ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Clobbered by malware and now can't update Clamwin
faster


Joined: 03 Mar 2012
Posts: 13
Reply with quote
Four days ago, something hit my system real bad. I was rebooting after being online, and the black/white window suddenly showed geek symbols in squares of many colors. I knew it probably wasn't good news. It wasn't.

My system was pfutzed up royally and I had to do an overlay reinstall of the OS (98SE). Fine, except for one little thing. It made my D: drive the root drive. Many files and folders appeared gone, like Sysbkup, an important folder, and that meant I couldn't revert to the prior install, either.

I won't go into the details of all I had to do during those two nightmarish days. I struggled and tussled with it for two days and finally got the OS reinstalled, and somehow with the root drive back at C: The missing files were back, too.

But my travails weren't over. Many programs had to be reinstalled, including Clamwin. After which it took another whole day to be able to get back online. When I did, and tried to get the Clamwin definitions, it diddled a moment and said, "Completed." With nothing downloaded. After saving the report of one word, I closed the download window and got a popup about not having gotten updates for over 5 days. I just HAD tried to, and got nothing, so I tried again. Same result. So I reinstalled Clamwin and tried again. Now it tells me there was an error and I should check the report. It was the same one-word report. Really helpful, that.

So what should I do? There's no question I had a nasty infection, and now I can't get the definitions in order to find it and kill it. My Clamwin only has whatever definitions came with the install program. The version I installed was 97.3, which had been working fine, until...

This thing has clobbered me in a dozen different ways, and I've gotten past them all - until now. It's still there, lurking, and laughing at my hapless state.

Needless to say, this malware has burned my bacon.

Somebody please help! Advise me what I can do. Knowing I have an infection makes me feel filthy and crawly inside. I don't know what programs I can trust or anything. Bummer.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
ClamWin does a good job of finding viruses (if it has their signature) just downloaded on your computer. If they become active, it can't help much. The problem is that there aren't too many AVs available for Win 98 now.

Can you get into Windows Safe Mode? I do not remember if it was available with Win 98. You hit F8 every second or so when you start up your computer until you get a menu. At the menu, select Safe Mode With Networking, which should let you update ClamWin. Many viruses can't hide in Safe Mode, so an AV may be able to find them. If you can update, then do a scan of the entire computer. If that doesn't work for you, try a new install of ClamWin in Safe Mode, but uninstall your existing version first. If that doesn't work, get Dr. Web's Cureit at http://www.freedrweb.com/cureit/?lng=en on the web. It used to work on Win 98, and I think it still does. Be sure to read about how to use it. The new Cureit version is very good--it stops everything on your computer while it scans--be sure to select that scan option if you can (I think it is the default).

Once you get things cleaned up, look into the free Clam Sentinel program at http://sourceforge.net/projects/clamsentinel/ on the web. It was designed with Win 98 in mind (the developer is a Win 98 die-hard), but it can't help you until you get the computer clean. Sentinel lets you use ClamWin in a real-time mode, and it has its own heuristic scanning engine to find new viruses for which ClamWin does not have a signature.

Let us know back here how it goes. You still have some options. Good luck.

Regards,
View user's profileSend private message
faster


Joined: 03 Mar 2012
Posts: 13
Reply with quote
Thanks very much. I'm about to try your suggestions. Yes, W98SE does have Safe Mode. The one time I tried it, though, it wouldn't go online for some reason. But I'm hopeful. I'm going to upgrade the OS soon, simply because it's forced on us 98 users, but I hate having to. Didn't someone once say "if it ain't broke, don't fix it"? But now, even not broke, the features online deliberately exclude W98, and I find it unprincipled. They ought to just upgrade 98 with patches, but it isn't as profitable.

I was kinda hoping you might have a downloadable virus definition database that was self installing, and wouldn't require the interface provided in the main application. Oh, well.

I've also downloaded CureIt just in case. Besides, an extra security option is always good, since hackers and malware spewers are getting more innovative every day. It's like the Cold War, where one side comes up with a good weapon - until the other side comes up with something that either makes it useless or is a better weapon. On and on. This is one reason I will never consider using social media. It's asking to be clobbered. Long ago, I realized that NOTHING one does online can ever be totally secure. I keep nothing personal and private on my PC at all, and never buy anything online.

I do have one question about Clamwin. When it was working (and it worked very well), it would never scan my swap file. At the end of the scan, it mentioned the file and said "Permission denied."

By WHOSE authority? I'm the only one who uses my PC. Any "permissions", denied or otherwise, are MINE to make, and I'd never exclude the swap file from a scan. So what "gave" the order to deny permission? Is it merely a feature of Clamwin itself? If so, I hope they'll remedy that, because the registry can easily become littered with malware.

Consider that a recommendation! And I have another: to make it possible to scan the PC in pure DOS. I like your suggestion of scanning in Safe Mode, though. That's almost as good.

I'll be back if I have any trouble following your suggestions.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
A permission denied to scan a file is normal for some files--especially Windows system files. It usually means the file is active when ClamWin is scanning.

Cureit is a very good cleanup scanner. Just update it 2/3 times per week to keep the signatures current.

See the ClamWin FAQ at http://www.clamwin.com/content/view/58/27/ to get a location for a manual download of the main and daily ClamWin databases. The daily database is all that usually changes, as the main database is only changed several times per year--maybe every three months.

You can get some Win 98 software to help it perform better. Do some Googling for Windows 98 user groups or Windows 98 users. I came to ClamWin back in 2006 when AVs started to drop support for my Win 98 SE, but I have since moved on to newer versions of Windows.

Good luck!

Regards,
View user's profileSend private message
Oh, well...
faster


Joined: 03 Mar 2012
Posts: 13
Reply with quote
Thanks for the location of the manual definitions. I discovered that my Clamwin already IS up to date except on the daily ones. For what good it's worth. I can't even scan memory till I fix this.

Well...it was a nice try.

I know, for sure, that there's a way to go into Safe Mode with network access, but I can't get it to work. I have my machine set to list the boot options every time, because I never know when I would want to use one, but it doesn't include Safe Mode with network access. I've only "bumped" into it in the past, but don't remember how it came about. It was just added to that list at such times, and I did try it once, but something went wrong and it didn't work. Now, I can't even FIND it, and the help files - as usual - are no help at all.

Do you know how to get the bootup list to include Safe Mode with Network Support?

So I gave up and tried Dr. Web. Maybe there's an older version of it but the one I downloaded said it "expects a newer version of Windows." So much for using it with W98SE. I wouldn't know how to find an older version that did work with my OS. Do you?

In Safe Mode, I uninstalled and reinstalled Clamwin. No help. Not only that, the uninstall did not remove the definitions I'd updated before the clobbering. So was it actually uninstalled, or maybe not? It did no good, of course. In Safe Mode, Clamwin is just as useless right now.

Other than formatting C, which I might do anyway soon, but am not geared up for it, is there anything else I can try? I want to hear you tell me there is something else I can do, but I'm thinking only a format will do the trick. It'll take DAYS to get my data saved properly.

I'm going to try to install AVG Free and/or Avast! free. Those were good, but may not download updates if I use the older versions that still work with W98SE. I quit using them because it got so hard to get updates, but I still have the installers. What else can I do?

Well there's one thing. I can think of the creep that attacked my PC and wish that the fleas of a thousand camels would infest his armpits.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
No, I don't know how to get Network Support in the Safe Mode bootup list if it is not there already.

I believe I have heard that Avast 4.8 will work with Win 98.

I am going to tell a Windows 98 die-hard about your problem--Andrea Russo, the Clam Sentinel developer. He may or may not be able to help. If he can, he will join this thread. I suggest you begin saving your most important data now--just in case.

I don't know if F-Secure's rescue CD will work for you, but try it before reformatting/reinstalling. Here is the link at http://www.f-secure.com/en/web/labs_global/removal/rescue-cd on the web. You download the rescue CD file and burn it to CD as an ISO file. It boots up in the Linux OS and contains a Linux version of their AV. You need a wired (not wireless) connection when you use the CD so it can update the signature files. It makes use of a ramdisk. Read the manual/setup guide before using it.


I don't know if those virus guys even have armpits!

Regards,
View user's profileSend private message
faster


Joined: 03 Mar 2012
Posts: 13
Reply with quote
I tried to download Avast 4.8. The latest I had that used to work is 7.5. But my malware seems to be very efficient. It won't let me download AV programs, or if I do, during the install process it stops, with a message about a buffer overrun, or something like that. Can't do it. The malware won't let me.

As for Formatting C, worry not, I'm used to it. I've done it too many times to count, especially this last year and a half, when I've had to deal with hacking that was geared at silencing me online. Someone REALLY doesn't like what I write. But I'm sort of used to that, too by now, with ways to get around it. In fact, the hacker may have dumped this on me. Sort of as an extra bonus.

I think I'm gonna have to format. First, I have to find a way to save my e-mails and then put them back after reinstalling Thunderbird, and I'll have to also save my bookmarks, desired cookies and NoScript decisions, so I can put them back, too.

Maybe after that, the erratic behaviors of Firefox will be gone, too.

Keep this thread open, though, please, because if my intruder hangs on through formatting, I'll be back! Some malware I've had has survived multiple formats, and no AV program has yet found them, either.

I'm gonna get myself fired up for formatting by making something special for dinner!

In case I don't return, thanks for all your help. You're a peach. But I would like to ask a few things of your diehard W98SE guy. I'll try not to fall in love with him, but I've had long unanswered questions he may know the answers to.

Hasta luego for now,
Holly
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
I suggest you wait for a day or two to see if Andrea Russo has any suggestions. In the meantime, see if you can do some cleaning on your computer. Try to uninstall all programs that are not needed. I don't recall if Win 98 has a Disk Cleanup, but at least delete the recycle bin and disable System Restore (if Win 98 has one). If it has a Task Manager-taskmgr.exe (I forget), you can run that to see what programs and processes are running--you might be able to research them and find a some bad ones that you can temporarily disable (End) and then update and do some AV scans. Finally, you might download and install ClamWin Portable on a USB (if possible from a "clean" computer) from http://portableapps.com/search/node/ClamWin+Portable on the web. If you run it, Quit ClamWin first and then update ClamWin Portable. Since it will be on USB, a virus may not be able to deal with it.

