Windows 9x/Me Security Thread anti-virus, firewalls, spyware, dos, etc.
Posted 10 May 2011 - 12:00 AM
I'm begining to think the best way to get something totally unnoticed is to stickify it!
That said, thanks for your hard work! You rock!
Posted 10 May 2011 - 01:32 AM
In any case, after each signature update I make a backup of the Update Folder (in a rar file of currently 170MB) which can be used in the years to come to update a fresh installation of Kaspersky 6. In this way I will be able in 2015, for example, to install Kaspersky 6 under Win98 and update it to a close-to-the-last signature database, e.g. April xx, 2012, from the Update folder, instead of their server. A license key file with the date of validity beyond the date of the last signature update should allow Kaspersky to run indefinitely, with the close-to-the-last signature database.
BTW, the Kaspersky license key file is not the same as the registration code. A registration code is useless if the Kaspersky server doesn't give you a license key file for it. This happened to me a few years back when Kaspersky Lab dropped support for Kaspersky Internet Security v6, and I couldn't update from the server anymore, even if I had a valid license/registration code.
This post has been edited by Multibooter: 10 May 2011 - 01:36 AM
Posted 10 May 2011 - 05:50 AM
I think, it is worth mentioning here.
Personally I don't use any security software neither on my Windows 98 PC, which I connect to the Internet very rarely through dial-up, nor on my main Windows 7 PC. I just use its Windows firewall, and very carefully run any suspicious executables. I tried Kaspersky, and my PC worked very slowly with it. Then I tried NOD - works well, but slows down my torrent downloads greatly. When I tried Outpost - it just crashed occasionally into BSOD couple of times a week. After all I uninstalled all the security software. Three years with Windows firewall and no AV. Infected three times only. Every time detected and cleaned infection myself without system reinstalling. Spent less brain cells then with this irritating security software. Each time before running suspicious executables I test them on VirusTotal and sometimes on virtual machines. Sometimes check my PC with Cure-it.
Posted 10 May 2011 - 07:02 AM
I usually run no protection measures whatsoever, only scan the HDD few times a year. AVG is something I strongly advise against using... I'd rather have viruses than AVG... in both cases you lose performance, and AVG is probably even more annoying than viruses are..... lot of bad experience with it that still carries on at my work where I see virus ridden machines running AVG...
Posted 10 May 2011 - 07:42 AM
I run no AV software on my win-98 systems. After years of running Norton Antivirus 2002 (and updating it every year with Symantec intelligent updater) it has never detected any malware (at least none that I didn't intentionally download for examination). Any apps I download from the net I can fire off to virustotal.com and get it scanned by 42 AV programs. So I stand firmly by my claim that if you have even 2 functioning brain cells enough to not click on executable files or scripts that pop up on your web browser or e-mail, then your win-98 system does not need an AV package in the year 2011 and hasn't needed one for at least the past 5 years.
Firewall? Again, useless for win-98. More useless than AV software. If you connect to the internet using a NAT router, then a software firewall is doing nothing for you. Many people don't understand that.
During the years 2000 through the end of 2005, our office had a 64-IP address subnet connection to the internet. NO nat-router. Each computer had a direct, routable IP address. Some of our NT and win-2K computers occasionally became infected that way (mostly network worms). Our dozen win-98 computers ->GOT NOTHING<-. The most vulnerable years for win-98 to be running without a firewall or NAT router, and we got nothing. Case closed for software firewalls on win-98.
And take this home for consideration: Most virii or trojans that infect windows systems know how to disable your AV and firewall software - but again you won't find anything in current circulation that knows how to target a win-98 system anymore. For the service-heavy XP, naturally I wouldn't run an XP system without it's firewalls turned on. XP is so much more vulnerable than win-98.
So how do I keep malware off my win-98 system? For starters, I simply don't think the infection avenues exist anymore that enable malware to get onto win-98 systems. Look at Secunia.org for security issues affecting win-98 during the years 2000 through 2006. Very few, and basically none of them allowed for unattended exposure to malware, in contrast to dozens for XP, and many hundreds of other vulnerabilities during those years and beyond.
So use a HOSTS file. Mainly to stop advertizing and other pop-up screens that can appear when you visit questionable websites. Also, have your browser NOT automatically render pdf files - although I have yet to see a pdf exploit that functions correctly on win-98 using acrobat 6.
Set your browser user-agent to something other than win-98. This will confuse infected or malicous web-servers that use the user-agent to figure out what OS you're running as they try to send you specially-crafted infectors tailored to your OS.
Posted 10 May 2011 - 07:57 AM
* Update every component.
