Try re-installing it and see if it's any better.
~Kristy
Malware in Windows 98SE [CLOSED]
Started by
Streamsz
, Jul 05 2005 09:46 AM
-
This topic is locked
#16
Posted 13 July 2005 - 02:37 PM
Kristy
-
- Member
-
- 1,099 posts
Visiting Consultant
Try re-installing it and see if it's any better.
~Kristy
#17
Posted 13 July 2005 - 05:05 PM
Streamsz
- Topic Starter
-
- Member
-
- 30 posts
Member
Hello Kristy
I tried re-installing Kerio firewall but I can't say it's getting any better
Maybe my Ethernet card is damaged, but frankly this really doesn't look like a hardware problem to me since several programs are affected and others aren't (I just had a try at Hotline Client and I was able to download a 3 Mb file without any trouble, sthg I could not do with Netscape or Internet Explorer ever since I had this problem)
Again, all these downloading/connection troubles started after I got infected with Smitfraud.c trojan, so don't you think there is a link between these events ?
Have a nice day,
D.
I tried re-installing Kerio firewall but I can't say it's getting any better
Maybe my Ethernet card is damaged, but frankly this really doesn't look like a hardware problem to me since several programs are affected and others aren't (I just had a try at Hotline Client and I was able to download a 3 Mb file without any trouble, sthg I could not do with Netscape or Internet Explorer ever since I had this problem)
Again, all these downloading/connection troubles started after I got infected with Smitfraud.c trojan, so don't you think there is a link between these events ?
Have a nice day,
D.
#18
Posted 13 July 2005 - 05:10 PM
Kristy
-
- Member
-
- 1,099 posts
Visiting Consultant
Hello streamsz,
Possibly. I will try to get some more input from some of the other staff members again, and I will get back to you.
~Kristy
Again, all these downloading/connection troubles started after I got infected with Smitfraud.c trojan, so don't you think there is a link between these events ?
Possibly. I will try to get some more input from some of the other staff members again, and I will get back to you.
~Kristy
#19
Posted 13 July 2005 - 05:21 PM
Streamsz
- Topic Starter
-
- Member
-
- 30 posts
Member
Thank you Kristy !
It sure feels good to get help from you guys
It sure feels good to get help from you guys
#20
Posted 13 July 2005 - 10:22 PM
Kristy
-
- Member
-
- 1,099 posts
Visiting Consultant
Hello streamsz,
Uninstall it, but this time don't re-install it. See if you have any problems then. Let me know.
~Kristy
Uninstall it, but this time don't re-install it. See if you have any problems then. Let me know.
~Kristy
#21
Posted 14 July 2005 - 07:30 AM
Streamsz
- Topic Starter
-
- Member
-
- 30 posts
Member
Hello Kristy,
I didn't answer right away because I wanted to make a few tries before.
I uninstalled Kerio firewall without re-installing but nothing improved
The problem is still the same : the connection suddenly breaks down when downloading or trying to display "heavy" pages (lots of large pics for instance).
Again, this problem doesn't affect the other PC sharing that connection, which is a bit ironical since that computer is an old PII 233 MHz with 64 Mb RAM and is communicating with the router by wireless, whereas this one (the infected one) is an Athlon XP2000+ with 256 Mb and uses regular LAN cable...
Can this be the result of an incomplete or inappropriate removal of malware I did ?
Please let me know if you could gather useful information.
Thanks
D.
I didn't answer right away because I wanted to make a few tries before.
I uninstalled Kerio firewall without re-installing but nothing improved
The problem is still the same : the connection suddenly breaks down when downloading or trying to display "heavy" pages (lots of large pics for instance).
Again, this problem doesn't affect the other PC sharing that connection, which is a bit ironical since that computer is an old PII 233 MHz with 64 Mb RAM and is communicating with the router by wireless, whereas this one (the infected one) is an Athlon XP2000+ with 256 Mb and uses regular LAN cable...
Can this be the result of an incomplete or inappropriate removal of malware I did ?
Please let me know if you could gather useful information.
Thanks
D.
#22
Posted 14 July 2005 - 09:50 PM
Kristy
-
- Member
-
- 1,099 posts
Visiting Consultant
Hello streamsz,
I got some more input from some of the experts.
How did you remove smitfraud? Also, check for updated drivers for the NIC card.
Try the wireless card in the affected PC too.
~Kristy
I got some more input from some of the experts.
How did you remove smitfraud? Also, check for updated drivers for the NIC card.
Try the wireless card in the affected PC too.
~Kristy
#23
Posted 15 July 2005 - 06:51 AM
Streamsz
- Topic Starter
-
- Member
-
- 30 posts
Member
Hello Kristy,
Thanks for your reply. I will check for drivers for my NIC card and also try the wireless card in this PC as suggested. I will let you know...
----------------------------------------------
For now, this is how I had to proceed to get rid of Smitfraud.c :
-First, you have to know that this infection was preventing me to access Windows. Either in normal or in safe mode, I was stuck with a warning window (Explorer. This program will be stopped etc...) which kept coming back and back when I tried to close it. Ctrl-Alt-Del was not working and all I could do was rebooting with the switch.
-I then tried to find a solution from DOS (even tried to re-install Windows from the original CD but the problem remained unchanged), and finally I ran scanreg and I restored the registry from a backup dated on the day before the infection.
-After that, Windows started normally and the desktop was not showing anymore the blue "Security Warning" Smitfraud background. I ran the tools I had then : AdAware SE and CWShredder, as well as Norton Antivirus. Norton found viruses in these two files : OLEADM.DLL and WININET.DLL. One was quarantined and the other repaired.
-It was then that I encountered that connection breakdown problem. I started looking for solutions on the internet and eventually found your forum. From that moment, I ran smitRem as well as all the tools indicated in the topic "You Must Read This Before Posting...", except the online scans which could not be completed because of perpetual connection breakdowns.
Is this information useful to determine what went wrong ???
Please let me know if anybody has an idea...
Thanks a lot
D.
Thanks for your reply. I will check for drivers for my NIC card and also try the wireless card in this PC as suggested. I will let you know...
----------------------------------------------
For now, this is how I had to proceed to get rid of Smitfraud.c :
-First, you have to know that this infection was preventing me to access Windows. Either in normal or in safe mode, I was stuck with a warning window (Explorer. This program will be stopped etc...) which kept coming back and back when I tried to close it. Ctrl-Alt-Del was not working and all I could do was rebooting with the switch.
-I then tried to find a solution from DOS (even tried to re-install Windows from the original CD but the problem remained unchanged), and finally I ran scanreg and I restored the registry from a backup dated on the day before the infection.
-After that, Windows started normally and the desktop was not showing anymore the blue "Security Warning" Smitfraud background. I ran the tools I had then : AdAware SE and CWShredder, as well as Norton Antivirus. Norton found viruses in these two files : OLEADM.DLL and WININET.DLL. One was quarantined and the other repaired.
-It was then that I encountered that connection breakdown problem. I started looking for solutions on the internet and eventually found your forum. From that moment, I ran smitRem as well as all the tools indicated in the topic "You Must Read This Before Posting...", except the online scans which could not be completed because of perpetual connection breakdowns.
Is this information useful to determine what went wrong ???
Please let me know if anybody has an idea...
Thanks a lot
D.
#24
Posted 15 July 2005 - 11:25 AM
Streamsz
- Topic Starter
-
- Member
-
- 30 posts
Member
latest news--- updated NIC drivers didn't solve the problem 
please refer to previous post
please refer to previous post
Edited by Streamsz, 15 July 2005 - 03:41 PM.
#25
Posted 15 July 2005 - 09:18 PM
Kristy
-
- Member
-
- 1,099 posts
Visiting Consultant
Hello streamsz,
First check the properties of wininet.dll (C:\Windows\system32\wininet.dll) and write down the version number.
Since SP1 has been applied, go to Windows Update and use the personalize feature (may say Use administrator options) to access the Windows Update Catalog. Click 'Find updates for Microsoft Windows operating systems', then select Windows 98 from the list and click 'Advanced search options'. Check the box for 'critical updates and services packs' and then click search. Locate Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB883939) - (Posted Date: June 10, 2005), click 'add' then 'go to download basket'. Browse to a location to save it (desktop is ok) and download. Open the folders and double click the IE6.0sp1-KB883939-Windows-98-ME-x86-ENU.exe self-extracting file. Follow any prompts and reboot. This should replace the wininet.dll
Check properties again to verify.
~Kristy
First check the properties of wininet.dll (C:\Windows\system32\wininet.dll) and write down the version number.
Since SP1 has been applied, go to Windows Update and use the personalize feature (may say Use administrator options) to access the Windows Update Catalog. Click 'Find updates for Microsoft Windows operating systems', then select Windows 98 from the list and click 'Advanced search options'. Check the box for 'critical updates and services packs' and then click search. Locate Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB883939) - (Posted Date: June 10, 2005), click 'add' then 'go to download basket'. Browse to a location to save it (desktop is ok) and download. Open the folders and double click the IE6.0sp1-KB883939-Windows-98-ME-x86-ENU.exe self-extracting file. Follow any prompts and reboot. This should replace the wininet.dll
Check properties again to verify.
~Kristy
#26
Posted 16 July 2005 - 03:40 PM
Streamsz
- Topic Starter
-
- Member
-
- 30 posts
Member
Hello Kristy,
I went to Windows Update and I downloaded and ran the patch you mentioned.
My WININET.DLL was indeed replaced with a newer version ( it went from 6.00.2800.1106 to 6.00.2800.1505) but unfortunately the problem remains unchanged...
Am I cursed ???
Well OK, I keep cool... nobody got hurt after all
But I would really appreciate getting out of this mess !!!
I went to Windows Update and I downloaded and ran the patch you mentioned.
My WININET.DLL was indeed replaced with a newer version ( it went from 6.00.2800.1106 to 6.00.2800.1505) but unfortunately the problem remains unchanged...
