Where to begin?

I've briefly read through the pined posts how to protect yourself from malware and How to:Spyware, Trojan and virus Removal. My concern is where to begin.

What steps apply to me in the How to: Spyware, Trojan and Virus removal. I ask this because I'm running a decrept version of windows 98SE and have not been updating when prompted, I have a internet explorer version 6.0 and I'm ready to delete it once I find something I can use to replace it. (firefox or oprea I guess)Also the fact that I am getting about blank hijacking as well as a home search hijacking. I cannot seem to find the tools at the top of my Windows explorer for C:/ on my version of windows. I also have a Virus that the dec 10th 2004 virus definitions from Norton can recognize as a virus but not how to deal with it. The ad-aware software I updated very early yesterday and have run it multiple times yet many of the worms and miners seemed to resist all my limited efforts and knowledge on my attempt to irradicate them. My system is slowing down considerably and my ping time on one of my favorite games is about 3 times normal. Random virus, worm, etc prevention web pages are poping up when I surf and it's quite annoying. I don't want to apply to any of them because thier method of delivery is straight out blackmail in my opnion.

I hope you see my problem of not knowing where to start and what to do about steps 2 and 3 on the how to:spyware,Trojan, and Virus Removal

I also was wondering exactly which of the tools in the Downloading tools (4)would be best suited for use on Windows98SE for the destruction and removal of my current problems. If anyone is expert enough a helping hand could be welcome if I'm just not using my ad-aware program properly. I should mention that my Norton is Norton Antivirus 2002 with the most recent definitions and some features like Norton protected recycle bin.

If I have left out any pertinate information to my problem please let me know.

I realize that this will likely be a fairly major overhaul of an older system. I am however not in a position to get a newer computer or system and would genuinely like to learn how to fix and prevent these effects on my computer so that I can apply the knoledge to future computers and prevent the unwanted use and abuse of my computer.

 

Sorry, I missed the two words "top of" in section 3 from reading too quickly and for section 4 I spent too much time looking at the file names and not enough on the paragraph before them. So much for my skim-reading skills.

 

Just finished the fourth download and It will likely will take me some time. I'll likely begin the how to protect yourself from malware once this gets taken care of. I hope that this prosess fixes it but If not I'll carefully read (and likely print like I did the malware and Major attitudes don't not post until post) and do what you just suggested in the bottom 3/4ths of your post.

 

Housecall found a trojan in the boot sector and removed it. It might be worthwhile to note when doing that online scan that housecall (Trend micro's free online virus scan) may seem to freeze for about 5-10 minutes while messing with the boot sector. I was beginning to wonder if the program had frozen and post such a question about what to do about it. I had the arrow and an hourglass when my mouse was over the application and scaned stayed at 0 for some time.

 

It's (Trend micro's) scanning my whole comp apparently it's found 10 non-cleanable trojan files so far and it's only done 65k files so far. I'm hoping that the next step will get them I guess I believe I have about 125k more files on my computer. So I might just leave it running and pick back up tomorrow.

 

humm thought I'd check it just before I went to bed. It just finished all of the files are in the windows directory the program is unable to clean them, should I use its delete option or hold off for one reason or another?

 

ALL of the following agents are in Trojans and the c:\windows\ directory

Troj Agent .aap c:\windows\sdkdj32.exe cannotaccess
Troj Agent .abq c:\windows\ieme32.exe noncleanable
Troj Agent .aap c:\windows\istl.exe cannotaccess
Troj Agent .abq c:\windows\altky.exe noncleanable
Troj Agent .ae c:\windows\rundll32.exe.$$$ noncleanable
Troj Agent .ae c:\windows\nsxcv.exe noncleanable
Troj Agent .aap c:\windows\javaul32.exe cannot access
Troj Agent .abq c:windows\mfcxd.exe noncleanable
Troj Agent .aap c:\windows\d3gy32.exe cannotaccess
Troj Agent .abq c:\windows\crun32.exe noncleanable

I don't know many key filenames but altky, javaul32, and crun32 sound like ones that may cause problems if deleted.

 

I have not since I am on step 1 first part should I skip ahead then to step 4 (about:buster) then continue with step 1 part 2? I'll do it w/in 5 minutes if not given a reply

 

I should re-mention that I was asking if I should use the delet option in the housecall scan. I was unsure if I should just ignore the results and continue or do something to deal with them at that point in the list part 1 first bullet.

 

I ran the (about:blaster) in normal mode. I then tried to reboot to safe mode and was unable to get to in I tried 3 times and one shutoff/turnon.

After these attempts I ran blaster again and got this on my first scan. (very similar to the first scan in normal mode.)

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

I can reset to MS-Dos mode but, I'm unsure why taping the F8 key will not work for me in my efforts.

 

Hsremove requires windows xp or windows 2000 :/

 

I wonder if this will work anyway since I cannot seem to achieve safe mode. Like I've said I can restart to msdos but the f8 key is giving me no joy in trying to reach safe mode.

 

I was thinking about the upcoming bullet 3 under step 1 I'll just ignore any do safe mode 1st instructions then

 

I actually managed to get it to work using the f8 method about 3 minutes after I asked, I ran the stinger and about:buster then foolishly restarted my computer thank you for the link. I'm sorry if I was short or didn't read well enough somone really angered me just before my post. (not you) and interupted a previous attempt at posting earlier.

When attempting ccleaner in normal mode the progess bar kept getting full and restarting. It eventually came up with a windows illegal function window on the process. I also was unable to find the optional delete index.dat checkbox. I'll see if there are any downloads for it but if you know offhand what tab it's supposed to be under please let me know. I'm tempted just to start over from the beginning of step one due to the multiple restarts since that point, can you tell me if that's what I should do or not? It takes ages to scan but, I think it may be worth it to spare you and I more frustration, although those scans take quite some time.

Once again I appoligize if I've "done your head in"(agrivated) you.

 

found the index option nevermind about that

 

Some of these I recognize but I fear it's alot to go through. my home page is google, Norton is my antivirus service, and I do have a dling utility through fileplanet. I do recognize several that I'd be more than happy to kill however. edit-bet i need to make it a txt :/

 

the txt version >.<

 

I'm unsure I'm hooked upto a local network that is connected to the internet. However this computer has been connected many times to networks connected to the web so I may have some left over settings I need to clear any Idea about the best way to check?

btw:the computer I'm hooked upto likely has more problems if I learn what to do well enough on this one I might attempt fixing his >.<

 

I killed controlad by add/remove
however my ad-aware se has clunked out 2 times now when trying to quarentene(2nd) or delete(1st) the 385(1st) or 377 of 381(2nd) items checked. I'll attempt to run it once more and let it run for the rest of the night.
Things don't look to good at this point but, perhaps tomorrow will bring more luck. going to attempt it in safe mode

 

I've been working hard. So much for sleep and such. I had too dificult of a time trying to get ad-aware and splyblast to work in safe mode (no mouse ps2 thing and the shading is horrible + enter wont start them) I managed to get ccleaner to work in there so i did it 2x deleted what I could w/o a mouse (the controlad dir and fastseeker dir could not locate other dirs) checked the processes to end somewhere in here and sometimes in the midst of all this as compared and removing things from highjack I'm having trouble remembering exactly when;

Then restarted to normal then did ccleaner 3x, did advertblaster, did ccleaner again 2x , then ad-aware se(nothing noted, perhaps I did it twice remember 4 objects taken care of sometime) then search ad destroy, then imunize then CWShredder then kill2me, then about:buster (ignored HSRemove due to win version) then deleted (Ksubg.exe from win/sys, only one I found from the list left) ran hijackthis with as much as I could think to turn off at 540am rechecked list only found the trusted *frame crazywinnings one told it to fix it with everything I could think of off reran it it poped up again in my list. I'm attaching my hijacktxt now.

Please tell me what I should do next, and how I can make SURE that these things don't return to plague me.

 

I happened to wake up a couple minutes ago and caught your post, I don't trust my faculties enough yet to try those or that step. Once again any suggestions on testing that IP in a way that is safe? Also I would really like to be sure system restore will not undo all my work by reseting, any way to doublecheck? sorry if not making sense and take your time in replying if you need. (spacedustM mumbles incoherently and stumbles back to his bed)

 

Well here is how my fighting with this comp is going,
I copied and pasted ipconfig /all > c:\ipinfo.txt into a start, run box and a msdos window briefly shows up (too quick for me to tell what it's doing) I've looked in the c:\ directory and done a find but it cannot find a ipinfo.txt anywhere

As for the merge I coppied to my notpad saved as move.reg then proceeded to double click on it's location. It ask id I want to ADD it I said yes and it gave me window box Cannot Import C:\mydocu~1\move.reg: The specified file is not a registry script You can import only registry files.

Yes I did do all files, and typed move.reg into the upper box.

I also had a brown out before I did this so I cleaned and checked and couldn't access the internet so I reset wondering if I mangled my ability to connect before I remembered the router needed to be unplugged for about a minute then repluged to regain access to the net. The cleaning didn't come up with much. I'm about to try both again (crosses fingers)

 

No luck I checked the properties of my move.reg and it said it was Registration Entries
and an arcive file the ending was a .reg

 

Running it from msdos prompt worked it created a file visable in dos prompt and through the browse option to attach files. Here is that file Still unsure about that reg file, this is what I copied and pasted to my notepad humm the info from you post looks different somehow I think the opening line has changed going to recopy and paste, it worked this time.

 

Crazy is gone, your new post came in while I was doing it, I'll go back to kill that line. I expect I'll be taking the next while after this working on the making your computer safe and secure section of the sticky (I don't expect anywhere near the amout of difficulties I had previously) Thank you once again.

I do have one remaining question about spywareblaster, does it conflict with nortons auto-protect and should I fire it up anytime I'm doing activities online. I'd ask about a firewall as well but I'm vitually positive I saw the info in a sticky that I glanced over and will end up sitting down to most carefully read and follow.

edit (that line killed)

 

I have already done most of the steps in the malware thread however I wanted to ask about this one:
7) Adjust Active X security settings
- In Internet Explorer, click Tools/Internet Options/Security. Click on the Internet globe. Then select 'Default Level', then click OK. Now select 'Custom Level' and scroll down to the ActiveX controls and plug-ins section:
- Set 'Download signed Active X controls' to Prompt
- Set 'Download unsigned Active X controls' to Disable
- Set 'Initialize and Script ActiveX controls not marked as safe' to Disable
Click OK and OK again.

It was already set like that in my internet explorer, however I've downloaded firefox and was wondering if it has a similar feature I need to find and enable should I begin to use it as my default browser. (firefox is set as default atm)

Btw:I did the windows updates one of them (something)-wdt required linking out or somesuch I was unsure of it so I put it off for later. I removed the microsoft java and installed the sun java (java web start) and got and installed zonealert