Assisance with Win98

I am basically computer incompetent. With that said, my family members are worse, and after reciving an infected e-mail our computer has been swamped with "fecal matter". I've installed and run Ad-aware, SpyBot S&D, and I reguarly use Notron AV/Firewall, but to no avail. After cleaning out my computer (and after 4+ hours on the phone with microsoft tech support), Mostly everything is fixed (or theres programs that are hidden and I cant find). Mostly. there is a toolbar that got installed (The "Begin2Search.com" toolbar) and it just won't die. I have no idea what a Hijack this log is, haven't run(?, is used a better word?) one, but this toolbar runs as a component program, so its not shown an the add/remove programs list. It doesn't even show in the running processes list. For that matter, I've searched that IE folder and cant find it. I'm basically a babe in the woods and could use some help.
Now, when, with your help, I finally get deleted, is there any way to make certain that all of that malware/spyware/adware/trojan horses and what-not are actually gone and not just residing in some hidden file?
I realize that this type of problem has come up on Delphi before, but I've checked and it does not apply to this (I've already used all the suggested AV programs without any sucess). You might be able to ID this problem by a file named "o". It is a .bat file and runs a MS-DOS screen that searches for a non-existant file, then overruns the search buffer (As I understand) and writes 19 different adware/spyware programs to your computer. Any help at all is appreciated, and if you need more info, please say so.
Thank you all very much.

Michael Greenley, Team 341

[Matt Attallah]

Ad-Aware not pick it up?!

Are your .Dat files up to date? Ad-Aware has "Ad-Aware SE" now out - running version 1.05. (As of 9-29-05). That is what I run and it picks up EVERYTING...

I couldn't help ya out any other way...sorry!

[Jay H 237]

This thread will be of interest to you. There's a lot of excelleny programs mentioned in there including Highjack This. I had to use some of these programs on a laptop I bought off Ebay.
I would run Highjack This and BHO Demon and that should fix it. I'm guessing Begin2Search.com is coming from a .dll file somewhere.

[gobeavs]

Besides what has already been said I can't help you remove the problem, but once you do that I have some advice. Use Opera or Firefox. Some spyware and stuff like the toolbars come through flaws in Internet Explorer, if you use Firefox or Opera they don't have those holes. They also are just better browser in my opinion.

[sanddrag]

The simple fix would be to get an Apple.

Seriously now, check everything in your tasklist against this "dictionary" http://www.answersthatwork.com/Taskl...s/tasklist.htm Be careful with capitalization and "L"s looking like "I"s and stuff like that.

Also, I used to work in the Technology Services department of a school district. With a case like yours, we would have done everything you did, and if that didn't work, we would have gone straight for a re-image. Since this is probably not an option in your case, I'm not really sure what to tell you to fix it. Do you have the Windows CD and all your program CDs? If so, you could back up your files to an external HD and reinstal Windows and your programs.

To keep spyware/adware/malware off, we would use SpywareBlaster http://www.download.com/SpywareBlast...ml?tag=lst-0-1 Also, be sure to keep up with Windows Updates. After you install, restart and go back to check for more. Some updates trigger more updates. You might also want to bump up your IE security settings. Last, the best way to prevent this stuff is to simply be careful of what you are clicking on and what sites you go to. Anything from C2 media or Gator Corporation while you are online is bad for your comp. Anything that says "Your computer may be infected with spyware" is bad for your comp. A lot of times they will have popups that look like they are real Windows message boxes. Be careful and pay close attention to what the cursor looks like. A pointing finger is a linked popup, not a real message.

You also may want to try Google toolbar with popup blocker since many popups lead to spyware. While some say the toolbar itself is "spyware" because it reports back the sites you go to (for category listings and rankings and the such) and it updates itself automatically, it does nothing harmful to the computer, performance, or security and it is made by a reputable company. I have found the Google toolbar to be the ONLY safe search toolbar to have installed. I have used it for over 2 years with much success and no problems.

[evulish]

If you run Hijack This! and paste the log here, I can probably help you get rid of all the junk. It's one of the most useful tools I have ever used, but can cause some problems if you don't know what you're deleting. I've become the computer guy for my dorm's floor so I've been the one to disinfect people's computers and get rid of spyware. It's getting annoying :/

[Nate Smith]

I'm assuming the toolbar you're referring to shows up in IE, so here's a way around it...go into control panel, internet options...and go to the advanced tab. Look for the "Enable 3rd Party Browser Extensions" option and get rid of the check mark in it, then close out all IE windows and restart the computer. That should at least help the toolbar from doing anything, even if you can't get rid of it...