My last suggestion: make a Ultimate Boot Dist for Windows (UBD4Win at http://www.ubcd4win.com/howto.htm on the web) based on Win 98 from a "clean" computer. The operating system will be on CD--not on your computer, so you can boot up with it and then use ClamWin Portable from your USB or install/run any AV that will run on Win 98 (Avast 4.8, an old version of AntiVir's Avira, or something else). The virus will not be active under the OS on the CD, and ClamWin should work if it has the virus' signature (unless it is a Master Boot Record Virus).

Good luck!

Regards,
View user's profileSend private message
I'll wait, and meanwhile follow some of your suggestions
faster


Joined: 03 Mar 2012
Posts: 13
Reply with quote
Okay, glad to wait. In preparing to format, I'll move programs and files to my D: drive, then disconnect it in BIOS entirely while I format C and reinstall things carefully, one by one. I've got to find a way to save my e-mails and my bookmarks for Firefox, as well as the many choices I've already made with NoScript. Still working on those.

As for the Recycle Bin, I have kept it set for several years to delete automatically. I know any files put in the bin will still be on my machine somewhere when I "empty" the bin, and if that includes some malware, it'll be there, too. So I merely exercise care in deleting stuff. If I have any SMALL reason to suspect something, I don't delete it at all - I use Spybot's shredder.

This kid is disabled, lives in Mexico on SS, and am comfortable but with little discretionary income. I have no USB devices so far. Not only that, I know some of my problems are due to low RAM - I have only 256, and it's DIMM memory, and old. Most of my equipment is fairly old, but at least C: has no damaged sectors yet. I'm planning some hardware upgrades, but it'll be a few months yet. The problems attributable to my hardware aren't devastating; just inconvenient.

There is no system restore on W98SE; that came out first with XP, which I tried and hated.

However, it isn't merely money that keeps me holding onto W98SE. It is the highest OS that still accommodates some of my favorite apps and games. I couldn't LIVE without Icon Lock and the original TweakAll. Kids in the neighborhood are particularly fond of the old DOS games, and I admit that I am partial to them myself. If only the newer OSs would accommodate legacy DOS stuff, I'd have upgraded long ago. I've heard Ubuntu is pretty accommodating, and when I upgrade my hardware, I'll consider using it. I once tried using DosBox, understood little of it, but got some results. But they were wildly disappointing. Can't use it for IconLock and TweakAll, which have to be available at all times. IconLock has to be included in bootup. Nor do I have the least interest in the many bells and whistles of newer OSs; I'd rather not have them, and usually can't be RID of them. The simplicity and straightforward qualities of 98SE are distinctly preferable.

Somewhere on my CDs I have a copy of the Ultimate Boot Disk. Isn't there some way, though, to run Windows straight off of the installer CD? That might help. I've tried creating a RAM drive long ago, but didn't have the expertise to know how to use it, and, as usual, help files were no help. But your suggestions only apply to a CLEAN PC, which I surely do not have at the moment.

It's GETTING clean that I'm concerned about now, and I hope to goodness my culprit is NOT a Master Boot Record Virus. If need be, though, I can pay a local expert to fix up my system. I'd rather not be without my computer for a week, though. And then there's the cost of it. I'll do it, though, if there's no other option. I had to go to the expert when some other malware knocked out ALL of my IRQs, IOs and memory numbers, and made my CDs inaccessible. He fixed it by flashing my BIOS (something I wouldn't DARE try), so he can probably fix this, with the hands-on advantage that he'd have. But I'm an independent cuss and prefer to solve my own problems when possible. I also like to know the nature of my malware, HOW it got past my security measures, and precisely what it DOES, and how it does it. These are important to help me know how to keep it from hitting me again, later.

I'll be checking back to see what input can be had from Andrea Russo. Again, thanks so much.
View user's profileSend private message
aru


Joined: 09 Jul 2009
Posts: 42
Location: Italy
Reply with quote
For first it's very easy to save Thunderbird settings, you must to copy and the restore the folder c:\windows\profiles\...\Application Data\Thunderbird

Then you can try of use the verify of system files that you have into the Microsoft System Information utility (start -> programs -> accessories...), with this program you can also to check autostart programs.

Another possible solution is to try of reinstall win98 on the current system.

But the only real solution is to make periodically a backup of the system (I made a backup every 15 days and I save the backup into an external usb hdd) with the Backup utility available on Win98SE:

ftp://mysql.online.bg/docs/html/OS/windows_98_professional_reference/ch20/ch20.htm

it's very easy to restore the backup: you install a new win98se system and when the first installation is finished you can to restore the backup, at the end the system is fully restored.

You can find more helps on these two active forums of win98se users:

http://www.msfn.org/board/forum/91-windows-9x-member-projects/

http://www.msfn.org/board/forum/8-windows-959898seme/

aru
View user's profileSend private message
Clobbered by malware and now can't update Clamwin
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic