hi all
I have dual boot win98/winxp and windows 98 se got infected heavily i guess. So i wanna uninstall and reinstall only the 98. Any help will be appreciated. If i uninstall win98 how will I reinstall it coz it will boot to xp? pls help
Full Version: win98 uninstall/reinstall
Suggest A Fix PC Support Forums > General Computing > Fdisk, Dual-Boot, File System and Partition Problems
Hi Joe,
What are the symptoms ?
If the two OS are on the same HD, reinstalling Win98 will not solve the infection issue. If they are on separated hard disks you may be able to reformat and reinstall any of them with no problems.
You may try to run a housecall online virus check from http://housecall.trendmicro.com/ and clean what you can.
Please post back with more details.
Chris
| QUOTE |
| windows 98 se got infected heavily i guess |
What are the symptoms ?
If the two OS are on the same HD, reinstalling Win98 will not solve the infection issue. If they are on separated hard disks you may be able to reformat and reinstall any of them with no problems.
You may try to run a housecall online virus check from http://housecall.trendmicro.com/ and clean what you can.
Please post back with more details.
Chris
hi all,
I havent uninstalled since 4 yrs and were using internet and has become very slow in loading the the desktop particularly loading/unloading of tray icons while booting/shutdown. Usually takes 5 mins to shutdown win98se
I am posting a hijack log pls suggest me any fix
Logfile of HijackThis v1.99.1
Scan saved at 4:18:59 PM, on 10/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
F:\PROGRAM FILES\TWINKLE BULBS\TBULBS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SIFY BROADBAND\BBCLIENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SIFY BROADBAND\BBIMPSEC.EXE
C:\PROGRAM FILES\DAP\DAP.EXE
F:\DWN\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKCU\..\Run: [Twinkle Bulbs] F:\Program Files\Twinkle Bulbs\TBULBS.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clie...nts/y/ct1_x.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/...r/axscanner.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = www.sify.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.144.10.50,202.144.13.50
I havent uninstalled since 4 yrs and were using internet and has become very slow in loading the the desktop particularly loading/unloading of tray icons while booting/shutdown. Usually takes 5 mins to shutdown win98se
I am posting a hijack log pls suggest me any fix
Logfile of HijackThis v1.99.1
Scan saved at 4:18:59 PM, on 10/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
F:\PROGRAM FILES\TWINKLE BULBS\TBULBS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SIFY BROADBAND\BBCLIENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SIFY BROADBAND\BBIMPSEC.EXE
C:\PROGRAM FILES\DAP\DAP.EXE
F:\DWN\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKCU\..\Run: [Twinkle Bulbs] F:\Program Files\Twinkle Bulbs\TBULBS.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clie...nts/y/ct1_x.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/...r/axscanner.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = www.sify.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.144.10.50,202.144.13.50
Hi Joe,
Can't see anything really bad in your log, just some toiletting to do, but I'm not specialyzed on this, so you'll have to wait for a more skilled member advice.
Have you ran the housecall online virus check ?
Chris
Can't see anything really bad in your log, just some toiletting to do, but I'm not specialyzed on this, so you'll have to wait for a more skilled member advice.
Have you ran the housecall online virus check ?
Chris
Yeah just had a bit of a look through it nothing jumping out at me either.
Just some cleaning up to do.
First Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)
DAP
Next run HiJackThis and fix these.
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
Using Windows Explorer, locate the following folder and DELETE it (Do not worry if they are not there):
C:\PROGRA~1\DAP which contains dapextie2.htm and dapextie2.htm
Ok now your woundering why you uninstalled DAP this is taken from S&D web site. I will put a link for you to read about a few others so you can pick a clean download manger.
Download Accelerator Plus (7, dubious privacy policy)
A few versions back, Download Accelerator Plus came even without a privacy policy, and the one found in a hidden place online contained some bad terms. Today, during the installation a license agreement will be shown, and this license agreement contains a privacy policy. It's still quite misleading and contradicting though, speaking about co-registrations with other services on the one hand, but only anonymous publishing on the other hand. How a registration with other services can be done anonymously is beyond my understanding...
In addition, just starting it opens half a dozen connections to ad servers, including Cydoor. Couldn't deal with the downloads on the site I used for this tests, as it always tried to download the download page, blocking the load of it inside the browser. On other pages, it worked ok. Still, even if you neglect the ads and possible spying, there are other download managers that are easier to use.
If you want a download manager look here.
http://www.safer-networking.org/en/article...d-managers.html
Now for a general computer cleanup to free space on your computer and ensure no malware is hiding in temporary folders install and run CCleaner http://www.filehippo.com/download_ccleaner.html
Just some cleaning up to do.
First Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)
DAP
Next run HiJackThis and fix these.
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
Using Windows Explorer, locate the following folder and DELETE it (Do not worry if they are not there):
C:\PROGRA~1\DAP which contains dapextie2.htm and dapextie2.htm
Ok now your woundering why you uninstalled DAP this is taken from S&D web site. I will put a link for you to read about a few others so you can pick a clean download manger.
Download Accelerator Plus (7, dubious privacy policy)
A few versions back, Download Accelerator Plus came even without a privacy policy, and the one found in a hidden place online contained some bad terms. Today, during the installation a license agreement will be shown, and this license agreement contains a privacy policy. It's still quite misleading and contradicting though, speaking about co-registrations with other services on the one hand, but only anonymous publishing on the other hand. How a registration with other services can be done anonymously is beyond my understanding...
In addition, just starting it opens half a dozen connections to ad servers, including Cydoor. Couldn't deal with the downloads on the site I used for this tests, as it always tried to download the download page, blocking the load of it inside the browser. On other pages, it worked ok. Still, even if you neglect the ads and possible spying, there are other download managers that are easier to use.
If you want a download manager look here.
http://www.safer-networking.org/en/article...d-managers.html
Now for a general computer cleanup to free space on your computer and ensure no malware is hiding in temporary folders install and run CCleaner http://www.filehippo.com/download_ccleaner.html
Just to add on that Zenith, he is running HJT on a dual boot system, and I do not know what kind of interactions this may have if running under WinXP or Win98SE boot...
I wouldn't think it would matter he's running 98se when he scanned so that’s the one were dealing with currently unless your think his XP is infected.
hi zenith & ironbender
Many thanks guys. jus running the housecall scan and will be removing the dap from my pc shortly. The issue is for win98se. I regularly use windows cleanup.
Many thanks guys. jus running the housecall scan and will be removing the dap from my pc shortly. The issue is for win98se. I regularly use windows cleanup.
Hi cotnightjoe,
It's correct to say that HijackThis won't cross the boot sector
If I boot up WinXP and make some fixes with HijackThis, then boot up with the Win98 partition, the Win98 partition will not be affected.
HijackThis is mostly a Registry editor, although it can and does affect some other files as well (such as the Hosts file).
Even the "Delete a file on Reboot" facility is no more than file or Registry manipulation: on Win98 a file is created that causes the named files to be deleted / renamed on reboot (next boot into Win98) and on XP it's all done via the Registry. Thus in both cases, the deletions will take effect the next time the same OS is booted into.
The advice you've been given is sound; however, I'd also lose those red.clientapps.yahoo.com entries as they are also clutter. Optional fix again, but like the others I can see nothing malicious in your log.
Please can you do the following:
You may also want to do a standard clean-up; to do this, get hold of the freeware Ccleaner and install it onto both your XP and W98 systems.
For each installation:
1. Ensure that all the checkboxes on both the Windows and Applications tabs are checked on the left-hand pane (except those under 'Advanced' on the Windows pane).
2. Click on Run Cleaner and let it do its magic.
3. When it has finished, exit Ccleaner and reboot.
It's worth doing the online virus scan on both the XP and Win98 systems, and repeating the exercise every now and again.
Any queries, you know where we are
It's correct to say that HijackThis won't cross the boot sector
If I boot up WinXP and make some fixes with HijackThis, then boot up with the Win98 partition, the Win98 partition will not be affected.
HijackThis is mostly a Registry editor, although it can and does affect some other files as well (such as the Hosts file).
Even the "Delete a file on Reboot" facility is no more than file or Registry manipulation: on Win98 a file is created that causes the named files to be deleted / renamed on reboot (next boot into Win98) and on XP it's all done via the Registry. Thus in both cases, the deletions will take effect the next time the same OS is booted into.
The advice you've been given is sound; however, I'd also lose those red.clientapps.yahoo.com entries as they are also clutter. Optional fix again, but like the others I can see nothing malicious in your log.
Please can you do the following:
- Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake (some may have already been fixed by the others):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
Click on Fix Checked when finished and exit HijackThis. - Reboot your systemas normal
You may also want to do a standard clean-up; to do this, get hold of the freeware Ccleaner and install it onto both your XP and W98 systems.
For each installation:
1. Ensure that all the checkboxes on both the Windows and Applications tabs are checked on the left-hand pane (except those under 'Advanced' on the Windows pane).
2. Click on Run Cleaner and let it do its magic.
3. When it has finished, exit Ccleaner and reboot.
It's worth doing the online virus scan on both the XP and Win98 systems, and repeating the exercise every now and again.
Any queries, you know where we are
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.