help on spyware win98

question

this is win98 do mean from the dos prompt or the run prompt in the start menu wind98 dose not have cdm

 

Hi johngkerr

Yeah,
A dos Prompt.

Click Start > Run and type in Command, Click OK.

Thanks
Geri

 

help

i could not copy and paste to the run box so i made a bat file and ran it. the file hives.txt had nothing in it. blank ?????????

 

Hi

I did not want it run from the run box, I wanted it ran from a dos prompt.

We need to see that hive to see if it can be rebuilt so we can get regedit back to working order.

Geri

 

help

i made a bat file and ran it and the file was blank do you want me to run it in dos, will it work better form the dos prompt than a bat file. i copy and pasted the the code to note pad and made a bat file i will try it for the dos prompt.

also sypbot is stopping a change to my reg and gives me a message that i can not clear???????

 

Hi

You can not clear the message?
What is the message and what change is it stopping?

No

Geri

 

Hi john,

Lets try something different.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: fix.inf
Save As Type: All Files (*.*)

Code:

[Version]
Signature= "$CHICAGO$ "

[DefaultInstall]
DelReg=EnableRegTools

[EnableRegTools]
HKCU,  "software\microsoft\windows\currentversion\policies\system ", "DisableRegistryTools "

Right click on fix.inf and select 'Install'


Now, download Dr.Web CureIt, saving the file to your desktop.

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

Please post the Dr.Web CureIt log and a new HijackThis log.

 

?

What do you mean Save As Type: All Files (*.*)
I understand the rest of what you want me to do.
I have to get back over to my friends house to do this.

also I did a online virus scan with Symantec I will post what it found.
Is there a virus program for win98 anymore???

 

Within Notepad, click "File > Save As... "

In the window that pops up, the field below the "File name" field is labeled "Save as type: ". Click the down arrow to the right of that "Save as type:" field to open the pull-down dialogue and select "All Files ".

 

hives data

this is the text file if you remove the h switch

Volume in drive C is HP_PAVILION
Volume Serial Number is 2A5E-16DE

Directory of C:\HP\BACKUP

SYSTEM DAT 8,327,200 06-26-04 2:28p SYSTEM.DAT
1 file(s) 8,327,200 bytes

Directory of C:\WINDOWS

SYSTEM DAT 10,477,600 01-25-08 9:16p SYSTEM.DAT
1 file(s) 10,477,600 bytes

Total files listed:
2 file(s) 18,804,800 bytes
0 dir(s) 40,214.78 MB free

Volume in drive C is HP_PAVILION
Volume Serial Number is 2A5E-16DE

Directory of C:\HP\BACKUP

USER DAT 487,456 06-26-04 2:28p USER.DAT
1 file(s) 487,456 bytes

Directory of C:\WINDOWS

USER DAT 2,269,216 01-25-08 9:20p USER.DAT
1 file(s) 2,269,216 bytes

Total files listed:
2 file(s) 2,756,672 bytes
0 dir(s) 40,214.78 MB free

 

Thanks John. We may use that info yet.

Did you complete the steps in post #27 above?

 

more info

the short scan found nothing and when i tryed to run complete scan

runime error

c:\windows\temp\qapsfxo\setup.exe

adnormal program termanation

??????

also i ran a on line virus scan with symantec and it found 127 ifected files

adware.slagent
trojan, adclicker
trojan, superspider
infostealer
pws.hooker , trojan
startpage.I
adware drusearch

most files infected are in windows temp dir some are in windows system dir
can't you del and the files in windows temp dir?

 

also

i ran atf and it said that it cleanned the temp dir but all files are still there?

 

John, I don't think ATF cleaner is compatible with Windows 98. You can safely delete everything in the C:\Windows\Temp folder, and the applog folder too. A method to do so without having any files in use (and the method I recommend) is to restart the computer, begin tapping F8 upon startup to enable the Advanced Start menu, then select Command Prompt Only mode. At the command prompt, type the following commands, hitting Enter after each.

deltree /Y c:\windows\temp\*
deltree /Y c:\windows\temp /s
deltree /Y c:\windows\applog\*
rmdir c:\windows\temp
mkdir c:\windows\temp

Ignore any errors, if you get any.

While you're there, lets get a copy of the hives that we can work with. Type the following commands.


attrib -h c:\windows\system.dat
attrib -h c:\windows\user.dat
copy C:\Windows\system.dat c:\system.dat
copy c:\windows\user.dat c:\user.dat
attrib +h c:\windows\system.dat
attrib +h c:\windows\user.dat


Make very sure to use the proper spacing in the commands, else they will fail.

Try running a complete scan again.

 

more ?

do you mean boot to dos ? and use the commands in dos.
I do know if it was the fact that i used
del c:\windows\temp\ ,but after that windows would not start. I had to install window98 form scratch to get it to boot
i don't know if that was why or not???:

 

Yes, I meant to run the commands from DOS, command prompt only mode. The command del c:\windows\temp\ would not cause the computer to become unbootable. Did this just happen? Did you get an error message? Have you re-installed Widows since we started? Did you format and install, do a repair install, install to a new folder, what?

 

answer

this was on my old win98 computer and was sometime ago. just asking before i do this to my freinds computer thanks
will be this weekend before i get back over there to do this

 

Thanks for the clarification.

 

?

what do you want me to do with the new files system.dat and user.dat
??

 

I would like for you to email them to me in a zipped file, if you don't mind.