Well, this project certainly isn't getting easier! First, I could not get the Hijackthis download. I got a Cannot Find Web Page, so I checked the XP machine's ability to get to the Trend FTP download page. No problem. Quadruple-checked what I had typed on the W98 screen. No error. Then I went to Trend.com. While there, I did a Google search for HijackThis and got a 404 error: File not found with a Trend header. Then I sent Explorere Home and Googled HiJackThis again and chose CNET to get a copy. Other than everything seems to be taking a very long time, it eventually delivered Hijackthis. In between times (and I have seen this before) Trend's screen got hung, and I called task manager to see what might be causing it. "SMC" Not Responding. ANyone have any idea what SMC is?
So the inability to get a download directly from Tren Micro fails in exactly the same way as when I try to get something Clamwin from the Clamwin site. As before, I can get the item from SCNET of Hippo.
Anyway, on with the show: running the installer causes a really strange error. "Installation Directory must be a local hard drive". Well, of course it is, but I went through the selection again but to no avail. Hijackthis cannot be convinced that C:\program files is a valid drive. Something tells me that all these difficulties are caused by the same thing.

Try renaming the Hijack This installer to scanner.exe and try again.

Also, please answer the question in my last post (we cross posted).

SMC is related to Sygate firewall, and could be the root of your problems. Malware is still in the running, though, as some security sites are being blocked.

Try ZoneAlarm Free 6.1.744.1 instead. Reboot after uninstalling Sygate.

http://www.filehippo.com/download_zonealarm_free/907/

Apologies, Lipper. The W98 machine is FAT 32.

No problem. Continue on.

I still would like to know the contents of the Win 98 Hosts file. Below is my Win 7 Hosts file. See if there is anything there that resolves to 127.0.0.1, which is the local machine. Malware will sometimes do this to resolve security sites (downloads, signatures) to the local machine to prevent downloading or updating. You can view the contents in Notepad, Wordpad or something similar. There is no extension on the Hosts file--it is just named hosts.

Regards,


Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

The hosts file appears to contain hundreds of entries referencing the local machine and listing all the bad sites known to SpyBot Search and Destroy (as stated at the end of the list, where there is a copyright notice to that effect.
There is nothing at first sight that looks even like a legit address. If there is something (or things) buried in there that could be messing things up the only way I can imagine dealing with it is to clear the entire file, but perhaps I haven't grasped the reason for the file; I expected it would contain all the sites that are "approved" rather than a listing of the contents of Pandora's Box!
HijackThis: As mentioned, the installer sees C:\program files (its default instal location) as a non-local drive. Renaming the file to, say, Hijackthat.msi has no effect. The installer still sees the drive as non-local.
I have not had any luck with the Avast uninstaller. The instructions are to run that from Safe Mode, but there is an immediate warning that the program expects a more recent version of Windows. The PC then became locked up.
The patience you and GuitarBob have exhibited is truly remarkable, and is much appreciated!

I wanted to see if there were any legit AV sites that some malware had resolved to the local machine to prevent from contacting them, but I'm sure you would have seen them if so. Some of these AVs would certainly have been mentioned: Norton/Symantec, McAfee, Microsoft, Trend Micro, Kaspersky, or NOD32.

A couple of times when I have had remnants of a program that I have uninstalled that still remain, I have fixed things by re-installing the program and then uninstalling it again. In addition to following Lipper's suggesions, you might also consider uninstalling other security software and use an old version of the Zone Alarm firewall as Lipper suggested. Keep in mind that Malware does not necessarily target Win 98 now. It also will not hurt to clean things up a bit--maybe uninstall any program that you don't really need, defragment the hard drive, and run Disk Cleanup. See what happens when you have a cleaner machine.

Regards,

I have located a number of psuedo-legit looking sites in the Hosts file, including Avast and others, but they are never plain and traightforward, and look suspicious. There is never anything that simply says, say, trendmicro.com.
BTW I have previously run disk cleanup, scandisk and a defragmented the drive.
I will now double check that the old zonealarm is suitable for 98 and remove the Sygate.

Lipper, I have checked the 'runs on' info at the brothers dowlnload site and even versions 5 of Zonealarm show Win2000 as the earliest compatibility. Are you confident that 6.1.744.1 will run on 98? Just asking, before I yank out Sygate.

I'm running ZoneAlarm Free 6.1.744.1 on 98 right now. But then, Avast uninstaller runs on my system, too. All I can say at this point is to try it. If you don't still have your setup installer for Sygate, you could get another copy before uninstalling in case ZoneAlarm doesn't work out.

Lipper

Fair enough. Some progress was made today in that I tried to run Hijack again and Lo! what wouldn't work yesterday worked today. I have no idea why, except that obviously the machine had been rebooted.
I then duly removed everything I could positively identify as belonging to software no longer on the machine, and rebooted. Sadly, it made no difference to Clamwin.
BTW, Freshclam drives Sygate crazy, in that I am constantly getting meassages that an application has changed. That could be silenced, no doubt, but I thought I'd mention it.
I removed the Avast uninstaller.
I also ran another all day Spybot S & D, to no avail.
Right now I am running (I think) Norton security scan from the Symantic site (I decided not to put a copy of their freeware on the machine) Other than a great deal of screen flashing and actrivity on the Sygate graph, I can't tell if it is actually doing anything or not. I'll give it a few hours.

Gentlemen, again, many thanks for your efforts. I have replaced the Sygate firewall with ZoneAlarm (which appears to be identical to the software that CA was using as part of its security suite, and which I had to uninstall). ZA appears to run as you suggested, but I am getting 'warnings' to get the free upgrade because the version is obsolete and not supported. I set the reminder date out to 60 days. I do not have anything like the SMC Not Responding problems that oocurred with Sygate, but the PC still will not cooperate with the Clamwin updates. This seems a function of the website in question redirecting the request via another Explorer call, because the Explorer panel appears, does not fill in with address data, and then hangs. I have seen this now on one other site. It happened with both firewalls, identically. If you have any thoughts on this I would appreciate hearing them.
The good news is that Clamwin seems (it hasn't finished, and probably won't until 3 am!) able to scan the PC. After a day spent trying to debug the LAN (the problem was due to some operator errors compounding ZA's placing of the LAN address in the Internet zone, rather than Trusted). I now have Syncback copying the latest upgrade files, sent to the XP machine, over to the 98, and as Clamwin isn't asking about overdue updates, I assume it is working with the latest data. V .97 is back in use.
A final question: is there any reason to consider upgrading the 98 to 98SE. As mentioned, the machine is used primarily for storage, with occasional use on the Internet if two parties wish to surf at the same time. I don't know if any of the attributes of SE are deemed important upgrades and even though the upgrade disks seem to be available at a reasonable price, would I simply be inviting a bunch of grief performing it, for small or no gain? Thanks!

I have learned that "if it ain't broke, don't fix it!" If I had followed this advice, it would have saved me many problems on my computers over the years. I still tinker with my setup sometimes though, and about half the time, I have problems afterwards.

You can get Zone Alarm 4.5 at
http://www.oldapps.com/zonealarm.php?old_zalarm=6 on the web. The new one is at the top of the page. Version 4.5 is at the bottom.

Regards,

Thanks for the advice, Sir. I will follow it.
I regret to say that Clamwin failed to exit properly after many hours of working through the directories, and at some point it locked the computer. According to the task manager error message, the PC was "waiting for the Clamwin close program button", or words to that effect.
I hate to say it, GuitarBob, but I think it's time to fold. Thanks to both of you for your efforts; much appreciated.