1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Exploit????

Discussion in 'Security and Privacy' started by savagcl, 2004/08/10.

Thread Status:
Not open for further replies.
  1. 2004/08/10
    savagcl Lifetime Subscription

    savagcl Geek Member Thread Starter

    Joined:
    2003/06/09
    Messages:
    1,559
    Likes Received:
    7
    My friend has a problem.

    Running Win98 on a COMPAC PC w/127 megmem.
    PCPitStop showed the following after a virus scan check.
    "The Exploit/Mhtredir.ge Virus was found in file C:\Windows\Application Data\Mozilla\Profiles\grindalr\xf0reru0.slt\Cache\48FFEA14d01 ".

    The above was repeated 4 times with only the last part being different (48C2EA14d01, 6FA79EBBd01,
    and DA2D4710d01).

    As far as PC operations, a lot of programs will hang up the PC, SpySweeper hangs, AdAware hangs.

    Spysweeper found 4 files infected and 800+ "traces ". But during removal, hung up.
    AdAware found 20+ files but (again) hung up during the Quartentine phase.

    I've looked up Exploit on the web and have read so much, i'm dizzy with input, most of no use at all.
    I've looked at MS for a "supposedly" patch but once again, no luck.

    I'm not to eager to make changes to his registry (nor mine for that matter).

    Suggestions please (or a site with a solution).
    Thanks,
     
  2. 2004/08/10
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    savagcl

    Did you come across this one?

    http://groups.msn.com/WolfSpirits/v...essage=82616&LastModified=4675476022706425758

    I suggest you do an online virus scan from RAV or Housecall - URL's in Quicklinks in my signature.

    Also run an online trojan scan from here

    Then download Spybot and update, download the latest version of AdAware - AdAware SE out this week, that shouldn't need updating on this occasion. Run both and delete all they find.

    Post back ....

    Moving this to Security/Virus/Spyware
     

  3. to hide this advert.

  4. 2004/08/10
    savagcl Lifetime Subscription

    savagcl Geek Member Thread Starter

    Joined:
    2003/06/09
    Messages:
    1,559
    Likes Received:
    7
    Hi, Pete C,

    I updated both adaware and spybot (only Adaware had an update).
    The problem is that, both will find the virus, but when i tell (both) programs
    to fix them, they will run about 80/85% then stop running (just hangs).

    Only the program(s) hangs, i can do a Cntl>Alt>Delete and quit the
    programs but a rerun produces the same result.

    Correct me if i'm wrong but didn't win98 have the page-swapping effect when memory runs low? As stated above there is only 127 meg of memory
    and my knowledge of win98 is very dusty from lack of use. Could the PC
    be running out of memory?

    thanks for the reply,
     
  5. 2004/08/10
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Spybot and AdAware are not anti virus programs - they search out and destroy Spyware, mallware, diallers, etc, etc. that is why I suggested running an online virus scan.

    I don't think there is a memory problem - 128 Mb was a lot of memory for a 98 m/c. - and I am equally rusty on 98 having used XP since it was first issued.

    I think the best solution here is to download HijackThis, save it to a folder on the hard drive (it will fit on a floppy to transfer to your friends m/c if necessary) and post the log here. Fix nothing and wait for a response from one of our resident experts
     
  6. 2004/08/10
    savagcl Lifetime Subscription

    savagcl Geek Member Thread Starter

    Joined:
    2003/06/09
    Messages:
    1,559
    Likes Received:
    7
    Ok, Pete C,
    I'll see him tomorrow (Aug 10th) and do the Hijack thing. Will post log here.

    thanks,
     
  7. 2004/08/10
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    While you are there, a general 'cleanup' always helps 98 to run better and may well fix the problem of spybot and ad-aware not running to completion.

    - IE and dump all TIF files and cookies
    - Windows Explorer and empty all temp folders.
    - Windows Explorer and check in c:\ for files with a pattern filennnn.chk (where nnnn is any number so file0001.chk, file0235.chk, etc.). Delete any you find.
    - Empty the recycle bin.
    - Boot to DOS.
    - scanreg /fix
    - scanreg /opt
    - scandisk /autofix /nosave /surface
    - Boot to windows
    - Scandisk again and set for standard scan plus fixing any problems found. This will fix any long-file-name issues since the DOS version can't see them.
    - Defrag
     
    Newt,
    #6
  8. 2004/08/10
    savagcl Lifetime Subscription

    savagcl Geek Member Thread Starter

    Joined:
    2003/06/09
    Messages:
    1,559
    Likes Received:
    7
    After i cleaned it up (and left), he ran the spybot/adaware again and they worked.

    PCPITSTOP (deep virus checker) came up clean so i guess its fixed.
    Time will tell if it comes back.

    I'll do a through cleanup when i see him tomorrow.

    thanks Newt,
     
  9. 2004/08/11
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Doing that clean-up routine on a 9x system (although no scanreg available on 95 unless you 'borrow' a copy from 98) about once a month really keeps those systems runnning better.

    It's pretty much the first thing I recommend with any 9x system having strange, 'one off' problems and I'd estimate that it fixes over half of them with nothing further needed.
     
    Newt,
    #8
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.