    /EDIT
    Step 6: Get Help
    - If all above fails and you need further help you can either seek it here at AO or try this:
    1. Download and run HijackThis from http://www.merijn.org/downloads.html
    2. Save log file
    3. Post log file to here seeking assistance: http://forums.spywareinfo.com
    /EDIT

    GOOD LUCK!

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    ric-o

    That is a very nicely thought out and described procedure, unfortunately in his last paragraph he says:

    Im having trouble getting hijack this on her computer espicially cause the internet on her computer is not working.
    So he cannot connect to the internet My thinking, and that of others was to try to get him back on, so he could follow that approach.

    If we cannot do that he will have to burn some applications to a CD to try to eliminate what is causing the problem.

    I agree that I would not suggest re-formatting at this stage. I think that Double~ is assuming it is the trojan/keylogger kind of spyware.

    I do not think so, as any malware (other than a vandal), that blocks internet access has effectively shot itself in the foot, so to speak. It cannot "phone home" and it cannot replicate.

    The other possibility is that Windows has become corrupted, which is what Tedob1's suggestion addresses. Remember that Windows Explorer and Internet Explorer are closely intertwined.

    Conclusion:

    1. Do what I say to get rid of as much malware as possible
    2. Do what Tedob1 says to repair the system if required.
    3. Do what you say, to complete the cleanup, although that may require importing stuff on a CD.

    Then he needs to harden the system.


  7. #7
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    1st) won't HijackThis fit on a floppy ?

    2nd) this may not apply at all, but did she attempt to install / upgrade any programs just before this happened? The reason I ask is I have seen this before were programs that originally ran on 98 now require 98SE. When installing or upgrading ( clicking on that pop-up that says there is an updated version ) the install would " get stuck " in the middle: you couldn't delete the new program though because it was still runing.

    just a thought.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  8. #8
    I went through all the replies to your thread very quickly but I think something which is also very important is that after you get rid of the malware on the computer you shoud "update windows" and apply all the patches. this is as important as an updated firewall,spware cleaner and an anti-virus.
    ALways remember that most of the time malware and hacker's/cracker's exploit holes in your OS....
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  9. #9
    Junior Member
    Join Date
    Dec 2003
    Posts
    22
    Hey guys,
    Hey i went through the options to go into safe mode and run adaware and a virus checker, with some effort and time it finallly let me and i cleared most the spyware viruses and malware off the computer. All the start up problems are gone but alas, there is still one problem
    The internet is still not working.
    They have Fuse as their interenet (dial up) and to connect you go to the fuse icon and it dials, you are then online and can click on internet explorer to go to a site. Fuse connects and says it is connect however i cannot access the internet in any way. When i go to internet explorer it starts loading the page and then in the lower right corer it flashes loading C:/windows/system/ with some .dll file at the end. When i try to update adaware or avg it says im not connected to the internet. Finally outlook email isn't working.
    Oh one last note adaware always detects a thing called coolwebsearch but when it tries to delete it it stops at the last bar and just acts like its done.
    Finally i get some weird error messages stating that either exploere run.dll or run32.cll has performed and illegal error when scanning with adaware, however i am thinking this is incorported with some other thing.
    Any help or advice any one has would be much appreciated
    ~Fusiono71
    p.s. thanks for all the help so far adaware found around 130 idems and i found around 25 viruses mostly trojans in the windows folder alone

  10. #10
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Looks as though the tcp/ip stack has got damaged, i've not used 98 for along time and can't remember how to uninstall/reinstall..

    But if memory serves me correctly it can be done with the add/remove windows componants................you will nead the 98 install disk.

    <edit>
    looked up this for you:

    http://customersupport.acd.net/admin...ll%20tcpip.cfm
    </edit>
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •