Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Wallpaper changed ; 'Dial up' Box got disabled

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby P;3 » August 1st, 2009, 5:17 am

Re-ran the scan but the Report still will not save ..sorry

However all IT still flags up is the Key thing which I know about :D


Meanwhile I HAVE located this
http://www.exterminate-it.com/malpedia/remove-stopzilla

about trying to remove STOPzilla; do you recommend any of those actions for me?

As AN Idea I have taken this screan-shot of my misconfig
Image

That bottom one is the path I need to get rid of as it seems stuck IN the Registry ,and wondered if I DO uncheck the STOPzilla in that might that help

Curious to know where IN the Registry the 'stragglers' are hinding...where might we need to look?
P;3
Regular Member
 
Posts: 657
Joined: May 28th, 2005, 5:02 am
Advertisement
Register to Remove

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby Dakeyras » August 1st, 2009, 7:49 am

Hi :)

about trying to remove STOPzilla; do you recommend any of those actions for me?
Not a wise move so no I do not recommend doing so.

Curious to know where IN the Registry the 'stragglers' are hinding...where might we need to look?
As I mentioned prior they do not pose a threat.

Overall I still do not think you have a malware issue. So lets try this in-depth scan as follows please.

Silent Runners:

  1. Right click here and select Save Link As... (In Internet Explorer it is Save Target As...).
  2. Save it to your desktop. Double click on Silent Runners.vbs to run it.
  3. When prompted to Skip Supplementary Search?, click No.
  4. When prompted to Are you sure?, click Yes.
  5. Another dialog box will open. Just click OK.
  6. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

Note: If you receive any warning message about scripts, please choose to allow the script to run.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby P;3 » August 1st, 2009, 11:55 am

problems with that !!!
although I have no idea why as it should be compatible with my OS!!
Image


:faroah:
P;3
Regular Member
 
Posts: 657
Joined: May 28th, 2005, 5:02 am

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby Dakeyras » August 1st, 2009, 2:02 pm

Hi :)

Not having much luck eh, though hardly surprising giving the fact the operating system is a dinosaur in IT terms. OK this is the last compatible W98 scan I am aware of.

TrendMicro™ HouseCall Scan:

  • Please go here to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby P;3 » August 6th, 2009, 3:36 am

Hi;Trend Micro only found what I expected ..that key thingi again!!!

I have run some more scans and will load up some screan-shots of what they found :D


FYI
:idea:
I have been looking around and found that DrWebCure seems also compatible with my OS as is Stinger :cheers:
Dr WebCureit found some stuff I was not aware of too;
I will be back with the info later :)
P;3
Regular Member
 
Posts: 657
Joined: May 28th, 2005, 5:02 am

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby Dakeyras » August 6th, 2009, 6:53 am

Hi :)

You were very lucky this topic was not closed, please make sure you reply within three days in future please, thank you.

Please do not use Stinger, as far as I am aware Trend Micro no longer update this application.

Do not run Dr Web CureIt either as this application if not used in the correct situation has a propensity to remove legitimate items.

Please post a new HijackThis Log and a log from the online scan if available.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby P;3 » August 7th, 2009, 2:16 pm

Latest HJT log as requested

Logfile of HijackThis v1.99.1
Scan saved at 19:14:51, on 07/08/09
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MAILWASHER\MAILWASHER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJTHIS\P3.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = index.php
F1 - win.ini: run=C:\WINDOWS\hpfsched.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\i4l3nxwx.slt\prefs.js)
O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O9 - Extra button: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
O9 - Extra 'Tools' menuitem: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_12\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_12\BIN\SSV.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://help.broadbandassist.com/prequal/BTPreQual.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

also ran Eset again but cannot save Log report BUT all it flags up is the key thingi as did the Trend scan you asked me to run


Do not run Dr Web CureIt either as this application if not used in the correct situation has a propensity to remove legitimate items.


