Tom's Hardware > Forum > Windows 95/98/ME > Windows 95/98/Me General Discussion > VIRUS! What to do?

VIRUS! What to do?

Forum Windows 95/98/ME : Windows 95/98/Me General Discussion - VIRUS! What to do?

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!

Related content
Forum
News
Review

See all topics related to "virus"

Ask the community Add a reply

Bottom Search this thread

I've cleaned many a virus from clients' computers, mostly Word Macro viruses. I've cleaned maybe 3 or 4 viruses off my own system but the virus that I just seem to have found has me worried.

Symptoms

1) Windows 98SE MSINFO32's Version Conflict Manager shows most files as having a backup date of 9/11/01 !!!!

2) Most files in the folder, \windows\vcm, have a date/time stamp of 9/11/01 1:55 PM. The folder has a stamp of 9/11/01 1:53 PM.

3) Many folders on my C: partition have a date/time of 1/1/00 12:10 AM.

4) McAfee Viruscan detects the Reg/Seeker virus in one file only, SP.DLL in the Windows folder. (What is this file?) The version of Viruscan (4.0.3) I have is very old and is no longer supported by McAfee but the detector obviously still works. The DAT file, dated 3/5/2003, is up to date. My previous DAT file which was overdue for an update, being a couple months old, could not detect the virus.

The description of the Reg/Seeker virus at McAfee.com has me concerned that it might not be the virus causing the symptoms I'm describing since my symptoms weren't mentioned.

I'm wondering if I have an unscanned/uncleaned virus still on my system.

5) About a month ago I started having problems reinstalling the Radeon drivers. No matter which drivers (going back to pre-Catalyst) I try to install I get a VXD error.

I can manage to install the drivers two ways. A) In Safe Mode. B) by deleting all files begining with ATI... from the \Windows\system directory and running the installer normally. I still get the VXD error but the drivers do at least install.

6) I can't run any DirectX 8 or 9 applications unless I run a DirectX 7 application first, then the others will work. If I try to run a DirectX 8 or 9 application without doing this I get the following results

3DMark2001 reports, "3DMark2001 SE needs directx 8.1 and proper drivers installed in order to run"

BF1942 says, "BF1942.EXE file is linked to missing export DSOUND.DLL:11."

UT2003 Demo - BSOD (Blue Screen of Death)

I repeat, If I run a DirectX 7 application first then the above apps work without problems.

Has anyone heard of this Reg/Seeker virus? How about the symptoms that I described?

Do you think this is just some sort of prank virus or do you think it's something I should seriously worry about? something that will do real harm later?

I don't even know if the symptoms are all related.

99% is great, unless you are talking about system stability

Add a reply

I think Norton is a lot better than McAffee. I kept getting virus after virus with McAffee.

I would go to symmantic's website and search for a 911 virus or something similar. See if you can find a name for the virus and what it's intentions are.

Download the 30 day trial of norton NAV and see if it finds anything.

A fresh install of windows can't hurt either.


<A HREF="http://kevan.org/brain.cgi?dhlucke" target="_new">The French are being described as cheese-eating surrender monkeys.</A>

Reply to dhlucke

I used to have problems with McAfee so I use Norton. Maybe you should try some of the online scanners to see if they detect anything.

There is no failure when you believe in success.

Reply to orbz

Thanks for the suggestion. I didn't think about online scanners.

I'm making progress, well not really. I tried Bitdefender and it reported this.

"C:\WINDOWS\Downloaded Program Files\SETB2A0.TMP/(UPX) infected: Trojandownloader.Small.J"

The problem is Bitdefender didn't give me the option to clean or even delete the file. Further, I can't find the file at the mentioned location. A search doesn't even find it.

So how do I get rid of the infection, short of a clean install?

99% is great, unless you are talking about system stability

Reply to phsstpok

I did "9/11" and "911" searches but they don't seem to lead to anything relevant.

It's tough tracking down information when you know (or think you know) the symptoms but don't know the name of the virus.

99% is great, unless you are talking about system stability

Reply to phsstpok

Download the 30 day trial of NAV and see what happens.