For IE6 and OE6 (even if you don't use them), don't forget Maximus Decim InternetExplorer 6.0sp1 Component Update 3.4
* I use SpywareBlaster 4.4 for years: prevent the installation of spyware and other potentially unwanted software.
* Use a up-to-date Hosts file. For instance Mvps Hosts File
* There is also this old stuff, but it has not been updated for years : BugOff
* I run HijackThis from to time, to see if anything has changed.
* The main threat nowadays is from USB keys (or players, ...) IMO,
and I use to avoid them the excellent Autorun Eater 2.5 beta, with KernelEx. See here: #1067.
Posted 10 May 2011 - 09:40 PM
I have so far cleaned it up to the point it doesn't seem to be spreading anymore but I'll take me another day or two for doing a full cleanup I guess as I have got to reinstall a lot of commercial software packages as well as finding on the net again quite a few freebies freebies that also got infected .
After that one I am kinda considering running again a resident virus scanner.
Posted 10 May 2011 - 09:47 PM
Posted 11 May 2011 - 01:43 PM
This post has been edited by loblo: 11 May 2011 - 01:47 PM
Posted 11 May 2011 - 03:56 PM
My problem with the .exe infection last year was that at the time of the infection I was in Europe for several months, while many of my backups were in the US. I still have no clear ideas about how to back up new stuff added during extended travels, maybe on DL DVDs or on Blu-ray disks (write-once), they won't be compromised by .exe infectors.
Posted 11 May 2011 - 04:55 PM
This post has been edited by Steven W: 11 May 2011 - 07:40 PM
Posted 11 May 2011 - 05:24 PM
I think, it is worth mentioning here.
speaking of Spybot S&D, version 2.0 beta has just been released today.
can you guys check to see if Spybot S&D 2.0 beta works under Win98/ME? I know its help file still mentions Win9x/ME.
Posted 11 May 2011 - 05:44 PM
Tiny v2.0.14 has worked fine for me under Win98, but eventually I will replace it with Kerio v2.1.5 under Win98 so that I have the same firewall software on all computers of a mixed Win98/WinXP peer-to-peer network.
Here some old postings of mine regarding Tiny/Kerio:
Regarding Vopt/defragging under Win98:
This post has been edited by Multibooter: 11 May 2011 - 05:55 PM
Posted 11 May 2011 - 10:14 PM
Out of curiosity - did you (or can you) take note of any changes to the time or date-stamps on any EXE files on your system? There are some reports that your file time or date will be changed to reflect when the virus infected the file.
Also, do you run a Gnutella client (ie Limewire or other)? That is one of the methods known to spread this virus (but I'm not sure how exactly the virus can be executed without the user's knowledge or direct intention).
You probably downloaded and ran a file that was already infected with Polipos.
Most likely the files that were tampered with (infected) will be limited to your /program_files and /windows directories.
Posted 11 May 2011 - 10:23 PM
While it is true that a NAT router only does in-bound fire-walling, any out-bound fire-walling that is in place on a computer will not prevent that computer from being exposed and infected by browser or user-downloaded malware. There is a lot of malware that knows how to disable or circumvent any software firewall you may have running.
I've asked here before if people could post their experiences with windows 98 and software firewalls and give examples of how the software firewall detected a bona-fide (real) instance of malware trying to make an external connection to the internet to download additional malware. I don't believe any such examples were ever posted.
Posted 12 May 2011 - 01:00 AM
Posted 12 May 2011 - 08:44 AM
Some programs I use that haven't been mentioned yet:
Clam Sentinel 1.15 by member 'Aru'. Real time front end for ClamWin AV with additional configurable system monitor (heuristic). I'm running a portable pre-release version 1.16 which is expected to be released this month.
Multi Virus Cleaner 2011 Last version : v11.3.1 - March 29th, 2011 - scanner, updated every 1-2 months, installed.
SmartCOP Virus Scanner - updated frequently, portable, disposable, requires name and email for registration.
RootAlyzer - Portable rootkit scanner by Safer - also incorporated into Spybot Search & Destroy.
All programs are free for personal use and compatible with Win98/ME without KernelEx.
Posted 12 May 2011 - 11:07 AM
Well, it is very possible that the original source of infection had been skillfully hexed as to escape signature detection while still working, (something which is much easier to achieve than writing a new malware from scratch) but I think real time protection would have blocked execution of the infected files which you run routinely everyday and were responsible for the bulk of your massive infection.
- ← [Solved] ForceWare driver question and Win98SE
- Windows 9x / ME
- Why use Win 9x on new PCs in 2013? →