http://www.dslreports.com/forum/Re-Win98-ZA-and-AV-shutdown-10402572 en Sat, 26 Mar 2022 03:28:26 EDT Sat, 26 Mar 2022 03:28:26 EDT http://www.dslreports.com/forum/Re-Win98-ZA-and-AV-shutdown-10406567
I save a log at least every week, sometimes twice, of HTJ so that if the need arises I'll have a reference point to what is normal and not normal for my system and be able to help pinpoint anything if something goes wrong which is why I deleted that "016". There were others but all were normal and had the name of what it was and what website it was associated with. This one however only had the {1111....} so I removed it. About a week ago I had this in my log

O16 - DPF: {11111111-1111-1111-1111-111111111124} - ms-its:mhtml:file://C:\foo.mht!»graftymary.netfirms.com/ ··· tter.exe

which I was informed by someone it may be some exploit. At that time I went ahead and scanned and found nothing so I removed it with HTJ and that was that. The {111..} is exactly the same so could it have been the same thing? Possibly used by whatever did this? I'm going to try to find any backups I may have of my router logs to see what all was going on and what traffic there was. It's possible that someone else got on here and was downloading junk without me knowing. I generally keep it with one user on this machine since I'm really the only one that uses it except my mother whom was at work at the time, possible my sister or brother-in-law got on here. Anyways I'm gonna keep my eye open and make sure there's not anything on the other partitions and if I find any files which may be bad I'll be sure to submit them cause whatever caused this killed me. Everything ended up just going to hell.

Thought I was well covered with everything I had installed: AV, AT, Anti-Spyware, Anti-Adware, firewall, router. Just shows that not everything is 100%. I sure hope it is completely clean now but I kind of also hope that if in fact it was some malicious program that caused it that there is some reminence of it left that I can get to people so it won't happen to as many other people. ]]> http://www.dslreports.com/forum/Re-Win98-ZA-and-AV-shutdown-10406567 Wed, 02 Jun 2004 21:41:50 EDT http://www.dslreports.com/forum/Re-Win98-ZA-and-AV-shutdown-10406111
O16 - Download Program Files item
ActiveX Controls These are downloaded when you play an online game, use iPix, etc. If it is from a known game site such as Yahoo or Pogo, or the Macromedia site, its legit. Other items you can search for to find out. I usually just do a quick check over these items. Always fix them if they seem to be dialers, adult, or casino software.

From this page HJT Tutorial

Sure sounds like you had something, it would have been interesting to see what exactly it was that was in your machine. ]]> http://www.dslreports.com/forum/Re-Win98-ZA-and-AV-shutdown-10406111 Wed, 02 Jun 2004 20:45:14 EDT http://www.dslreports.com/forum/Re-Win98-ZA-and-AV-shutdown-10406010
It sounds like you had pretty good security, assuming you kept all those products up-to-date. If the products was something well known and well understood, it would have been stopped or detected when you ran a scan.

Whatever got through to your machine, it would have been nice to have had a sample of so counter-measures could be developed.

Re-formatting was probably the right thing to do to clean your computer, but I agree that it would be nice to know what caused your problems so you/we could ensure there isn't a repeat.

- Keith
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ)]]> http://www.dslreports.com/forum/Re-Win98-ZA-and-AV-shutdown-10406010 Wed, 02 Jun 2004 20:30:51 EDT http://www.dslreports.com/forum/Re-Win98-ZA-and-AV-shutdown-10404627
O16 - DPF: {11111111-1111-1111-1111-111111111124}
--
HABYA HABYA HABYA TEAR DOWN THE HEM STALKS EAT UP THE OLD MAN AND WOMAN AND CARRY OFF THE LITTLE GIRL MAY YOU DIE ALONE]]> http://www.dslreports.com/forum/Re-Win98-ZA-and-AV-shutdown-10404627 Wed, 02 Jun 2004 17:34:48 EDT http://www.dslreports.com/forum/Win98-ZA-and-AV-shutdown-10402572
The system was running just fine for a very long time. It's running Win98SE and as much security software/hardware as I think was required
Panda Platinum
eScan on demand
A2 AT
Spybot
Ad-aware
Spywareblaster
Linksys BEFSR11 router
Zone Alarm Free
Pest Patrol

I had the teatimer with Spybot on for a while and nothing went wrong then one day it started giving me errors anytime the screensaver or IE was running for a few minutes, so I turned it off and the problems stopped. All was well for about 3 days at which point I left my computer to go do some stuff, was in working order when I left and had just gotten done running some programs and what not, nothing was wrong. I came back and noticed that instant messenger had closed and ZA said it required a reboot. So I just restarted the computer at whichpoint ZA still would not load and Panda Platinum started causing illegal operations and would not run so just to be safe I unplugged the internet and shutdown everything I could in task manager and ran the eScan on demand scanner which found nothing. So I reinstalled ZA and rebooted and still would not open, then IE would not open and would crash the computer and so would Firefox, Instant Messenger, PestPatrol and Spybot. I then started getting some error (unfortunately I don't have the exact) of something like "XXXX caused a fatal error in kernel6836". Other programs worked just fine but any kind of AV or firewalls I tried to load would just crash, I tried installed Sygate and Panda's firewall all of which would just cause errors and die. The virus scans (eScan because it was the only one that would load) came up clean. Also there was one strange entry in my HTJ log which I removed it was a program called "dsrt.exe" unfortunately before I formated I forgot to backup the log so I could post it. I removed that entry but things still were going crazy and nothing worked. Last thing, I did try to reinstall Windows which also did no good, still the same thing at which point I just gave up and formated. The reason why I thought it might be a security issue is because of the programs which didn't work, almost all were related to security such as AV and what not. If it was a problem caused by something my AV wasn't detecting could it still be on here somewhere like on another partition and infect my C: drive again? I'd hate to have this nice and formatted and running all good again just to have it die. Any ideas or ponderings would be greatly appreciated.
--
HABYA HABYA HABYA TEAR DOWN THE HEM STALKS EAT UP THE OLD MAN AND WOMAN AND CARRY OFF THE LITTLE GIRL MAY YOU DIE ALONE]]> http://www.dslreports.com/forum/Win98-ZA-and-AV-shutdown-10402572 Wed, 02 Jun 2004 13:16:31 EDT