So a friend wanted me to fix up their machine

[me3000]

It barely booted up & gave them out of memory errors. Turns out one of her children had turned off Norton - in early 2003. Same child had a bad habit of downloading software from any popup that promised to stop popups. The idiot is an adult too, gotta sell him some swampland. Anyway, it had 76 viruses and over 500 pieces of spyware. I've spent spent almost a week tracking down and elimating this junk. Now I find two new problems. It will not connect to the internet using my cable connection. It will connect using the dial up modem - but either way Internet Explorer will not bring up any web pages. IE comes up with the message "web page not found". Its either something simple I've forgotten or cleaning the system wiped something I shouldn't have. Any ideas? Its a Win98 SE operating system. Internet set up should be fine, its set to dial out if a lan connection isnt present. Thanks.

[Rip]

It barely booted up & gave them out of memory errors. Turns out one of her children had turned off Norton - in early 2003. Same child had a bad habit of downloading software from any popup that promised to stop popups. The idiot is an adult too, gotta sell him some swampland. Anyway, it had 76 viruses and over 500 pieces of spyware. I've spent spent almost a week tracking down and elimating this junk. Now I find two new problems. It will not connect to the internet using my cable connection. It will connect using the dial up modem - but either way Internet Explorer will not bring up any web pages. IE comes up with the message "web page not found". Its either something simple I've forgotten or cleaning the system wiped something I shouldn't have. Any ideas? Its a Win98 SE operating system. Internet set up should be fine, its set to dial out if a lan connection isnt present. Thanks.

You need hijackthis. Be careful and read up on it's usage!

[Bakhtosh]

Have you tried doing a repair install of the OS? I think 98 has a program called SCF (for system file checker). You can also download the latest IE installer on your PC and move it to the friend's PC and install it clean, hopefully replacing any necessary files.

Barring that, have you checked the proxy and connection settings in IE?

[Gedd]

Good grief...that many problems and I'd say nuke it from orbit, it's the only way to be sure.

Seriously consider just reformatting and reinstalling. Other than that, you might try checking the stuff Bakhtosh mentioned, and you might check the HOSTS file to see if there's anything bad there.

[JSHAW]

I'm in 100% agreement with Gedd, nuke it from orbit. It's the only way to be sure.

If you've spent more than 2 hours messing around with the machine it's time to reformat/reinstall the OS. Win98 just isn't worth spending more than 2 hours to get it to operate in a stable condtion.

Unless you like wasting hours and hours on this particular machine just to see if you can fix it, reformat/reinstall/install virus protection/update with all applicable Win98se updates/security patches/install Spybot & AdAware, show owner how to scan for spyware/adware & keeping virus protection updated. Then RUN away very fast.

[Biyobi]

I'll add my agreement with the "nuke it from orbit" crowd, unless you're billing hourly.

[Raven_13]

... over 500 pieces of spyware.

Gotcha beat. I cleaned up my girlfriend's mom's computer last weekend and AdAware found 792 instances. Oddly enough, there were no viruses.

[me3000]

I should have reinstalled it - if I had know how much trouble it would be. But after spending all this time I've gotten muleish - the *@! system will work as is or else! I'll try to reinstall IE & then the system checker. Hopefully one of them will solve the problem. Thanks.

[Rip]

I should have reinstalled it - if I had know how much trouble it would be. But after spending all this time I've gotten muleish - the *@! system will work as is or else! I'll try to reinstall IE & then the system checker. Hopefully one of them will solve the problem. Thanks.

Did you run hijackthis and see what browser helpers and such are installed? I'm telling ya, if you can ping stuff but browsing doesn't work that is the way to fix it. Post the hijackthis result file and I will try to help you pick out the crap.

[dangerballs]

You might need to use this utility...

http://www.cexx.org/lspfix.htm

A lot of times, Adware and hijackers will leave your winsock stack damaged even after you uninstall, this utility can help fix those problems.

[me3000]

Rip, I ran HighJackThis. I came up with 6 screen shots and 150 items. I dont have a place to host photos but I could email the word file to you with the screen shots. That seems to be a lot of work though. I am edging into the nuke'm and start over camp.


Dangerballs, I tried LSP. It came up with 4 changes & there isnt any change.

[Rip]

Rip, I ran HighJackThis. I came up with 6 screen shots and 150 items. I dont have a place to host photos but I could email the word file to you with the screen shots. That seems to be a lot of work though. I am edging into the nuke'm and start over camp.


Dangerballs, I tried LSP. It came up with 4 changes & there isnt any change.

After you press the scan button it changes to save log. Just save the log file and cut/paste it here.

[me3000]

Ok, this is the result of the scan..


Logfile of HijackThis v1.98.2
Scan saved at 6:18:07 PM, on 11/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\CONNECTIONMANAGER.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\VCOM\FIX-IT\MXTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.greenapple.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Green Apple, Inc.
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\WINDOWS\TV MEDIA\TVMBHO.DLL
O1 - Hosts: ¯Ðð+žÍ«àÖñÐ/nÔâ

[Rip]

This line C:\WINDOWS\SYSTEM\MPREXE.EXE means you are running mutiple network protocols. You probably don't need to. I would uninstall IPX/SPX and Netbeui if installed. That isn't your problem however.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.greenapple.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Green Apple, Inc.
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\WINDOWS\TV MEDIA\TVMBHO.DLL
O1 - Hosts: ¯Ð ð+žÍ«àÖñÐ/nÔâ

[me3000]

I really appreciate all the help, but nothings worked. I hate to give up but its time to reinstall 98. Thanks again for the time & effort.

[Brian]

Gotcha beat. I cleaned up my girlfriend's mom's computer last weekend and AdAware found 792 instances.

Pfffft. At work the current record is just over 6000 spyware items.

The virus record currently stands at just shy of 14,000 instances of Netsky on a clients file server.

[Raven_13]

Gotcha beat. I cleaned up my girlfriend's mom's computer last weekend and AdAware found 792 instances.

Pfffft. At work the current record is just over 6000 spyware items.

The virus record currently stands at just shy of 14,000 instances of Netsky on a clients file server.

6000?! I can't believe the machine would even be able to boot.

[me3000]

The machine I'm dealing with is 750 mghz with 250 megs of ram. It barely booted up at first. How fast was that machine? 6000? Wow.