Windows98--No CounterSpy or AVG Anti-Spyware

I was using the READ & RUN ME FIRST.Malware Removal Guide when I hit I a snag. The computer I am trying to fix is running Windows98, and CounterSpy and AVG Anti-Spyware are not supported on that platform. I know Win98 is ancient, but it is my parents' computer and I am trying to get back and running for them with least amount of hassle.

Is there a substitute program I can run in its place? Should I skip this step?

Thanks for any advice or help you can offer.

 

Just skip that step and continue with the Read Me First.

 

Need Help! Followed REad & Run Me First Procedure for Win98.

Internet has been really, really slow with cable, and computer will reboot randomly. Computer runs Windows98 and has been pretty neglected by my parents for long time. I have been assigned the task to fix it.

I used the Read & Run Me First Malware Guide. Using Add/Remove Programs, I uninstalled MyWebSearch and MessengerPlus. SpyBot cleaned up some items. I could not use CounterSpy or AVG Anti-Spyware because they are NOT supported on Win98 (I skipped this step as advised on these forums yesterday). I ran BitDefender and Panda ActiveScan. Panda identified one virus and cleaned it. It also identified 2 registry?? that it did not address. I ran the other 3 steps (GetRunKey, ShowNew, and HijackThis) as instructed.

I have posted the log files here and in the reply to this post. The bdscan.txt file is too large (712KB) to attach here. How should I proceed with it? Any help you can offer would be greatly appreciated.

P.S. I also had one other question. During the Read & Run Me First Malware Guide, it instructed us to make some changes to programs (Msconfig Startup Mode to Normal, enable viewing of hidden files and folders, SpyBot to Advanced Ignore Products). Should I keep these in this format or switch them back to their original setting?

 

Re: Need Help! Followed REad & Run Me First Procedure for Win98.

Here is the log file for HijackThis. Please advise me on what to do about the bdscan.txt file as it is too large to attach here (712KB).

 

How to properly install Sun Java Runtime Environ

Should you uninstall old version first or install new version and then uninstall old? I found conflicting methods looking at the Read & Run Me First Malware Removal Guide and the How to Protect from Malware guides. Thanks again.

"Make sure you check that you have the lastest version of Sun Java installed by clicking the link. If you have an older version, install the new version and then remove all old versions."

"Also MAKE SURE YOU HAVE THE LATEST SUN JAVA Version installed by checking against the below link which normally has the most current version. This may help prevent some problems in trying to get these online scanners to run. Get Sun Java here: Sun Java Runtime Environment Before installing the current version, you should uninstall all previous versions first!!!!"

 

Stay in one thread. Uninstall all older versions of Java before installing the latest version.

Zip the BitDefender log and attach it.

 

Here is the BitDefender scan log in zip. Thanks again for your help.

 

Download
- Pocket Killbox

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Reboot

Post the following logs:
1, ShowNew
2. GetRunKey
3. HijackThis

 

Ran the procedure you specified. Here are the logs.

 

Open Windows Explorer and delete the following:
C:\WINDOWS\TEMP\WebPoolFileFile
C:\WINDOWS\TEMP\0591EC64.TMP
C:\WINDOWS\TEMP\0591DBBF.TMP
C:\WINDOWS\TEMP\0591DB98.TMP
C:\WINDOWS\TEMP\0591CAF3.TMP
C:\WINDOWS\TEMP\www60E6.TMP

Empty the Recycle Bin
Run CCleaner

Reboot

Post a fresh ShowNew log

 

All except one were deleted in normal boot mode. The WebPoolFileFile gave me an Error Deleting File (Cannot delete file: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.). I then tried deleting it in Safe Mode. It worked and I then ran CCleaner, but when I rebooted back into Normal Mode, the file was there again.

Anyway, here it the ShowNew log.

 

I figured out that WebPoolFileFile is created by VShield, so it's legit.

Your log is clean. How are things working?

 

It is a little better on the internet side at times, but I still have the auto-restart problem every now and then and the internet can run at a snail's pace as well sometimes. I will give it a run for a couple days and see how it goes.

By the way, referring back to an earlier question, do I need to restore Windows and other programs (SpyBot) back to original/default settings? (msconfig and hidden files)

Thanks again for all your help.

 

Yes reset everything back to defaults.

If you are not having any other malware problems, it is time to do our final steps:

• If we used Pocket Killbox during your cleanup, do the below
  • Run Pocket Killbox and select File, Cleanup, Delete All Backups
• If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
• If we used SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
• If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
• If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
• If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
• You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
• If you are running Windows XP or Windows ME, do the below:
  • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
  • Then reboot and Enable System Restore to create a new clean Restore Point.
• After doing the above, you should work thru the below link:
  • How to Protect yourself from malware!

 

Now I am in some serious trouble. Shutdown will not work. Windows 98 hangs at the shutting down graphic.

I will try to best summarize what I have done in the last couple days. During the weekend, I unstalled McAfee and replaced it with Avast. Avast picked up a virus and cleaned it up. The computer was running the same over the last two days with no new problems.

Today, I decided to try to clean it up a bit more. I uninstalled Freedom Security & Privacy suite, rebooted, and immediately installed Filseclab Firewall. Still no problems after a couple restarts. I ran through some basic computer maintenance by running CCleaner for hard drive and removing invalid registry entries. I kept getting a LoadQM.exe trying to access internet. I tried to find a way to uninstall it, but it was nowhere to be found. So instead I went to msconfig to disable on startup, and bang, the computer would not shutdown. I'm not sure what I did, whether it was messing with the LoadQM or deleting a registry I may have needed...

Please help!

 

wow, i think we were writing at the exact same time. should i hold off on the items you told me to run?

 

Reinstall MSN Messenger. LoadQM is a part of MSN Explorer and MSN Messenger.

System still won't shut down?

 

Reinstalled MSN Messenger 6.0. Still had the problem. Uninstalled MSN Messenger 6.0. Uninstalled Filseclab Firewall. Problem went away. Tried to reinstall firewall and the problem came back when I tried to restart.

Uninstalled Filseclab Firewall and installed an old version of ZoneAlarm (5.5.094). Probably not the best solution, but there are few free firewall options for Windows 98. Any suggestions? I will try posting in the Software forum as well.

I will continue with the rest of the procedure and the post the logs from Show New and HijackThis again. There were a couple things I was trying to clean up that I was having problems getting rid of.

loadqm.exe: (I have uninstalled MSN Messenger, but this program is still trying to access the internet).
Encompass (ConnectDirect): I believe this was some sort of dial up, but the uninstall program does not work (internal error, unable to call external dll)
InCD: I cannot get this program to stop loading at startup into systray.

 

Here are the logs.

 

Run HijackThis, choose "Open the Misc Tools Section", choose "Process Manager", Highlight:

Choose Kill Process. Click on the "Back" Button. Click the 'Scan' button.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner.

REBOOT to Normal Mode.

Post Fresh Logs for:
ShowNew
HijackThis

You can try Sygate Personal Firewall Free. It's discontinued, but still performs very well.

 

I followed the procedure like you stated and attached the logs. I also uninstalled Microsoft Critical Update Notification through Add/Remove Programs (not necessary for Windows 98 anymore). Missed booting into safe mode after running Killbox. Rebooted into safe mode. Deleted the Encompass folder, but I could not find the file indicated in the c:\Windows\Temp.

Is this a problem?

Also, can I remove the 04 - HKCU\ \Run: [MsnMsgr]
and 016 - DPF: (DmiReader Class) http://support.dell.com
items on HijackThis?

I thought I uninstalled MSN Messenger, and I believe the Dell item came from a failed a attempt to profile my system to see if it needed driver upgrades.

 

No

You can have HJT fix these if you like.

If you are not having any other malware problems, it is time to do our final steps:

• If we used Pocket Killbox during your cleanup, do the below
  • Run Pocket Killbox and select File, Cleanup, Delete All Backups
• If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
• If we used SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
• If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
• If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
• If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
• You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
• If you are running Windows XP or Windows ME, do the below:
  • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
  • Then reboot and Enable System Restore to create a new clean Restore Point.
• After doing the above, you should work thru the below link:
  • How to Protect yourself from malware!