<A HREF="http://kevan.org/brain.cgi?dhlucke" target="_new">The French are being described as cheese-eating surrender monkeys.</A>

Reply to dhlucke

Maybe you should give NAV a try. I searched the <A HREF="http://www.sarc.com/avcenter/venc/auto/index/indexT.html" target="_new">Symantec</A> website and the closeest name I can get to the virus is:

Trojan.Downloader.Aphe
Trojan.Downloader.Cile
Trojan.Downloader.Inor

I couldn't find it on the Bitdefender website.

There is no failure when you believe in success.

Reply to orbz

I'll give it a try when I have the time to download it.

It's a 40MB+ download and I only have a 56K connection.

99% is great, unless you are talking about system stability

Reply to phsstpok

Maybe you can try their <A HREF="http://security.symantec.com/ssc" target="_new">online</A> scan first.

There is no failure when you believe in success.

Reply to orbz

Thanks!

For some reason I couldn't find Symantec's online scanner.

Scanning now...

99% is great, unless you are talking about system stability

Reply to phsstpok

Panda has an online scanner, too ...

<A HREF="http://www.pandasoftware.com/activescan/com/activescan_principal.htm" target="_new">Panda ActiveScan</A>

Toey

First Rig: <A HREF="http://www.anandtech.com/mysystemrig.html?rigid=17935" target="_new">Toejam31's Devastating Dalek Destroyer</A>
Second Rig: <A HREF="http://www.anandtech.com/mysystemrig.html?rigid=15942" target="_new">Toey's Dynamite DDR Duron</A>
________________________________________

<A HREF="http://www.btvillarin.com/phpBB/index.php" target="_new">BTVILLARIN.com</A> - A better place to be. :wink:

Reply to Toejam31

No detections from Symmantec or Panda online scanners.

If it weren't for the symptoms I've already seen I would tend write off the Bitdefender detection as a false positive.

Guess it's time for a clean install. First one since I built my system 2-1/2 years ago.

99% is great, unless you are talking about system stability

Reply to phsstpok

Speaking of Panda, Toey... have you upgraded to Platinum Antivirus 7? I did back in February... and really like it so far.

 If you design software that is fool-proof, only a fool will want to use it.

Reply to Zoron

Yeah, I picked it up last December, and the interface is much better, plus the memory load has been eased considerably, which is nice for those people who want all the permanent protection features. And the 24/7 e-mail support for any suspicious files is really outstanding (and fast) ... I've used it on a couple of occasions and I was pleasantly surprised at the speed of the response (less than 15 minutes for an answer in both cases.) My only real gripes are that once the program is updated, you can't make the rescue disks because the signature file is too large to fit on the third floppy in the series. The only version I've used that could correctly make the disks was 7.02.00. Secondly, they could use a little work on the update server(s), which sometimes has a few problems balancing the load.

I was told that they are are currently working on a solution to the rescue disk issue, and will implement an upgrade in the future to correct the problem.

But as for the program itself, after using this, there's certainly no way that I'd ever move back to an AntiVirus like Norton. Panda is definitely the superior product. Even the website is easier to navigate. And if you've ever had to search for information at Symantec, you can really appreciate the difference.

Now if they'll just add an option for a Eudora mail profile, (and perhaps the online HTTP servers, like Hotmail and Yahoo!) I'll sing their praises to the rooftops, and pre-install it on all my customer's systems as part of the package. That would be very cool.

Toey

First Rig: <A HREF="http://www.anandtech.com/mysystemrig.html?rigid=17935" target="_new">Toejam31's Devastating Dalek Destroyer</A>
Second Rig: <A HREF="http://www.anandtech.com/mysystemrig.html?rigid=15942" target="_new">Toey's Dynamite DDR Duron</A>
________________________________________

<A HREF="http://www.btvillarin.com/phpBB/index.php" target="_new">BTVILLARIN.com</A> - A better place to be. :wink:

Reply to Toejam31

Ask the community Add a reply

Tom's Hardware > Forum > Windows 95/98/ME > Windows 95/98/Me General Discussion > VIRUS! What to do?

Go to:

Help |
Forum rules

There are 1139 identified and unidentified users. To see the list of identified users, Click here.

Related content
Forum
News

See all topics related to "virus"

Page generated in 0.143 seconds

Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel

Focus On

VIRUS! What to do?

Forum Windows 95/98/ME : Windows 95/98/Me General Discussion - VIRUS! What to do?

Please mind