Hey all.

Been running SD for many years on this Win98SE System.

I'm a computer tech of some skill, and am stumped.

I never see any viruses/trojans/spyware until today. I noticed a popup that AVG blocked about a Netscape Plugin. For some stupid reason I didn't write it down, but it was a plugin in the Netscape 7.2 folder that AVG apparently deleted when I clicked 'heal'.

I immediately ran S+D (1.4), ran the update, immunize, and then when it executed it hung up the system.

Reinstalled 1.4 from a few weeks back and ran the standalone update .exe files that brought it current to 3-27-07. Scanned the system and it found one minor thing (again didn't write it down...somebody shoot me..lol) which I fixed.

Ran an update, and when it tried to execute, it just froze the system, and I finally was able to kill it with CtlAltDel.

Downloaded the current 1.5 version. At the point where it says start using the program, I hit OK, and system hung again.

When I try to execute it, the system hangs.

Also I've noticed that Netscape will not download files anymore, even after I deleted the Netscape folder and reinstalled it..........

Starting to suspect some type of rootkit. Unfortunately for me, most of the tools available don't run on Win98.

Any help appreciated. I'm comfortable with editing the registry, and anything else you all can think of.

Btw, the Shell open commands are ok for exe com, bat, etc, but that's to be expected since that's not the problem I think.

I did run the CoolShredder tool, but it didn't find it.

Also ran a complete scan of current AVG and nothing was found.....z

I think this is somehow related to Netscape in some way...something snuck in I think, but don't know.....

PS. SpyBot runs if I update with only the immu database, and all the signature files only.

Just remembered something......sorry...been working on this for 8 hours straight now.

When I first ran SD, it would automatically stop running about 10% into the scan, and say that "user aborted"..........This is so weird........z


Just now running it again. Immunize: 6608 blocked, 6 more available. Hit immunize, and now 6614 are blocked. BUT when I click on Immunize on the left side, it repeats: 6608 blocked 6 more available.....those 6 won't stick for some reason.

Just now got an warning " There were problems in the include file - \includes\Trojans.sbi." See errors.log.

I can't find any errors.log file in the SD Folder, OR on the C: drive.

Scan finished with no threats found.

On current update screen these haven't been installed:

Detection Support Lib 2.1.2
Startup info
TCP/IP Settings plugin.

If I update those, it won't run.................z

Well, back at it. Contents of Include Errors.log:


C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\Includes\Trojans.sbi | Zlob.DNSChanger | (85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+


z

zardiw:

I'm a little confused over just were exactly you stand (Spybot 1.4 vs. Spybot 1.5). If you are running Spybot 1.4 then:
Download and execute the following item from the Downloads (http://www.spybot.info/en/download/index.html) Web page:
TCP/IP Plugin 1.0 - product description - product description
md5: 7FD95B7E814EA2F56AEACE3613B4A0E9

Needed only for version 1.4, not for 1.5 currently!
This adds capabilities to find and replace malicious network settings. Only needed if you do not want to use the update function integrated into Spybot-S&D.


The direct download link is:
http://www.safer-networking.org/files/spybotsd_tcpip.exe