analyse.exe produced 'illegal operation'

Thanks for being here. OS is Win 98se.

I obtained the specified results for malware removal up to MGtools.exe. The download was OK. The running of the *.bat file was OK (I think) up to the launch of analyse.exe. This terminated with the standard "Illegal operation" and close message. The batch files continued to run until I read the message that Win 98 and ME users should close the program which I did.

Question? Do I have the proper and complete results from running MGtools?

Background... S&D found one cookie which was fixed. I chose not to save any of the cookies.

I have been experiencing multiple 'msgsrv32.dll(not responding)' events and slow performance. I had reduced the number of such 'not responding' events by defragging the drives on my computer. From this I concluded that I must have the OS overloaded. I intended to clean the system with a virus scan (which was clean) and a malware scan (which led me to MajorGeeks there being precious little malware programs available for 98se that I can trust.) I am attempting to use your procedures to clear malware from the system prior to making an image of it and all drives. After these images are made, I plan to remove software one at a time until things improve. I hope that this will locate any 'funny' software that I should keep off my machine.

I await your response.

Thank you again for being there.

I really like the post title search feature.

Rod

 

Hi Tim W,

Here is the attachment you requested.

Rod

 

Sorry about the delay. My wife is one week after a knee replacement and I'm the sole caregiver.

Yes, I received an error message. Analyse performed an illegal operation. The fully constructed error message is attached as a JPG.

This time I allowed the batch file to run to completion.

I have a execution trace of MGTools.exe running under a Microsoft created program named 'Dependency Walker'. The log file with two additional JPG graphics (the error message is duplicated there) is 1.3 MB. If you have an interest, tell me how I can send it to you. This file is a Word 7.0 *.doc file.

Your log file has a much larger footprint this time.

Rod

 

I have deleted all of the content from C:\Windows\Temp that I could. ...

The file hpodvd09.log was in use and would not allow deletion. I can do this deletion from the command prompt if you deem it necessary. The folders Cookies, History & Temporary Internet Files were emptied but left in place.

I just returned to empting the Temp folder and repeated the above activity.

The following is FYI.

The files you listed (example C:\WINDOWS\afcidgad) caught my eye in your report file and I wondered where they came from. I searched the entire computer *.* for files that contained one of the file names you mentioned. None were found. I looked at the file content in WordPad. After a sizeable amount of binary code I found snippets of text. The attached JPG is typical of the file content. It may ring a bell with you and then tell us both what, why and where these files originated. I also searched the net for the name of one of the files and turned up nothing.

The JPG is of the original WordPad document copied to Word 7.0 then imaged to Paint and output as a .BMP. The BMP was loaded into Freeview and output as a JPG. The nonprintable characters present in WordPad were further modified in Word 7.0 and are shown as underlines there.

I am at this point in time pausing to delete all of the files of the type you requested that I delete ..... I deleted 17 files starting with 'a', 4 files starting with 'b'. There are now only 4 files larger than 723KB in the C:\Windows folder. They are Win386.swp, System.dat, User.dat & Antsit~1.cab.

This is the second attempt to send this message. The first attempt became bogged down in long delays while deleting files. This is one of the problems that launched me down this path. Another was long delays in generating the drive list in Exploerer. We will see where things go now that I have completed all of your instructions (except that pesky HP file).

Rod

 

After a period of time to see how the computer responded, I have returned.

There was a short period when it appeared there was some improvement in the performance. The response was faster but there were still msgsrv32(Not responding) problems but not as often.

With that improvement I started removing some of the least used programs. I ran CCleaner in between each removal and deleted all of the references that CCleaner reported with the names of the removed programs in them.

Of course I did some on line work and downloaded emails. One of the emails was from an aquaintance with only a link within it. My left hand -- without my permission clicked on the link. That resulted in two address redirections before I could sever the internet connection by unplugging the cable. The next day I found my antivirus program was no longer functional.

I advised my friend that most likely his account had been hacked and gave him the suggestion that he advise all of the contacts associated with that account to not click the link.

Past that the problems seemed to get worse again to the point of intolerable.

I have decided to do a fresh install of 98se to see if that will clear this mess up.

With that decision it will be months before I am in a position to report on success or failure. This is due to issues around using an auto-patching program and its interactions with HP's printer driver. Previous attempts to use the auto-patching program have clobbered the printer installation on both machines that I use. I seriously want to auto-patch the OS. I'm hoping that a more recent version will not cause the printer problem.

Until then, Thanks again. :wave

Rod

For me to believe is insufficient for you to know. --- rodalsa

 

Hi,

There have been some interesting things show up.

First, I have arrived at the "make sure you have current drives and program updates."

Second, msgsrv32 still hounds me but not as much.

Third, the software industry is pushing me in one of two directions...

a) Disconnect Win98 from the internet
b) Upgrade to the latest Windows, Linux, whatever OS with a new system.

Why third? Anti-virus providers. All of the leaders are getting out of 9x territory. I have been using ESET at $ per year. They will stop licensing their 9x product next year and in 2012 will cease providing database updates for 9x.

The only anti-virus that I have found that will hopefully continue support for 9x is one named ClamWin Free Antivirus 0.95.5 at http://www.clamwin.com/.
This one is under the GNU license (which I tend to support). It currently does not contain a scanner that checks files when they are opened or downloaded even though they claim code is in development.

