Window98 problem!

Hi Bill,

Abri said that you are the resident guru for the Windows 98 system here!

I am running the Windows98SE OS. Indeed it is a dinosaur & relic to many, it has served me well for my needs.

He also said that he would give you the heads up on what I have been facing with my computer (Malware Fourm: Win32 Delf AK). It all started when I found the so-called Win32 Delf AK infection due to a XoftspySE scan.

Though Abri & Tim fought hard to resolve this issue, nothing was ever found to warrant an infection on my computer.

The problem I do have from all of this is that my monitor does not turn off after 15 minutes of idle time like it use to before XoftspySE deleting my original Rundll32.exe file. After I deleted it & replaced it with a clean file, I now do not have two load powrprofiles, only one in my WinPatrol & Registry Repair start up programs.

I put the Win32 Delf AK file on the ignore list in the XoftspySe location so that when I do a scan, it will not show up. Paretologic (XoftspySE) has not responded to my query about the situation as of yet, it has been five days now. So sad

Well, like I told Abri & Time, this a great support group with a lot of class.

I await any assistance you provide me.

Take care,
Don

 

I'm not quite the expert people seem to think, but I'll do my best. I'm just the hard core user that still likes 98 around here.

Is this Win98 or Win98SE? There are some subtle differences, they are actually 2 different OSes, so it is important to match any files you replace with the same one.

Instead of dual boot, I have removable hard drives, so by the next time I answer I will have changed my computer back to my 98se drive, so I can probe around and check things out.

Just so I am clear on what the problem is, your power settings no longer turn off your monitor after 15 minutes (or whatever you have it set for). Is this correct?

False positives (or worse, nothing where there should be a positive) tend to make us users nuts, yes?

 

Well Bill,

Being modest does shows you have a strong heart, but when you have the stuff to do the job at hand, you should flaunt your prowess!

Yes, I am using the Windows98SE edition as my OS. I am using two hard drives on this Premio computer, so when the Rundll32.exe files was deleted, I replaced it with a file I have on my D drive. It was downloaded about two years ago from a clean site. Until this, the computer has been running fine except for the occasional blue screen & freeze. This computer has survived a fire & other sorts of ills, but it just keeps on ticking. All with 256mb memory, (2) 10 GB hard drives & a 266mhz Pentium II processor.
I hear the giggles already!

Indeed, my monitor use to turn off after 15 minutes of idle time by my energy setting (default), but now it stays on. I think when the other load powrprofile file disappeared, that was the one which controled that function.
The computer is working fine, I just wish it was back to normal.

Like I told Abri, if I have to I can live with it until I decide to move up to another system, but with all of the problems I see facing computers loaded with XP. The next computer I purchase will probably have Windows98SE as the OS. Again, I hear boos, hisses, & gigles, but I enjoy the simple things in life.

Also, I see you have Dallas TX in your profile. My what a small world it is. I reside in the small community of Seagoville. Close neighbors my friend!

Well, thanks for the concern & if you can shed some more light on what to do about restoring the shutdown function, I await your response.
Until then take care Bill.

Don

 

Since I generally recommend Xoftspy perhaps i should add my 2 farthings worth.

However I am currently at a disadvantage, not having the additional information so pm or, better, post it please.

I am not a fan of Winpatrol, you should not run this at the same time as Xoftspy.

 

Hi Studiot,

Well, I am with you as XoftspySE has been a great tool in my spyware arsenal, but this fiasco with the Win32 Delf AK so called infection of my computer has left me with serious reservations about this product & the support team.

It has been five days since I notified Paretologic about the issue, but there has not been a response as of yet. I renewed my license for another year back in September & I am sorry I did. If this was a false positive, they should be on top of this & let customers know of the default. I just placed the file in the ignore list for now.

If you wish you can read all of the data regarding this issue in the Malware fourm titled Win32 Delf AK. Let me know if there is anymore info you need.

I don't know much about WinPatrol, but it has alerted me to several attempts of programs trying to load on my computer.

Waiting to hear from you,
Don

 

I'm sorry for starting again at the beginning, but please check the following locations is the registry, but do not change anything yet. Some or all may not exist. (which would be good news).

Click Start > Run.
Type regedit
Click OK.

In the left pane

Navigate to the subkey:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, look for the values:

"ctflog manager" = "%Windir%\ctflog.exe"
"explore manager" = "%Windir%\explore.exe"
"inetinfomon manager" = "%Windir%\inetinfomon.exe"
"MPM manager" = "%Windir%\MPM.exe"
"service manager" = "%Windir%\service.exe"
"winlog manager" = "%Windir%\winlog.exe"


Navigate to and look for the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ExtA


Exit the Registry Editor.

 

Hi Studiot,

No problem, it is great that you want to check some things that may have been overlooked. I did log into the Registry & this is what was found in

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:
Default (Value Not Set)
SuperAntispyw "C:\PROGRAM FILES\SUPERANTISPYWARE\SUPE...

There was no entry for:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ExtA

I hope this helps & thanks so much for trying to help me.

Waiting to hear from you,
Don

 

As I said this is good news

This confirms that you do not have the Delf trojan.

Bill is correct in differentiating between 98 and 98SE. there was also a service pack, did you ever install it?

Please post the settings or screenshots of your power management settings

Right click on a blank area of desktop and I think its the screen saver tab.

Post also what it says in your bios about power management
to access the bios (setup) tap the del or F2 or whatever (watch the screen) key as you power up.

 

Hi Studiot,

WHEW!

I am elated to hear that & maybe this confirms that XoftSpySe has a few bugs in it in the form of False Positives. Nothing is perfect, but at least someone should be on top of this issue & let customers & potential ones know about such issues like this.

Okay moving on to the task at hand, here is a copy of my Power Management System:

Video Power Down Mode: Suspend
Hard Disk Power Down Mode: Standby
Standby Time Out (Minute): Disabled
Suspend Time Out (Minute): Disabled
Throttle Slow Clock Ratio: 50-62.5%
Modem Use IO Port: N/A
Modem Use IRQ: N/A
Display Activity: Ignore
Device 6 (Serial port 1): Monitor
Device 7 (Serial port 2): Monitor
Device 8 (Parallel port): Ignore
Device 5 (Floppy disk): Monitor
Device 0 (Primary master IDE): Monitor
Device 1 (Primary slave IDE): Ignore
Device 2 (Secondary master IDE): Ignore
Device 3 (Secondary slave IDE): Ignore
System Thermal: Ignore
Thermal Clock Ratio: 50-62.5%

Power Scheme: Always On
System Standby: Never
Turn Off Monitor: 15mins
Turn Off hard Disks: After 1 hour

I apologize for not taking a screen shot due to not having a camera available.

Abri sent me a note about being loyal to Windows98SE, so I am going to reply with vigor in support of this program.
Once again, I hear boos, hisses, & giggles!

Take care of yourself & know that I salute all of you for being a dedicated & wonderful group of people.

If you have anymore info I can use, please send it.

Don

 

I forgot to answer the service pack question.
Yes, I have all the updates since I found out Microsoft would no longer offer support for Windows98SE.

Take care,
Don

 

No camera needed for screen shots, when you have the screen you want to record press the Print Screen / SysRq button on your keyboard. This will copy the screen into the clipboard. In other words, you have copied in a copy/paste operation.

Then call up your favorite graphic editor, such as paint, and "paste" the screen on it. If you are using M/S Paint is the screen and option you use. Unforturnately, thumbnails won't fit the whole screen here on Major Geeks, if you need to show the whole screen then you use photographic display site (that are free) such as photobucket.

I'm using this process to show this screen. I trimed it down so I could use use thumbnails, AKA attachments. Screenshots are used to definitavely show what you have, sometimes those little details that you don't see count. To see the attachment full size click on it, then enlarge.

Looks like you're going to get some new techniques and skills while working on this. Screen shots are pretty handy for lots of other things too.

 

Again in the registry can you find the following:-


(edit>search>loadpowerprofile)

"LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentPwrScheme"

as a value for a key, possibly

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService

 

Hi Bill,

Thanks for the heads up on the screen shot. This info will surely come in handy in the future.

It is always a good thing to learn new things as it helps us to grow. I am grateful for the info.

Keep up the good work.

Thanks,
Don

 

Hi Studiot,

I took a look into the Registry in the location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices

There is only one key:
"powerprof.dll,LoadCurrentPwrScheme"

This key was not found:
"LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentPwrScheme"

Any suggestions?

Waiting to hear from you & thanks so much for the help.

Don

 

the control panel calls
powercfg.cpl, which calls
powerprof.dll

However I need to startup a Win98 pc to check out exactly and I can't do that tonight so I am signing off tonight.

Will post some more

 

Hello Don

If you could please provide us with the ticket # of your inquiry to Paretologic, we would be happy to investigate further.

Kindest Regards
Laura
Paretologic Liaison

 

Hi Laura,

Thank you so much for taking an interest into my situation regarding the Win32 Delf AK infection. It seems as if this was a mistake in the XoftSpySE program, my computer nonetheless has been comprised in the form of a monitor shutdown malfunction due to the deletion of the Rundll32.exe file it said was infected. I replaced it with a clean file I had saved in my D drive, but now my monitor does not shutdown after 15 minutes of idle time like it use to.

You can read more about the onset of the issue in the Malware fourm titled "Win32 Delf AK" posted about a week ago.

Here is the latest response I received from Paretologic & I was saddened that no technical report, support, or apology was given to me about my computer malfunction. It took almost a week for the first response.

Hello Don,

Thank you for your reply. Please be assured that we do take these issues very seriously. We recently changed some of the technology behind the user interface to allow the program to move forward into future issues more smoothly. Like any change these are a few bumps while making the change but our developers and the support team are working very hard to identify and correct these issues as quickly as possible, and minimize the impact on our customers. Your patience is very appreciated and hope these changes prove to have positive results for you in the future. If you have any further questions please let me know.

Best regards,


Richard

ParetoLogic Technical Team


Ticket Details
===================
Ticket ID: URP-159749
Department: Tech Tier 2
Status: Reply Sent


Like I told the wonderful people that tried to help me in this stellar group, I will probably have to live with this issue, but I hope no one else has to experience a computer/monitor malfunction due to a program error.

Take care,
Don

 

I've just checked my Win98SE PC for the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices settings and it should have this:

LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentPwrScheme
where LoadPowerProfile is the key name and the rest the Data

So if you just have powerprof.dll,LoadCurrentPwrScheme then you should edit that to read the above or delete and add a new key and type the LoadPowerProfile keyname and data.

 

Hi Yargwel,

First let me wish you & yours a Happy Thanksgiving!

Thank you for taking the time to help me try to solve my problem.

I did take a look at the Registry & found that I have this entry in the Run Services location:
LoadPowerProfile powrprof.dll,LoadCurrentPwrScheme

This is how it reads & I have been told to be very careful in editing the registry as many things can go wrong.

If you have the correct string that would allow my monitor to shut down properly as it once did, I would deeply appreciate any information you can provide.

In an earlier post, you can find out what happened to my computer due to a false positive from XoftSpySE. In a scan it said I had the Win32 Delf AK infection in my C:\Windows\Rundll32.exe.

I deleted it & replaced it with a clean file from my computer & now my monitor does not shut down after 15 minutes of idle time like before. Something happened to delete a load power profile as I had two in my start up items.

Well take care & I await your response,
Don
:wave

 

Instead of having the Power Scheme setting on Always On change it to Home/Office Desk.

See if that fixes it.

Steve

 

Hi Matacumbie,

I hope this Thanksgiving Day has been a blessing to you & yours.
Thank you so much for the information in helping me with my problem.

Well, unfortunately this has not helped & I truly believe until I find a way to add another load power profile to my start up programs, it will just stay on.

I am leary about messing with my registry, but if there is a sure way I can add the correct entry that use to be there, I will try it.

Somehow in the deletion of the Rundll32.exe file, a load power profile was erased.
I do not have a copy of Windows98SE to restore the file & I fear I would have to re-install Windows98SE & I do not want to go through that & lose my programs.

Well, thanks again for your help & if you have anymore information, I look forward to it.

Take care,
Don
:wave

 

That is all I could come up with that might make a difference. Sorry.

Hope you are having a Happy Thanksgiving as well.

Steve

 

Are you aware of BBS's? There is one local to you, I am the sysop. I can get you the files you need, remember that we are local to each other. Drop me a PM (private message), or call my BBS at (972)276-6721.

 

As I said in my previous post what you need to do is delete that key. Then add a new key LoadPowerProfile and then add the data as :
Rundll32.exe powerprof.dll,LoadCurrentPwrScheme

Do nothing else in the registry. Hope that's clear.

 

Hello Don

Thank you so much for giving me your ticket # and the additional information.

On behalf of Paretologic, please accept our most sincere apologies for the difficulties that you have experienced.

We trust that the issue has been resolved to your satisfaction. If it has not, then please do not hesitate to reply to the support ticket and request further assistance.

We appreciate your business, and our customer's satisfaction is of the utmost importance to us.

Kindest Regards
Laura
Paretologic Liaison