[Elgin Clock]

For pop-ups.. Downloading the Google toolbar helps. It's one more line on your IE window bar, but it prevents lots of pop-ups from coming over the internet.

It's not 100% effective, but looking at my google toolbar now, I have 1811 pop-ups that were blocked since I installed this toolbar and I have only had it since maybe march or april.

[JohnBoucher]

begin2search does show an uninstaller on their home page
http://begin2search.com/

I would start there. You might just get it off your system. Let us know how you make out.

[Adam Y.]

Quote:

Originally Posted by Matt Attallah

Ad-Aware not pick it up?!

Are your .Dat files up to date? Ad-Aware has "Ad-Aware SE" now out - running version 1.05. (As of 9-29-05). That is what I run and it picks up EVERYTING...

I couldn't help ya out any other way...sorry!

Hehehe... Ad-ware doesn't pick up the more serious forms of spyware.

[Raven_Writer]

I'd try updating all your products (virus scanner, spyware remover, etc...) to the latest database (and possibly the newest version if possible).


As for the IE Toolbar thing, I'd suggest just downloading another browser like Firefox, Opera, Mozilla, or anything like that.

[gobeavs]

Quote:

Originally Posted by Raven_Writer

As for the IE Toolbar thing, I'd suggest just downloading another browser like Firefox, Opera, Mozilla, or anything like that.

I don't see why more people use them...they have pop-up blockers, tabbed browsing, a lot more features than IE, and they don't allow a lot of the spyware that comes through with IE.

[Marc P.]

I've dealt with every form of spyware under the sun, from simple hosts file redirections to junkware replacing winsock DLL files, to browser hijackers and keyloggers. What you have here is a combo BHO (Browser Helper Object), and Toolbar. The first step to revival is to download HijackThis. Open it up, and click "Scan." As others have suggested, click "Save Log", open up that file, and copy/paste the results here for us to examine. Otherwise, in the checklist that comes up, check off anything that says BHO and Toolbar, and click "Fix Checked." It might warn you that you must close all IE windows for a BHO to be removed, so you'll want everything closed except HijackThis when you do that. After it's all set, try opening up IE, and see if it's gone. If it's still there, we'll have a look at the log file, and suggest some registry changes to manually remove the bugger. (I've noticed HijackThis can and does effectively remove toolbars from HKEY_LOCAL_MACHINE but not from HKEY_CURRENT_USER, and often I have to remove toolbar entries from there manually).

Good luck, and keep us informed!

Thanks, for all the help so far, but alas my problem is not fixed. I'm missing MSVBVM60.dll, so I can't run Hijack this. If you know of a reliable site that I can download a copy from, please post a link. The problem with this toolbar is that it doesn't show up in the processes list (In Windows 98, ctrl+alt+del doesn't bring up a complete list), and every time I turn on the internet, it trys to download all the malware again (reconfigured the firewall, so it catches most of it now at least). On the upside, I found another piece of the junk ("Abetterinternet.exe"), so as I write this list of junk, hopefully I'll eventually find the master program and nab it.
The using a different browser option actually sounds nice, but like I said, I'm really not good around computers, and I wouldn't know how to do that either or what would happen (like, does Norton AV configured for IE need to be redone?, etc...)
And trust me, the "Don't click that flashing prize window"...my little brother is never going to hear the end of this. (what type of seventh-grader goes to rumandmonkey.com anyways?).
All said, I wish I could buy a G5. or maybe install RedHat...not while the parents buy the computers though.

Thanks for all the help, keep it up! Michael Greenley, Team 341

P.S. The parent site for that is a scam that tries to download more malware from what I've gathered from reading other forums from google (which operates at my level of computer know-how)
P.P.S. something new (and not good) that started happening is that text is parsed into "Sponsored Links"...great. Like I didn't need this type of stress before the season starts (approx. 129 days until robot ship date and counting).

[evulish]

To get Hijack This! running, download the VBRun60.exe from here: http://support.microsoft.com/default.aspx?kbid=192461 and install it and reboot. Microsoft is a pretty reputable place to download stuff from