I just became aware of the 9x emulation mode in Windows 7. Possibility rests here for me to jump ship finally. I have to research it.

I'm still in the process of taking my 98se system to format and reinstall. Slow going though.

Rod

For me to believe is insufficient for you to know... rodalsa

 

TimW,

I am considering moving to a multi-core system with Windows 7. Here again it appears that I will be on my own. What research that I have been able to do on emulation of legacy systems under Windows 7 has turned up say a 50/50 probability that the emulation works seamlessly. And that was only while emulating XP. Of course Windows 7 Professional has to be used for emulation to be available.

PC World January 2011 pg 70 displayed a graphic capture from Windows 7 that listed the following twelve operating systems that could be emulated under Windows 7.

Windows Vista
Windows Vista (Service Pack 1)
Windows Vista (Service Pack 2)
Windows Server 2008 (Service Pack 1)
Windows Server 2003 (Service Pack 1)
Windows XP (Service Pack 2)
Windows XP (Service Pack 3)
Windows 2000
Windows NT 4.0 (Service Pack 5)
Windows 98 / Window ME
Windows 95
I don't know

I was going to upload a JPG but I cannot get my printer to respond.

As to software? I long ago had all the software that I needed other than a current anti-virus. I started with Norton. Then it eventually slowed 98se down. Then Symantec dumped 98se. I started migrating until ... you know the drill... my back is against the economic wall.

Have a nice holiday and don't over indulge. :wave

Rod

 

Hi folks,

Tears :cry are appropriate. Progress has been small due to issues with ESET's NOD32 antivirus. I gave up attempting to use your approach to insuring my system was malware free. After completing your approach I still had periods of slow operation and that infernal msgsrv32(Not responding) freeze.

Past that I attempted a fresh install of Windows 98se. That went well up to the point that I installed and enabled NOD32. NOD32 refused to download any current database updates. Neither ESET or I could break its refusal. I returned to an image that I had in which the updates were known to work.

I then stripped that installation down to several essential (by my definition) programs. I achieved a bit better speed but still suffered from the msgsrv32(Not responding) problem and that even with a defrag of all of my drives. NOD32 again gets its updates with this configuration.

I get short periods (10s of minutes and less) between msgsrv32 messages when running CCleaner. I have hours between msgsrv32 messages when running Word, Excel, Outlook Express, etc. but they still occur. That is frustrating to say the least. I do not think that this problem is malware related.

I have a scenario that I will run by you on the msgsrv32 problem. Perhaps it will launch some new ideas.

Whenever I note the the desktop icons are not responding to the mouse cursor passing over them, I do a Ctrl-Alt-Del (cad) and receive the msgsrv32(Not responding) listing in the Close Program window. I dutifully end the program. I then do a Run - msgrv32. This may on first try return the system to normal operation. Other times I have had to go through as many as seven iterations around the 'freeze' - cad - end - run msgsrv32 loop before the system returns to normal. Sometimes following the run msgsrv32 command, there will be some drive activity followed by the Windows start up wav file playing followed by Explorer opening up followed by either another 'freeze' or full system functionality. This can be repetitive or not present at all.

Does that sound like malware to you?

Needless to say this activity has consumed considerable time. I am backed up re my primary use of the computer and since I can get hours of operation using the 'business' software without msgsrv32 or other problems cropping up, I am working to catch up.

I'll run my ESET license out and try to go with them till all support ends. That may be in 2012 by current expectations.

Thanks again for your help.

Rod

For me to believe is insufficient for you to know.
-rodalsa-

 

TimW,

Thanks so much. How much internet searching can one do and still miss a link like the one you tagged for me.

I'll work it through immediately and post back one more time a few months from now.

Rod,

For me to believe is insufficient for you to know.
- rodalsa -

 

Gentlemen with special gratitude to TimW,

I'm back ahead of schedule. I am now fully convinced that my problems with Win 98se and msgsrv32 are not malware related. I solved the problem -- for me at least.

I have not been bothered with the msgsrv32(Not responding) message since 02/01/11 7:47 PM -- and that with heavy use of my computer utilizing typical program usage and the test sequence of program operations that I finally found would reliably trigger the fault. It is now 02/03/11 9:43 PM.

How did I do it?

I cleaned out all of the Win 98se components except the following...

ACCESSORIES
Calculator
Imaging
Paint
WordPad
MULTIMEDIA
Audio Compression
CD Player
Macromedia Shockwave
Macromedia Shockwave Flash
Sound Recorder
Video Compression
Volume Control
SYSTEM TOOLS
Character Map

Immediately my test sequence was clear of all problems for four iterations. Prior to the clean out every use of the sequence bombed.

I removed in excess of 14 components during this operation. I will not list them here. I also will not attempt to define exactly which one of or combination of them produced the problem. <-- enough is enough!

Night has turned into day! :-D

All suggestions given were unfortunately unproductive. They all were fully appreciated and followed. Thanks to all that contributed both here and elsewhere.

I will post a similar message in the software forum as suggested by TimW, since I have not seen my particular solution to this malady anywhere.

Rod :wave

For me to believe is insufficient for you to know.
- rodalsa -