I am actually very careful when I do run scans as, as YOU rightly say, it is so easy to remove quite legitimate files :pale:

Please do not use Stinger, as far as I am aware Trend Micro no longer update this application.

As far as I know it is updated...but admitedly not that frequently..maybe once every few months >>> which for, I guess many computer users ,may seem grossely insufficient for any useful scanning tool :roll:
P;3
Regular Member
 
Posts: 657
Joined: May 28th, 2005, 5:02 am

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby Dakeyras » August 7th, 2009, 3:18 pm

Hi :)

The HijackThis log is fine and still running renamed. So because the fact this is W98 machine, if anything nasty on-board it would show in most circumstances.

OK RE the key thingi this could well be a false positive/benign as mentioned before and screen shots are not good enough I'm afraid.

Check for updates with both SuperAntiSpyware and Avast, run a complete scan with both, if anything found apart from tracking cookies post the respective log please, thank you.

Now please run either of the online scans again and have a piece of paper and a pencil/pen on hand. Make a note of the complete file path and whatever the online scan used calls this key thingi/infection.

Only way to resolve what you think is a a issue I'm afraid as not a lot of compatible scanning applications left that are compatible.

Mentioned it before and I will again for the last time ;)

Overall I do not think you have a malware problem. Not a lot else I can advise at this point apart from two options if you really want peace of mind as the amount of specific scanning applications that are W98 compatible is limited to say the least.

Option 1# Perform a reformat and reinstallation of the Windows operating system. If I recall correctly this procedure is fairly fast with W98.

Option 2# Upgrade the operating system to XP SP 2 at minimum.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby P;3 » August 8th, 2009, 8:57 am

I have rerun Superantispyware on a full deep computer scan from up to date definitions

I have run a full scan with Avast

I have run a full scan with Trend micro and Eset on line scans ; all run clean :mrgreen:

I guess I am 'good to go'? :idea:

If so, thanks for your volunteering to work with this version of Windows and for giving it a 'health-check' :bounce:
P;3
Regular Member
 
Posts: 657
Joined: May 28th, 2005, 5:02 am

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby Dakeyras » August 8th, 2009, 10:32 am

Hi :)

Congratulations your computer now appears to be malware free!

Importance of Regular System Maintenance:

I advice you read the below listed topic as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Now some advice for on-line safety:

SUPERAntiSpyware Free Edition:

This is fine application to use with W98 and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, avast! Antivirus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Make your Internet Explorer safer:

This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Install WinPatrol:

Download it from here

You can find information about how WinPatrol works here

Install SpywareBlaster:

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Download it from here

The tutorial on how to use Spyware Blaster is located here

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

So how did I get infected in the first place?

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby P;3 » August 10th, 2009, 2:05 pm

One question

will either Win Patrol or Spywareblaster conflict with/interfere with the Hosts file I have on here

http://www.mvps.org/winhelp2002/hosts.htm

or with my Guard IE :?:

http://www.google.co.uk/search?hl=en&q= ... =&aq=f&oq=

one other poitn in YOUR 'favour'

I gather that Avast 4 home is soon to withdraw its support for win 98SE so AN antivirus protection for Win 98SE looks to be now thin on the ground; BUT Avast DOES do automatic updates which I find very useful :mrgreen:
P;3
Regular Member
 
Posts: 657
Joined: May 28th, 2005, 5:02 am

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby Dakeyras » August 10th, 2009, 3:46 pm

Hi :)

WinPatrol is still fine to download/install.

I opted for advising SpywareBlaster as this will add another layer of protection similar to a Host File. Plus it has a pseudo Back-Up/System Restore feature.

If you wish to stick with just the Host File thats fine, or if opt for SpywareBlaster no need for the Host file.

Not looking good then is it if Avast are withdrawing W98 support, even more of a reason to retire the operating system and upgrade.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wallpaper changed ; 'Dial up' Box got disabled

Unread postby Shaba » August 13th, 2009, 3:14 am

P;3 this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware