Jump to content


Photo

Dilemma


  • This topic is locked This topic is locked
43 replies to this topic

#1 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 07 September 2005 - 12:12 PM

Hi all! :wave:

I'm not sure if this is the right place to post, but here goes.
My OS is Windows 98SE.
For the past week or two I have not been able to get HijackThis
to run. I've looked elsewhere for help(PM me for the link), but
no solution was found--tried uninstalling/re-installing Visual Basic 6,
downloaded the run time library, and even tried an older version of HJT but
none of these worked. What happens is every time I try to run HJT, a dialog
box shows up that says "Unexpected error".
I don't know what the next step would be besides uninstall/reinstall Win98 or reformatting--which I can't do because the Win98 install disk is missing. :oops:
Any advice given will be greatly appreciated.


Dee
"Gort! Klaatu.. barada.. nikto!"

#2 dave38

dave38

    Devout Murphyite!

  • Retired Staff
  • PipPipPipPipPip
  • 8,508 posts

Posted 07 September 2005 - 12:19 PM

There are some types of malware, that can detect Hijack this, and close it.
Try renaming Hijack this to rubbish.exe and then see if that will work.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 07 September 2005 - 12:26 PM

Hi dave38, and thanks for the quick reply! :)
Tried renaming, but the same dialog box shows up.
"Gort! Klaatu.. barada.. nikto!"

#4 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 13 September 2005 - 05:44 PM

Hi again, :wave:

I know that you folks are very busy helping with other issues, but
I just wanted to ask a quick question: Is there any other program
out there that works like HijackThis?
I ask this because HJT still doesn't
work on my computer and I really liked using it--
it was like my "security blanket"(HJT that is). ^_^

Any reply is greatly appreciated,

Dee
"Gort! Klaatu.. barada.. nikto!"

#5 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 20 September 2005 - 09:11 AM

Hi there :)

You could give a try to : http://www.hijackfree.com/en/

It's not HJT, but has features that allow you to review & modify the specific areas of the system that you are likely interested in.

In the meantime, it would be a good idea to run an online scan here (using Internet Explorer)... http://www.kaspersky...kavwebscan.html

Although you have probably already got this file courtesy of VB Runtime, it's worth downloading [msvbvm60.dll] and placing it into the Windows\System directory. Albeit, you would probably recieve a relevant error message if it were the problem, but anything's worth a try when you're in the mire.

HTH,
M_M

Edited by Mere_Mortal, 20 September 2005 - 09:12 AM.


#6 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 20 September 2005 - 04:58 PM

Thanks Mere_Mortal! I will give it a try. :)
"Gort! Klaatu.. barada.. nikto!"

#7 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 20 September 2005 - 05:20 PM

You're Welcome :) Let us know how things go.

#8 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 20 September 2005 - 08:18 PM

Hello Mere_Mortal :),


Although you have probably already got this file courtesy of VB Runtime, it's worth downloading [msvbvm60.dll] and placing it into the Windows\System directory. Albeit, you would probably recieve a relevant error message if it were the problem, but anything's worth a try when you're in the mire.


I downloaded msvbvm60.dll and the only message I got had to do with overwriting
the .dll file I already have--I let it overwrite, but HJT still gives the same message.

I also downloaded Hijackfree, but have no idea what to do with it. :blink: The Kaspersky scan didn't find anything.
"Gort! Klaatu.. barada.. nikto!"

#9 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 20 September 2005 - 08:31 PM

It was always likely that the DLL file already existed, so that was a long-shot.

With Kaspersky not finding anything, I'd be inclined to say malware is not an issue, except HJT is not working. And without seeing some form of logfile, I won't take it for granted.

What you could do with HijackFree is open the program and just above the left-hand pane, select to "Analyze". A browser window will open with the results. Then go to File > Save and attach a copy of the saved file to this thread. This will at least give an indication as to whether anything that's running might be causing a problem.

Regards.

#10 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 20 September 2005 - 08:35 PM

Okay, I'll be back with the results. Thanks for helping me. :)
"Gort! Klaatu.. barada.. nikto!"

#11 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 20 September 2005 - 08:36 PM

No worries at all :)

By the way, you will need to either compress the webpage into a zip file or rename it as a textfile in order to upload it.

#12 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 20 September 2005 - 08:59 PM

Okay, here it is. I hope I didn't mess up anything.


Edit: I don't know what happened. I clicked "Add This Attachment" and nothing
showed up.
:blink:

Edited by DeeEss, 20 September 2005 - 09:02 PM.

"Gort! Klaatu.. barada.. nikto!"

#13 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 20 September 2005 - 09:01 PM

It's not showing ;)

#14 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 20 September 2005 - 09:05 PM

Did you compress or rename the file?

#15 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 20 September 2005 - 09:05 PM

I know. :lol: What did I do wrong?
"Gort! Klaatu.. barada.. nikto!"

#16 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 20 September 2005 - 09:15 PM

No idea. If the file was in an acceptable format, it should've uploaded without a problem. Mind you, it seems like there's an 82 kilobyte limit on the size, so maybe that's the issue?

#17 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 20 September 2005 - 09:17 PM

I renamed it as a .txt file. I also looked at it and it looks like HTML code.
Maybe I should have compressed it, but I'm an ignoramous when it come to that. :hmmm:
"Gort! Klaatu.. barada.. nikto!"

#18 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 20 September 2005 - 09:22 PM

Yes, it is a HTML document and might well be over 80KB...so compressing it might be the answer.

#19 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 20 September 2005 - 09:31 PM

Okay, I'll just run HJF analyze again and try to compress the file.
This may take me a while since I've never compressed any thing before(I'll be using
WinZip, btw :)).
"Gort! Klaatu.. barada.. nikto!"

#20 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 21 September 2005 - 03:54 PM

Hi :)

I think I've finally got the hang of this, so here goes:
"Gort! Klaatu.. barada.. nikto!"

#21 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 22 September 2005 - 01:05 AM

Excellent. Although there's something showing up that require attention. However, as I'm only a Trainee on this board, I can't offer any advice until an Expert gives me the go-ahead. I will propose a response tomorrow for removing what these results have exposed and as soon as I have permission I will post back to you with instructions.

But for now, it's 8am and time for bed!

Regards,
M_M

Edited by Mere_Mortal, 22 September 2005 - 01:14 AM.


#22 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 22 September 2005 - 02:05 AM

I've posted a proposed response and will have a reply in good time. I shall hopefully be able to post instructions to you within around 24 hours.

#23 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 22 September 2005 - 04:23 PM

Okay, Mere_Mortal. I'll wait for your reply. I hope that whatever it is you've found
isn't very serious.
"Gort! Klaatu.. barada.. nikto!"

#24 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 22 September 2005 - 05:05 PM

Well, it appears to be some average Adware, but if that's the reason for HJT not running, then that in itself is serious enough. But as with most Adware, it is hardly anything that would be considered a financial concern like dialers, or even anything that might capture login credentials for banking sites or say eBay or Paypal. The main issue is Privacy if anything and the irresponsible nature of directing your browser to their websites, which most Adware would do.

Anyways, I'm still awaiting a response for my proposed instructions, so I'll have them posted to you as soon as I possibly can :)

#25 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 22 September 2005 - 07:48 PM

Hi there :)

Please download Atribune's Blockrem from [here] and also [CleanUp]
  • Unzip BlcokRem it to its own folder on your desktop.
  • Boot your computer to safe mode by rebooting and tapping the F8 button repeatedly until it brings up a boot menu. From that menu, select Safe Mode by using the arrow keys to highlight it then pressing enter.
  • Once in safe mode open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.
  • Once it is running please follow the onscreen instructions.
Open CleanUp and select the option to Clean temprary files from you system. This may remove additional malware and possibly free up considerable hard-drive space.

Whilst still in Safe Mode, please perform full system scans with Spybot S&D and Avast.

Once these are complete, attempt to run HijackThis. If it works, perform a scan and save a logfile. After this, reboot back into normal mode and rescan with HJT if it works. Assuming it does, save another logfile, over-writing the previous. Please then post back with its results.

#26 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 23 September 2005 - 12:22 AM

Hi Mere_Mortal,
Sorry for the late reply. My son had a school project where he had to get on-line and he didn't finish until now. :hmmm:

Okay, I'll do as you instructed--just one question: is CleanUp like CCleaner?
I ask this because I have CCleaner installed on my computer(apologies for not mentioning this before).
"Gort! Klaatu.. barada.. nikto!"

#27 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 23 September 2005 - 05:15 AM

Good Morning :),

I ran Blockrem and an error message showed up:
Cannot import blockrem.reg: Error opening the file.
There may be a disk or file system error.


I ran CleanUp and got rid of temporary files and ran
Spybot(it didn't find anything).
Three hours of scanning with Avast also found nothing--and it froze
for some reason. :blink:
I tried using HJT, but no go--still the same "Unexpected error" message.
Will wait for more advice/instructions.
"Gort! Klaatu.. barada.. nikto!"

#28 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 23 September 2005 - 07:03 AM

Oh crikey, something isn't happy, eh?

CrapCleaner is just as good for the job, as long as you have the settings how you want them.

Anyway, please download [SilentRunners] You will most likely also need to download [WMI CORE] although you should be directed to this page by the VBS script. Once WMI is installed, re-run SR and allow the script to dump a report to notepad, for which I would like to review its contents.

We will come to Block-Checker, but it might have to be dealt with manually, I'll see what the Experts say about that though.

Just to be on the safe side, give another run to [Kaspersky WebScan]

Regards,
M_M

#29 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 23 September 2005 - 11:03 PM

Hi M_M,

Will follow your instructions to the letter and post the results when
finished. :)


Dee
"Gort! Klaatu.. barada.. nikto!"

#30 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 24 September 2005 - 12:11 AM

Well, that was odd. I tried to run SR and this showed up:

WSCRIPT caused an invalid page fault in
module WSCRIPT.EXE at 0167:00403e31.
Registers:
EAX=00000000 CS=0167 EIP=00403e31 EFLGS=00010202
EBX=00000000 SS=016f ESP=0065fbd8 EBP=0065fd9c
ECX=00530204 DS=016f ESI=00530204 FS=10a7
EDX=0043003c ES=016f EDI=005301fc GS=0000
Bytes at CS:EIP:
8b 08 ff 51 08 8b 56 28 8b 1d ec b4 41 00 52 ff
Stack dump:
00000000 80028019 00530204 00000000 00403de8 005301cc 004077fa 00000001 0040445d 00530210 00402fc2 005301fc 00000000 005301cc 00000000 00403579


I then installed the WMI CORE, re-started the computer, and tried SR again.
The same "invalid page fault" error showed up again. :huh:

I'm going to try Kaspersky and will post the results as soon as it's finished.

Again, thanks for helping me. :)



Edit: I tried the Kaspersky scan twice. Both times it froze at 13% scan progress,
and both times something(smc.exe) in the Sygate firewall stopped responding.
Is this machine a lost cause?
:unsure:

Edited by DeeEss, 24 September 2005 - 04:08 AM.

"Gort! Klaatu.. barada.. nikto!"

#31 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 24 September 2005 - 06:36 AM

Is this machine a lost cause?  :unsure:

View Post

Not if we have anything to say about it ;)

I'm looking into this and will hopefully have a plan in good time :)

Edited by Mere_Mortal, 24 September 2005 - 06:40 AM.


#32 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 25 September 2005 - 11:16 AM

I would like you to check for missing files that may need replacing, by following these instructions...

Go to Start -> Run -> type cmd and press Enter. At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested. Then please restart your computer.

#33 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 25 September 2005 - 06:11 PM

Hi M_M,

I'll follow your instructions as soon as I find
the install CD.

type cmd and press Enter. At the command prompt type sfc /scannow


Are these commands used in Win98SE?


Dee :)
"Gort! Klaatu.. barada.. nikto!"

#34 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 25 September 2005 - 06:36 PM

No worries :) Actually, it doesn't seem to work with my Win98 system so it might be for XP. You can however just type SFC at Start > Run and then select the first option to run this tool.

Edited by Mere_Mortal, 25 September 2005 - 06:42 PM.


#35 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 26 September 2005 - 02:24 PM

I ran SFC and it said this file may be corrupted: setupx.dll.
I'm still searching for the Win98 installation CD. :whistle:
"Gort! Klaatu.. barada.. nikto!"

#36 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 26 September 2005 - 11:28 PM

Hi there, sorry for the delay.

It may be necessary to locate your Windows setup disk in order to fix your problems. When it has been found, please run SFC again and select the second option to extract a file and then locate the file setupx.dll on your setup CD and proceed to replace this file.

If however you cannot find the CD, you could always download this file. Please note the difference in file versions...

http://www.dll-files...es.shtml?setupx [4.10.1998]
http://www.dlldump.c...es/S/SETUPX.DLL [4.10.2222]

The file version you should use will be according to your version of Windows 98. To check this, right-click My Computer and select Properties. At the top, under System, where it shows your Operating System you will see the actual version. It should be one of the above mentioned.

This file will need to be placed into the C:\Windows\System directory. Before doing so, please rename the current file, say to setupx(old).DLL.

#37 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 27 September 2005 - 01:22 AM

No problem. :)

Well, I still haven't found the CD. It really irks me because it's not
where I left it. :grrr:
I may as well download the file, but another question: Does it matter
which browser I use(Firefox or IE) to download that file?
"Gort! Klaatu.. barada.. nikto!"

#38 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 27 September 2005 - 03:48 PM

It doesn't matter which you use. Of course, if you for some reason have trouble with one, try using the other. But so long as both browsers are in working order, your default will suffice.

#39 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 28 September 2005 - 01:30 PM

Hello :),

I've downloaded the file--waiting for more instructions.

Dee
"Gort! Klaatu.. barada.. nikto!"

#40 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 29 September 2005 - 02:56 PM

Hello, sorry to delay.

If you haven't done so already, please rename the original file C:\WINDOWS\SYSTEM\setupx.dll to C:\WINDOWS\SYSTEM\setupx.old and then transfer the new copy of the file into this directory.

Please also download [LibaryFiles] When installing, follow the prompts and select to install into C:\WINDOWS\SYSTEM if not already set.

Then reboot the System and run SFC again. You will likely be notified that setupx.dll and probably many other files have changed. If so, select to"Update Verification Information" for all instances.

Have you per chance been running Windows Updates?

#41 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 02 October 2005 - 02:29 PM

Hi M_M,

I'm no longer able to get on the internet(using public library computer now). I'm not quite sure what happened, but all I know is that my nephew was the last person on. I called my ISP and was told that everything was okay on their end. They think that there's something on my computer that's blocking internet access, but I have no idea what that could be. I tried upgrading to Win2000Pro but a file on the CD was corrupted. I think the only course of action to take now is to find the Win98 installation CD and just start over.

Thanks for helping me,

Dee :)
"Gort! Klaatu.. barada.. nikto!"

#42 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 03 October 2005 - 10:46 PM

Hello :)

At this point, we have not been able diagnose the cause of your problems. It seems that one problem with the Operating System is subsequently causing further issues and without knowing where to start, it's difficult to find the best course of action.

We are however currently discussing your issue and hope to have a resolution, please bear with us on this.

In the meantime, see if you can run any of the versions of HijackThis that are available from [here] (there is also an old version of CW Shredder in there, ignore that though). If you don't have anything to extract the files [WinRAR] is free and easy to use. If you have any problems, let me know.

Best Regards,
M_M

#43 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 11 October 2005 - 06:02 PM

Hello again, M_M :)

Well, as of October 4th, my computer no longer works. I don't know what happened--there were no warning beeps, just noticed that the CD drive wasvery hot and all of a sudden *POOF!* something burned out!

Also, I just wanted to thank you for your efforts, and to say that when I get another computer, you'll be "seeing" my smiling face at SWI again!! :D


Dee :)
"Gort! Klaatu.. barada.. nikto!"

#44 Mere_Mortal

Mere_Mortal

    Spy-Aware

  • Helper Trainee
  • PipPipPipPip
  • 292 posts

Posted 12 October 2005 - 03:37 AM

Hi Dee :)

I'm so sorry, I've been busy lately and haven't managed to look into this. Although it must be said, now it seems like the issue was hardware related, so we were probably barking up the wrong tree anyway. If that weren't so, it might have been an imcomplete or otherwise faulty install of the Operating System. A reinstall may well have been on the cards, but that's obviously out of the question now.

I appreciate your patience through all of this, I'm sure it's been tough on your end. I bid you all the best with your next computer, hopefully that one will be nice to you :rolleyes:

Take care,
M_M




Member of UNITE
Support SpywareInfo Forum - click the button