Win 98 trouble

I’m working on a system that has Windows 98 on it. The system had no AntiVirus on to begin with.
Only a dialup connection was used on this system. I installed avast and ran a scan that came up clean.
Then I tried to update the virus definitions with the stand alone file downloaded from the avast website and when I ran that it tells me that the VPS is already up to date but according to avast it is not. Also is the the boot scan option available for Win 98? It is greyed out and not available. I scanned the system with Spybot Search and Destroy with up to date sig files and it came up pretty clean, just one entry called Alexa. Any thoughts? Thanks!!

Hello :slight_smile:

Check if the system time/date is correct. What is the version of the VPS file? (the latest version is 000754-5)

No, the boot-time scan is available only on NT based systems - eg. WinNT, Win2000, WinXP … :wink:

Yes the system time and date is correct. The VPS file is 000737-2 dated 4-30-07. That’s what is strange when I run the downloaded VPS install file I get the VPS is already up to date. Thanks!

From where did you downloaded the VPS file? Try downloading the VPS file again from http://avast.com/eng/update_avast_4_vps.html

Try a repair of avast. Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow. You need to be on-line to do this.

This has worked in the past to synchronise the version details between about avast and what you have.

I’ll try that, thanks! Currently I’m not online yet because I was trying to be sure the system was clean
before I hooked it up to my wireless network. The dialup account they had is no longer active so that is not a option. Currently the system seems a bit buggy and slow so I’m just not sure what is going on. Thanks!!

No problem, you could do a reinstall using the latest version downloaded on to your other system and copy to CD or USB drive and use that to reinstall if you are likely to be off-line for a while. That should resolve it though a repair is less hassle to try first.

If you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

Here is the Hijack this log file. Thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:03 PM, on 07/08/2007
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\BITWARE\CBWHOST.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\BITWARE\CBWATTN.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\WINDOWS\SYSTEM\CPQPSCP.EXE
C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
N1 - Netscape 4: user_pref(“browser.startup.homepage”, “http://my.netscape.com/index.tmpl?r”); (C:\Program Files\Netscape\Users\bbosman\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM..\Run: [AtiKey] Atitask.exe
O4 - HKLM..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM..\Run: [OEMCLEANUP] c:\windows\OPTIONS\oemreset.exe
O4 - HKLM..\Run: [CPQEASYACC] “C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe”
O4 - HKLM..\Run: [CompaqSysTray] cpqpscp.exe
O4 - HKLM..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM..\Run: [CyberMedia Agent] “C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE” /SU
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..\RunServices: [HC Reminder] hc.exe
O4 - HKLM..\RunServices: [CBWHost] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWHOST.EXE
O4 - HKLM..\RunServices: [CBWAttn] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWATTN.EXE
O4 - HKLM..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM..\RunServices: [EncMonitor] c:\compaq\access\Encompass\Monitor.exe
O4 - HKLM..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - .DEFAULT Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE (User ‘Default user’)
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User ‘Default user’)
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


End of file - 5145 bytes

I’m not an expert on HijackThis… But you can check the automatic analysis of your HijackThis log here.

You can find more info in the links of the last column of this table.
That info could guide you on the cleaning process.
Anyway, if you have doubts, just post here.
Also, take a careful look at the first column of the table:

  1. If you don’t recognize a legit program in one of the items marked as FIX IF UNKNOWN, please post it back here and maybe we can help you. Or, if you’re sure it’s a malware item, you can remove it as posted bellow.

  2. If you agree with the automatic classification of the infected items marked as FIX (CHECK NOTES!), you can turn back to HijackThis program, check the box of this item and then remove it using the button ‘Fix checked’.

Hope it helps.

I don’t see anything obvious, but this entry seems redundant and could be fixed.

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

am new to this type of thing, forums etc, downloaded some form of av cleaner,cud have been 4.7 decided i didnt want it, so uninstalled it all, now i cant send or receive e mails in outlook express(i`m on win 98), complete novice at the pc, how do i get my e mail back to normal as i have a lot of important coresspondence daily(and my partner at university too)
the message i get when i open my outlook version 6 is

The connection to the server has failed. Account: ‘home’, Server: ‘127.0.0.1’, Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10061, Error Number: 0x800CCC0E.

id be grateful if can let me know, or e mail me asap on teessidetone6@hotmail.com. cos im bound to get lost on here

How did you uninstall it, the email account details should have been set back to what they were ?

You will need to set your email accounts to what they were before installation, namely the 127.0.0.1 needs to be set to what it was before. See image of the changes made to your email account settings, theres are what you need to reverse.

Can I ask why you decided to uninstall avast ?
If you had a problem perhaps we can help you resolve that.

I suggest you remove your email unless you like spam, this is a publicly available forum and it could be harvested by a spambot collecting email addresses.

dunno what that clip of a sheet of paper was but it wouldnt open as it says its unavailable or cant be found, i just decided that i didnt know what i was getting into downloading new stuff, so i went on the uninstall programme from the av homepage i think(i think i was directed there), how do i reset my e mail? soz if i sound thick, but wot u said went clean over my head. as for spam, i have spamblocker on my outlook express e mail programme

Just click on it and it expands.

That is the problem you should just have used the windows add remove programs to uninstall avast. The uninstall utility is designed for use if add remove programs fails and it doesn’t restore your original email settings.

You need to set your accounts up as they were before, with the Server address reflecting your ISPs email servers and your user name as it was, this is what avast will have changed it to, you have to reverse that setting.

The server address for both POP and SMTP should be set to 127.0.0.1 The POP server name set to: username#pop.isp.com (use the actual username and ISP info) and... SMTP server name to: username#smtp.isp.com

so how do i find what my previous mail details were, to re use my mail programme, i set up outlook express years ago and have never had to alter it in anyway thats why im not sure what to change now.its an old system and pc, just ticking along but in hindsight it was doing a decent job, i thought by downloading av it would just spruce things up a bit, obviously not. now i check whether important mail, im waiting for has arrived

  1. I have tried to show you that the information is there but it is in a different format and location you need to put that in the right place. Did you not manage to expand the image I posted, that shows what avast does to be able to scan your email. The original information is still there and although in a different format and location it can still be seen and you should be able to change everything back using that information.

Replace the server address, 127.0.0.1 with pop.isp.com (use the actual ISP info) and set your username to what it was originally also retained before the # in username#pop.isp.com so the information is there to be able to restore your original settings.

Or you could check your ISP F.A.Q. email settings, etc.

as far as i can recall i`m sure it was just pop3@ntlworld.com and smtp@ntlworld.com for incoming and outgoings etc but when i try to do it, it says they are not valid change anyway?

Well is that what was in the information remaining, I would say it wasn’t, the information is likely to have been username#pop3.ntlworld.com change the @ to a ‘.’ and that should resolve that problem.

Thanks for the support Tech and David R. I ran the Hijack This Analyzer and there was some items that looked fishy. I got the OK from the owner of the system to do a format and reinstall. I think this will be best because there is a bunch of left over junk on the system.

Hey Tech, I like your new Avatar!

Thanks again Mates!!