I downloaded avast 4.8 to my windows 98 computer. In the first scan it
stopped several times and displayed the following messages:

c:\WINDOWS\Installer\1c01c4e.msi\ISSetupFile.SetupFile7\cd_clint.dll
c:\WINDOWS\Installer\1c01c4e.msi\ISSetupFile.SetupFile7\cd_htm.dll
c:\WINDOWS\Installer\1c01c4e.msi\ISSetupFile.SetupFile7
c:\WINDOWS\Installer\1c01c4e.msi\ISSetupFile.SetupFile4
c:\WINDOWS\Installer\2f4d61b.msi\ISSetupFile.SetupFile4
c:\WINDOWS\Installer\2f4d61b.msi\ISSetupFile.SetupFile6\cd_clint.dll
c:\WINDOWS\Installer\2f4d61b.msi\ISSetupFile.SetupFile6\cd_htm.dll
c:\WINDOWS\Installer\2f4d61b.msi\ISSetupFile.SetupFile6

Also, on these error message for each of these was printed the following:

Malware name: Win32:Adware-gen [Adw] Malware type: Adware

It then gave 3 options to deal with it. and the one recommended was to
send it to the chest. That is what I selected. After going through
these messages and sending them all to the chest, it then displayed the
following for each:

The operation is not supported for this type of archive. Cannot process:

I assume that it was saying that it could not send them to the
chest(whatever that is).
Every time I scan, I get all these messages again.

Can you tell me what to do. Should I delete these instead of the
recommended sending them to the chest?

It can’t extract the files from within the .msi archive/installation file without probably corrupting it.

You can manually delete the c:\WINDOWS\Installer\2f4d61b.msi file.
There are zero hits on the 2f4d61b.msi file on a google search (one, this topic) which I generally consider a bit suspicious.

Since it is an installation file, it is either already installed (and avast would have alerted to any part of the install) or it hasn’t been installed and in both cases, I don’t feel deletion is a huge issue.

As David said, you’ll need to delete the whole installation archive.

To check for any adware/spyware that may have been installed, run a scan with Spybot: it works on '98.

http://www.safer-networking.org/en/home/index.html

You may have/have had Cydoor adware bundled with Kazaa or Imesh.

I really do appreciate your replies but I must confess that I am low tech so I hope you will indulge a couple of questions: Are you telling me that, when I use Avast scan again and receive one of the messages like: “c:\WINDOWS\Installer\1c01c4e.msi\ISSetupFile.SetupFile7\cd_clint.dll Malware name: Win32:Adware-gen [Adw] Malware type: Adware” , that I should select the delete option? I understand that, if I do, I get another window which also gives the option of deleting at the next system startup. Is this what you are telling me to do or should I just use Windows Explorer, locate the c:\WINDOWS\Installer\1c01c4e.msi and
c:\WINDOWS\Installer\2f4d61b.msi files and delete them? If I do this, what happens to the other things in the Installer folder? I don’t even know the function of the folder much less the two contaminated file. If you don’t mind kind of leading me by the hand on this, I sure will appreciate it.

No problem, glad I could help.

No - Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.

It is just in this instance, because a) avast can’t extract the file within the .msi archive and b) there were a number of detections that really there is little point in keeping the main archive file. So generally the above statement is what you want to do.

The Installer folder remains (is a legit folder) you are only selecting the 1c01c4e.msi that is located in the Installer folder. Just right click on the 1c01c4e.msi file and select Delete, this will send it to the trash can and now you want to empty the trash can too or avast would detect it there.

Welcome to the forums.

What about just rerunning Avast and, when it brings up one of the files that is corrupt, select the delete option and then select to delete it at the next startup. In that case, even though you have selected to delete the corrupt file, at the next restart would it delete the whole archive?

Or would it just be better to delete the two archives with the corrupt files using the procedure you suggested?

Because the whole archive file isn’t detected but files inside the archive, so there is no option to delete the complete archive only the files that avast alerts on. Then you are back to the same option/problem, believe me when we suggest something we suggest the easiest option.

Yes you would have to delete both different archives, I was a bit slack in not mentioning the other archive file, 1c01c4e.msi.

Well, I deleted the two archive files. Then I went to scan again with Avast and It came up with some more messages: These messages all represent something I did before I made the initial post. Day before yesterday I emailed AVAST and attached the two archive files asking for help. I used Outlook Express. After sending the email, I deleted to two emails I thought. Well, Here are the messages I just got when I rescanned my c drive:

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack.eml#20656016\1c01c4e.msi#3630210579\ISSetupFile.SetupFile7\cd_clint.dll

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack.eml#20656016\1c01c4e.msi#3630210579\ISSetupFile.SetupFile7\cd_htm.dll

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack.eml#20656016\1c01c4e.msi#3630210579\ISSetupFile.SetupFile7

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack.eml#20656016\1c01c4e.msi#3630210579\ISSetupFile.SetupFile4

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack.eml#20656016\2f4d61b.msi#4253333286\ISSetupFile.SetupFile4

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack.eml#20656016\2f4d61b.msi#4253333286\ISSetupFile.SetupFile6\cd_clint.dll

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack.eml#20656016\2f4d61b.msi#4253333286\ISSetupFile.SetupFile6\cd_htm.dll

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack.eml#20656016\2f4d61b.msi#4253333286\ISSetupFile.SetupFile6

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack sending your requested files.eml#26447648\1c01c4e.msi#3630210579\ISSetupFile.SetupFile7\cd_clint.dll

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack sending your requested files.eml#26447648\1c01c4e.msi#3630210579\ISSetupFile.SetupFile7\cd_htm.dll

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack sending your requested files.eml#26447648\1c01c4e.msi#3630210579\ISSetupFile.SetupFile7

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack sending your requested files.eml#26447648\1c01c4e.msi#3630210579\ISSetupFile.SetupFile4

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack sending your requested files.eml#26447648\2f4d61b.msi#4253333286\ISSetupFile.SetupFile4

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack sending your requested files.eml#26447648\2f4d61b.msi#4253333286\ISSetupFile.SetupFile6\cd_clint.dll

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack sending your requested files.eml#26447648\2f4d61b.msi#4253333286\ISSetupFile.SetupFile6\cd_htm.dll

c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx\Msg from Jack sending your requested files.eml#26447648\2f4d61b.msi#4253333286\ISSetupFile.SetupFile6

Now what do I do? Do I just delete the file “c:\WINDOWS\Application Data\Identities{CF24B2A0-4026-11D3-9955-924A807B5A23}\Microsoft\Outlook Express\Deleted Items.dbx”
Actually, I have a removable d: drive that I only use for a monthly clone using Norton Ghost. I am sure that this same file on the d: drive will be uncontaminated so I could just delete the file on the c: drive and then copy the same file from the d: drive and put it on the c: drive. What do you think? Thanks for any help.

After my previous reply, I figured out that the folder that was showing all those virus messages is the Delete folder for Outlook Express. Well, I just opened up Outlook Express and deleted all of the messages in the Delete Folder including the emails that I sent to AVast two days ago sending them the two archive files that contained the virus. I am now rescaning with Avast and hope to get a clean scan. If I don’t I will repost tomorrow. Thanks

I would hope that you will come up clean as the only detections were in the deleted items folder/dbx file.

You don’t have to go to extreme measures like this emptying the deleted items folder would have been fine and then compact the folders in OE.

I believe Norton Ghost will have an image explorer much like Drive Image (DI) that I use, as they were bought out by Symantec and Ghost and DI were merged I think. That image viewer would allow you to find the deleted items.dbx file and delete it from the image.

It seems to have worked. I got a clean scan after deleting the emails in the delete folder on Outlook Express. Thanks for all your help.

On another topic, my computer is a emachine 433, windows 98. I have it loaded with the max memory = 256. It does well in most everything(even loads a lot faster than my XP machine. However, in IE6 some web pages that are slow to load will sometimes hang up(usually the ones with lots of graphics) and a control alt delete will reveal that the page is (not responding). Is that symptomatic of a virus or adware?

Over the years when I have used Spybot, I have noticed that their update file gets larger and larger. It is to the point where it takes almost 2 hrs to go through 800,000+ items on the update file. Is there a better adware/malware detector that goes faster.

THanks again for your help.

Well 256MB of RAM isn’t much, win98 can use up to 512MB I believe after that it is almost a case of diminishing returns on the cost/benefit side. I think you need win98SE to exceed 512MB anyway, it has been a very long time since I used win98.

You’re problem is the old OS as there are very few people still supporting it especially security based software and S&D is one of the few, I don’t know of any others off the top of my head, but I dare say they would suffer the same issues.

Increasing the RAM to 512MB may well see a general improvement in performance as your system won’t be constantly swapping out data between the swapfile and RAM.

As far browsing in general more and more sites are very media intensive and that slows loading, especially if like me you’re also on dial-up.

Sorry, but I do have Windows 98 SE

Same thing extra RAM would help and win98SE was better at managing it, so you may see improvements because your hard disk isn’t going to be thrashing around swapping data in and out of RAM.

W98SE will use at least 512 mb of RAM but, with a setting in MSConfig, it can use a bit more. My old 98SE computer has 640 mb of RAM.

Finding the RAM for old motherboards these days will be the trick. I suggest you look at TigerDirect.com and at Pacificgeek.com to try to find the right RAM.