Am I cursed ???
Well OK, I keep cool... nobody got hurt after all
But I would really appreciate getting out of this mess !!!
#27
Posted 16 July 2005 - 07:40 PM
Kristy
-
- Member
-
- 1,099 posts
Visiting Consultant
Hello streamsz,
Fix the following entry.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
Reboot.
Then go to Network in control panel, select the NIC card>TCP/IP and properties. Make sure Automatically obtain IP is selected. Select the NIC card adapter and properties, then check the mode, eg; 10 mb half or full duplex vs 100 MB half/full or auto. Those can be reset and tested. 100 full is the preferred, but sometimes not feasible.
Check for firmware updates to the router. May be an option in the router admin panel to do this with one click.
Try another CAT 5 cable too!
~Kristy
Fix the following entry.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
Reboot.
Then go to Network in control panel, select the NIC card>TCP/IP and properties. Make sure Automatically obtain IP is selected. Select the NIC card adapter and properties, then check the mode, eg; 10 mb half or full duplex vs 100 MB half/full or auto. Those can be reset and tested. 100 full is the preferred, but sometimes not feasible.
Check for firmware updates to the router. May be an option in the router admin panel to do this with one click.
Try another CAT 5 cable too!
~Kristy
#28
Posted 17 July 2005 - 06:08 AM
Streamsz
- Topic Starter
-
- Member
-
- 30 posts
Member
Hello Kristy,
Thanks for your reply.
I fixed the entry you mentioned.
Concerning the NIC properties, there is a strange thing : as you can see on the attached screenshot, the entry "Media Type" is listed twice. Both were set on "Hardware Default", but when I try to change it, only one of them is showing the option "100 Mbps Full Duplex", the other one offers different options...
Is this normal, and how should I set these options ??
Also, may I ask what is a CAT 5 cable ?
Thank you
D.
Thanks for your reply.
I fixed the entry you mentioned.
Concerning the NIC properties, there is a strange thing : as you can see on the attached screenshot, the entry "Media Type" is listed twice. Both were set on "Hardware Default", but when I try to change it, only one of them is showing the option "100 Mbps Full Duplex", the other one offers different options...
Is this normal, and how should I set these options ??
Also, may I ask what is a CAT 5 cable ?
Thank you
D.
Attached Thumbnails
#29
Posted 17 July 2005 - 11:44 PM
Kristy
-
- Member
-
- 1,099 posts
Visiting Consultant
Hello streamsz,
Remove the NIC card from device manager and reboot. New hardware wizard will come up and re-install it. May need another reboot before using. If both media types come back, set both to auto.
Also, try the wireless card.
CAT 5 is the cable connecting the computer to the router.
~Kristy
Remove the NIC card from device manager and reboot. New hardware wizard will come up and re-install it. May need another reboot before using. If both media types come back, set both to auto.
Also, try the wireless card.
CAT 5 is the cable connecting the computer to the router.
~Kristy
#30
Posted 20 July 2005 - 12:21 PM
Streamsz
- Topic Starter
-
- Member
-
- 30 posts
Member
Hello Kristy,
I am not giving up, although discouragement is slowly overcoming me...
The cable was not to blame, I tried another one without any improvement. I also tried other ports of my router...
I had the hardware wizard re-install the NIC. Indeed the "Media Type" is appearing only once now, but the 100 Mbps Full Duplex option is not available (see pic). What should I choose : Harwdare Default, AutoSelect, or another one ?
There is also one weird thing : everytime I go into the NIC adapter>properties, and EVEN IF I DON'T MAKE ANY CHANGE, I am asked for the Windows 98SE CD when I click "Ok" to exit the properties window (clicking "Cancel" doesn't have this result). It is looking for the file PROTMAN.DOS, which isn't even present on the CD, so I have to redirect it to C:\WINDOWS where the file already exists. Is this a normal behaviour ???
As soon as it will be possible, I will try the wireless card in this computer to see if the 3Com NIC adapter is the source of troubles or not. I will let you know.
Thanks for your help
D.
I am not giving up, although discouragement is slowly overcoming me...
The cable was not to blame, I tried another one without any improvement. I also tried other ports of my router...
I had the hardware wizard re-install the NIC. Indeed the "Media Type" is appearing only once now, but the 100 Mbps Full Duplex option is not available (see pic). What should I choose : Harwdare Default, AutoSelect, or another one ?
There is also one weird thing : everytime I go into the NIC adapter>properties, and EVEN IF I DON'T MAKE ANY CHANGE, I am asked for the Windows 98SE CD when I click "Ok" to exit the properties window (clicking "Cancel" doesn't have this result). It is looking for the file PROTMAN.DOS, which isn't even present on the CD, so I have to redirect it to C:\WINDOWS where the file already exists. Is this a normal behaviour ???
As soon as it will be possible, I will try the wireless card in this computer to see if the 3Com NIC adapter is the source of troubles or not. I will let you know.
Thanks for your help
D.
Attached Thumbnails
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
