Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware in Windows 98SE [CLOSED]


  • This topic is locked This topic is locked

#16
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Sorry about the wait streamsz,

Try re-installing it and see if it's any better.

~Kristy
  • 0

Advertisements


#17
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello Kristy

I tried re-installing Kerio firewall but I can't say it's getting any better :tazz:

Maybe my Ethernet card is damaged, but frankly this really doesn't look like a hardware problem to me since several programs are affected and others aren't (I just had a try at Hotline Client and I was able to download a 3 Mb file without any trouble, sthg I could not do with Netscape or Internet Explorer ever since I had this problem)

Again, all these downloading/connection troubles started after I got infected with Smitfraud.c trojan, so don't you think there is a link between these events ?

Have a nice day,
D.
  • 0

#18
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello streamsz,

Again, all these downloading/connection troubles started after I got infected with Smitfraud.c trojan, so don't you think there is a link between these events ?


Possibly. I will try to get some more input from some of the other staff members again, and I will get back to you.

~Kristy
  • 0

#19
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thank you Kristy !
It sure feels good to get help from you guys :tazz:
  • 0

#20
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello streamsz,

Uninstall it, but this time don't re-install it. See if you have any problems then. Let me know.

~Kristy :tazz:
  • 0

#21
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello Kristy,

I didn't answer right away because I wanted to make a few tries before.

I uninstalled Kerio firewall without re-installing but nothing improved
The problem is still the same : the connection suddenly breaks down when downloading or trying to display "heavy" pages (lots of large pics for instance).

Again, this problem doesn't affect the other PC sharing that connection, which is a bit ironical since that computer is an old PII 233 MHz with 64 Mb RAM and is communicating with the router by wireless, whereas this one (the infected one) is an Athlon XP2000+ with 256 Mb and uses regular LAN cable...

Can this be the result of an incomplete or inappropriate removal of malware I did ?
Please let me know if you could gather useful information.
Thanks

D.
  • 0

#22
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello streamsz,

I got some more input from some of the experts.

How did you remove smitfraud? Also, check for updated drivers for the NIC card.

Try the wireless card in the affected PC too.

~Kristy :tazz:
  • 0

#23
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello Kristy,

Thanks for your reply. I will check for drivers for my NIC card and also try the wireless card in this PC as suggested. I will let you know...


----------------------------------------------
For now, this is how I had to proceed to get rid of Smitfraud.c :

-First, you have to know that this infection was preventing me to access Windows. Either in normal or in safe mode, I was stuck with a warning window (Explorer. This program will be stopped etc...) which kept coming back and back when I tried to close it. Ctrl-Alt-Del was not working and all I could do was rebooting with the switch.

-I then tried to find a solution from DOS (even tried to re-install Windows from the original CD but the problem remained unchanged), and finally I ran scanreg and I restored the registry from a backup dated on the day before the infection.

-After that, Windows started normally and the desktop was not showing anymore the blue "Security Warning" Smitfraud background. I ran the tools I had then : AdAware SE and CWShredder, as well as Norton Antivirus. Norton found viruses in these two files : OLEADM.DLL and WININET.DLL. One was quarantined and the other repaired.

-It was then that I encountered that connection breakdown problem. I started looking for solutions on the internet and eventually found your forum. From that moment, I ran smitRem as well as all the tools indicated in the topic "You Must Read This Before Posting...", except the online scans which could not be completed because of perpetual connection breakdowns.



Is this information useful to determine what went wrong ???
Please let me know if anybody has an idea...

Thanks a lot
D.
  • 0

#24
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
latest news--- updated NIC drivers didn't solve the problem :tazz:

please refer to previous post

Edited by Streamsz, 15 July 2005 - 03:41 PM.

  • 0

#25
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello streamsz,

First check the properties of wininet.dll (C:\Windows\system32\wininet.dll) and write down the version number.

Since SP1 has been applied, go to Windows Update and use the personalize feature (may say Use administrator options) to access the Windows Update Catalog. Click 'Find updates for Microsoft Windows operating systems', then select Windows 98 from the list and click 'Advanced search options'. Check the box for 'critical updates and services packs' and then click search. Locate Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB883939) - (Posted Date: June 10, 2005), click 'add' then 'go to download basket'. Browse to a location to save it (desktop is ok) and download. Open the folders and double click the IE6.0sp1-KB883939-Windows-98-ME-x86-ENU.exe self-extracting file. Follow any prompts and reboot. This should replace the wininet.dll

Check properties again to verify.

~Kristy :tazz:
  • 0

Advertisements


#26
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello Kristy,

I went to Windows Update and I downloaded and ran the patch you mentioned.

My WININET.DLL was indeed replaced with a newer version ( it went from 6.00.2800.1106 to 6.00.2800.1505) but unfortunately the problem remains unchanged...

Am I cursed ???
:tazz:

Well OK, I keep cool... nobody got hurt after all ;)
But I would really appreciate getting out of this mess !!!
  • 0

#27
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello streamsz,

Fix the following entry.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

Reboot.

Then go to Network in control panel, select the NIC card>TCP/IP and properties. Make sure Automatically obtain IP is selected. Select the NIC card adapter and properties, then check the mode, eg; 10 mb half or full duplex vs 100 MB half/full or auto. Those can be reset and tested. 100 full is the preferred, but sometimes not feasible.

Check for firmware updates to the router. May be an option in the router admin panel to do this with one click.

Try another CAT 5 cable too!

~Kristy :tazz:
  • 0

#28
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello Kristy,

Thanks for your reply.
I fixed the entry you mentioned.

Concerning the NIC properties, there is a strange thing : as you can see on the attached screenshot, the entry "Media Type" is listed twice. Both were set on "Hardware Default", but when I try to change it, only one of them is showing the option "100 Mbps Full Duplex", the other one offers different options...

Is this normal, and how should I set these options ??

Also, may I ask what is a CAT 5 cable ?

Thank you
D.

Attached Thumbnails

  • 3Com_properties.jpg

  • 0

#29
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello streamsz,

Remove the NIC card from device manager and reboot. New hardware wizard will come up and re-install it. May need another reboot before using. If both media types come back, set both to auto.

Also, try the wireless card.

CAT 5 is the cable connecting the computer to the router.

~Kristy
  • 0

#30
Streamsz

Streamsz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello Kristy,

I am not giving up, although discouragement is slowly overcoming me...

The cable was not to blame, I tried another one without any improvement. I also tried other ports of my router...

I had the hardware wizard re-install the NIC. Indeed the "Media Type" is appearing only once now, but the 100 Mbps Full Duplex option is not available (see pic). What should I choose : Harwdare Default, AutoSelect, or another one ?
There is also one weird thing : everytime I go into the NIC adapter>properties, and EVEN IF I DON'T MAKE ANY CHANGE, I am asked for the Windows 98SE CD when I click "Ok" to exit the properties window (clicking "Cancel" doesn't have this result). It is looking for the file PROTMAN.DOS, which isn't even present on the CD, so I have to redirect it to C:\WINDOWS where the file already exists. Is this a normal behaviour ???

As soon as it will be possible, I will try the wireless card in this computer to see if the 3Com NIC adapter is the source of troubles or not. I will let you know.

Thanks for your help
D.

Attached Thumbnails

  • NIC_properties.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP