Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Windows 9x/Me Security Thread

- - - - -

  • Please log in to reply
113 replies to this topic

#1
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 758 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag
AVZ Antiviral Toolkit 4.35 is well worth having I guess:

http://www.softpedia...l-Toolkit.shtml


How to remove advertisement from MSFN

#2
dencorso

dencorso

    Adiuvat plus qui nihil obstat

  • Supervisor
  • 5,889 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

:huh: How come you forgot to include our very own Unofficial ClamWin patch for Win98SE by aru?
I'm begining to think the best way to get something totally unnoticed is to stickify it! :unsure:

That said, thanks for your hard work! You rock! :thumbup

#3
Multibooter

Multibooter

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 896 posts
  • Joined 21-March 08
  • OS:98SE
  • Country: Country Flag
Just yesterday I updated under Win98 Kaspersky Anti-virus v6.0.2.261 from their server, Signatures published: 5/8/11, 5371038 signatures.Great scanner and works fine under Win98. The only difficulty is where to purchase a valid key for this old version. Kaspersky will probably provide updates for v6 for another year. In any case I bought me a spare key for v6, with which I should be fine until March 2013, if Kaspersky Lab should decide to extend the updates for v6.

In any case, after each signature update I make a backup of the Update Folder (in a rar file of currently 170MB) which can be used in the years to come to update a fresh installation of Kaspersky 6. In this way I will be able in 2015, for example, to install Kaspersky 6 under Win98 and update it to a close-to-the-last signature database, e.g. April xx, 2012, from the Update folder, instead of their server. A license key file with the date of validity beyond the date of the last signature update should allow Kaspersky to run indefinitely, with the close-to-the-last signature database.

BTW, the Kaspersky license key file is not the same as the registration code. A registration code is useless if the Kaspersky server doesn't give you a license key file for it. This happened to me a few years back when Kaspersky Lab dropped support for Kaspersky Internet Security v6, and I couldn't update from the server anymore, even if I had a valid license/registration code.

Edited by Multibooter, 10 May 2011 - 01:36 AM.


#4
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 758 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag

Loblo, I just used AVZ and had no viruses! I guess ClamWin was doing it's job! :wacko:

I guess you didn't find anything with Clamwin either or am I wrong? :w00t:

#5
M()zart

M()zart

    Member

  • Member
  • PipPip
  • 277 posts
  • Joined 17-June 08
What about Spybot Search & Destroy? http://www.safer-networking.org/
I think, it is worth mentioning here.
Personally I don't use any security software neither on my Windows 98 PC, which I connect to the Internet very rarely through dial-up, nor on my main Windows 7 PC. I just use its Windows firewall, and very carefully run any suspicious executables. I tried Kaspersky, and my PC worked very slowly with it. Then I tried NOD - works well, but slows down my torrent downloads greatly. When I tried Outpost - it just crashed occasionally into BSOD couple of times a week. After all I uninstalled all the security software. Three years with Windows firewall and no AV. Infected three times only. Every time detected and cleaned infection myself without system reinstalling. Spent less brain cells then with this irritating security software. Each time before running suspicious executables I test them on VirusTotal and sometimes on virtual machines. Sometimes check my PC with Cure-it.

#6
TmEE

TmEE

    Mega Drive Modding Master

  • Member
  • PipPipPip
  • 361 posts
  • Joined 17-September 08
  • OS:98SE
  • Country: Country Flag
I install Norton 2005 and update it form time to time, so I can get virus signatures to be used in its DOS component NAVDX. Works wonders and has saved me lot of headache in past.

I usually run no protection measures whatsoever, only scan the HDD few times a year. AVG is something I strongly advise against using... I'd rather have viruses than AVG... in both cases you lose performance, and AVG is probably even more annoying than viruses are..... lot of bad experience with it that still carries on at my work where I see virus ridden machines running AVG...
Posted Image Mida sa loed ? Nagunii aru ei saa ;)

#7
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --
What a waste of hard drive space and cpu cycles.

I run no AV software on my win-98 systems. After years of running Norton Antivirus 2002 (and updating it every year with Symantec intelligent updater) it has never detected any malware (at least none that I didn't intentionally download for examination). Any apps I download from the net I can fire off to virustotal.com and get it scanned by 42 AV programs. So I stand firmly by my claim that if you have even 2 functioning brain cells enough to not click on executable files or scripts that pop up on your web browser or e-mail, then your win-98 system does not need an AV package in the year 2011 and hasn't needed one for at least the past 5 years.

Firewall? Again, useless for win-98. More useless than AV software. If you connect to the internet using a NAT router, then a software firewall is doing nothing for you. Many people don't understand that.

During the years 2000 through the end of 2005, our office had a 64-IP address subnet connection to the internet. NO nat-router. Each computer had a direct, routable IP address. Some of our NT and win-2K computers occasionally became infected that way (mostly network worms). Our dozen win-98 computers ->GOT NOTHING<-. The most vulnerable years for win-98 to be running without a firewall or NAT router, and we got nothing. Case closed for software firewalls on win-98.

And take this home for consideration: Most virii or trojans that infect windows systems know how to disable your AV and firewall software - but again you won't find anything in current circulation that knows how to target a win-98 system anymore. For the service-heavy XP, naturally I wouldn't run an XP system without it's firewalls turned on. XP is so much more vulnerable than win-98.

So how do I keep malware off my win-98 system? For starters, I simply don't think the infection avenues exist anymore that enable malware to get onto win-98 systems. Look at Secunia.org for security issues affecting win-98 during the years 2000 through 2006. Very few, and basically none of them allowed for unattended exposure to malware, in contrast to dozens for XP, and many hundreds of other vulnerabilities during those years and beyond.

So use a HOSTS file. Mainly to stop advertizing and other pop-up screens that can appear when you visit questionable websites. Also, have your browser NOT automatically render pdf files - although I have yet to see a pdf exploit that functions correctly on win-98 using acrobat 6.

Set your browser user-agent to something other than win-98. This will confuse infected or malicous web-servers that use the user-agent to figure out what OS you're running as they try to send you specially-crafted infectors tailored to your OS.

#8
CharlesF

CharlesF

    Advanced Member

  • Member
  • PipPipPip
  • 461 posts
  • Joined 13-July 08
  • OS:98SE
  • Country: Country Flag
NO AV for years, but:

* Update every component.
For IE6 and OE6 (even if you don't use them), don't forget Maximus Decim InternetExplorer 6.0sp1 Component Update 3.4

* I use SpywareBlaster 4.4 for years: prevent the installation of spyware and other potentially unwanted software.

* Use a up-to-date Hosts file. For instance Mvps Hosts File

* There is also this old stuff, but it has not been updated for years : BugOff

* I run HijackThis from to time, to see if anything has changed.

* The main threat nowadays is from USB keys (or players, ...) IMO,
and I use to avoid them the excellent Autorun Eater 2.5 beta, with KernelEx. See here: #1067.

HTH :)
Charles.

#9
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 758 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag
Timely topic as my system just got hit by a W32.Polipos.A virus which has infected about hundred executables or so. :lol:

I have so far cleaned it up to the point it doesn't seem to be spreading anymore but I'll take me another day or two for doing a full cleanup I guess as I have got to reinstall a lot of commercial software packages as well as finding on the net again quite a few freebies freebies that also got infected . :wacko:

After that one I am kinda considering running again a resident virus scanner. :w00t:

#10
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 758 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag
wsxedcrfv, AFAIK (but you'll tell me if I am wrong) a router won't block outgoing traffic so a decent firewall is still necessary IMHO in case one gets hit by an online browser/flash/java exploit downloading and executing code on one's machine.

#11
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 758 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag
BitDefender 8 still gets updated with the latest virus definitions and there are currently 6.902.664 signatures in the database. The free edition doesn't have a resident shield protection and, if relevant, KernelEx must be disabled on the file BDSS.EXE located in PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER otherwise it won't work or crash.

http://www.filehippo...itdefender/577/

:hello:

Edited by loblo, 11 May 2011 - 01:47 PM.


#12
Multibooter

Multibooter

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 896 posts
  • Joined 21-March 08
  • OS:98SE
  • Country: Country Flag

Timely topic as my system just got hit by a W32.Polipos.A virus which has infected about hundred executables or so. :lol:

A year ago my laptop got a .exe infection http://www.msfn.org/...h-tengaa-virus/ which infected USB archives and across operating systems. I eventually wiped the whole disk on the infected laptop and restored from backups. Most of the stuff on the infected 1TB USB HDD I have deleted, but I have not yet wiped the HDD. 1 year on there is still some stuff on the infected external HDD, and I have been emptying it slowly, as I have time, with binary compares against a clean older archive HDD, with Beyond Compare v2.9.3. Maybe in a year from now I will have finished deleting the last leftover stuff on the infected 1TB HDD.

I have so far cleaned it up to the point it doesn't seem to be spreading anymore but I'll take me another day or two for doing a full cleanup

If I remember right, my system got re-infected twice.

I guess as I have got to reinstall a lot of commercial software packages as well as finding on the net again quite a few freebies freebies that also got infected . :wacko:

If this is the case you need to work on your backup strategy. I have the opposite problem: I am swamped with backups.

My problem with the .exe infection last year was that at the time of the infection I was in Europe for several months, while many of my backups were in the US. I still have no clear ideas about how to back up new stuff added during extended travels, maybe on DL DVDs or on Blu-ray disks (write-once), they won't be compromised by .exe infectors.

After that one I am kinda considering running again a resident virus scanner. :w00t:

I doubt that real-time scanning by my anti-virus software would have protected me from the blazingly fast exe infector Tenga.a. Kaspersky AV a year ago was able to identify etc the malware output, the Tenga-infected .exe files. But apparently Kaspersky AV was not able to identify the original agents causing the infection because I always scan my downloads.

#13
Steven W

Steven W

    Advanced Member

  • Member
  • PipPipPip
  • 365 posts
  • Joined 02-June 06
Some might have an aversion to it, but I still use Tiny Personal Firewall (2.0.15A). If I recall correctly, it has some issue with a Norton defrag utility. McAfee's Stinger Tool still works (I don't believe it requires KernelEx).

Edited by Steven W, 11 May 2011 - 07:40 PM.


#14
erpdude8

erpdude8

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,140 posts
  • Joined 24-November 04

What about Spybot Search & Destroy? http://www.safer-networking.org/
I think, it is worth mentioning here.


speaking of Spybot S&D, version 2.0 beta has just been released today.
http://www.safer-net...2011-05-11.html

can you guys check to see if Spybot S&D 2.0 beta works under Win98/ME? I know its help file still mentions Win9x/ME.

#15
Multibooter

Multibooter

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 896 posts
  • Joined 21-March 08
  • OS:98SE
  • Country: Country Flag

Some might have an aversion to it, but I still use Tiny Personal Firewall (2.0.15A). If I recall correctly, it has some issue with a Norton defrag utility.

I am using Tiny Personal Firewall v2.0.14 under Win98 and Kerio Personal Firewall v2.1.5 under WinXP. The defragger VoptXP v7.22 [this is a misnomer, it runs fine under Win98] has no issues with Tiny or Kerio. Under WinXP I have installed VoptXP v7.22 and Vopt v9.21.

Tiny v2.0.14 has worked fine for me under Win98, but eventually I will replace it with Kerio v2.1.5 under Win98 so that I have the same firewall software on all computers of a mixed Win98/WinXP peer-to-peer network.

Here some old postings of mine regarding Tiny/Kerio:
http://www.msfn.org/...post__p__766929
http://www.msfn.org/...der-windows-xp/
http://www.msfn.org/...post__p__855331

Regarding Vopt/defragging under Win98:
http://www.msfn.org/...ware-for-win9x/

Edited by Multibooter, 11 May 2011 - 05:55 PM.


#16
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

Timely topic as my system just got hit by a W32.Polipos.A virus which has infected about hundred executables or so. :lol:

Out of curiosity - did you (or can you) take note of any changes to the time or date-stamps on any EXE files on your system? There are some reports that your file time or date will be changed to reflect when the virus infected the file.

Also, do you run a Gnutella client (ie Limewire or other)? That is one of the methods known to spread this virus (but I'm not sure how exactly the virus can be executed without the user's knowledge or direct intention).

You probably downloaded and ran a file that was already infected with Polipos.

I have so far cleaned it up to the point it doesn't seem to be spreading anymore but I'll take me another day or two for doing a full cleanup I guess as I have got to reinstall a lot of commercial software packages as well as finding on the net again quite a few freebies freebies that also got infected . :wacko:

Most likely the files that were tampered with (infected) will be limited to your /program_files and /windows directories.

#17
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

wsxedcrfv, AFAIK (but you'll tell me if I am wrong) a router won't block outgoing traffic so a decent firewall is still necessary IMHO in case one gets hit by an online browser/flash/java exploit downloading and executing code on one's machine.

While it is true that a NAT router only does in-bound fire-walling, any out-bound fire-walling that is in place on a computer will not prevent that computer from being exposed and infected by browser or user-downloaded malware. There is a lot of malware that knows how to disable or circumvent any software firewall you may have running.

I've asked here before if people could post their experiences with windows 98 and software firewalls and give examples of how the software firewall detected a bona-fide (real) instance of malware trying to make an external connection to the internet to download additional malware. I don't believe any such examples were ever posted.

#18
TmEE

TmEE

    Mega Drive Modding Master

  • Member
  • PipPipPip
  • 361 posts
  • Joined 17-September 08
  • OS:98SE
  • Country: Country Flag
I once got W32.Funlove.4099 virus from a computer repair shop, I infected every single windows executable (EXE, DLL, OCX, SCR etc.) on all the drives I had on the PC... Norton 2005 DOS part saved my machine, and managed to clean every single file form the virus, that was in ~2005, and since then I have not had any virus outbreaks. I don't run any protection software, but I do scan my drives couple times a year at work, and so far I have not found anything.
Posted Image Mida sa loed ? Nagunii aru ei saa ;)

#19
Lipper

Lipper

    Newbie

  • Member
  • 38 posts
  • Joined 08-February 11
  • OS:98
  • Country: Country Flag
Thanks, all. I didn't know of many of these programs and tips.

Some programs I use that haven't been mentioned yet:

Clam Sentinel 1.15 by member 'Aru'. Real time front end for ClamWin AV with additional configurable system monitor (heuristic). I'm running a portable pre-release version 1.16 which is expected to be released this month.

Multi Virus Cleaner 2011 Last version : v11.3.1 - March 29th, 2011 - scanner, updated every 1-2 months, installed.

SmartCOP Virus Scanner - updated frequently, portable, disposable, requires name and email for registration.

RootAlyzer - Portable rootkit scanner by Safer - also incorporated into Spybot Search & Destroy.

All programs are free for personal use and compatible with Win98/ME without KernelEx.

#20
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 758 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag

I doubt that real-time scanning by my anti-virus software would have protected me from the blazingly fast exe infector Tenga.a. Kaspersky AV a year ago was able to identify etc the malware output, the Tenga-infected .exe files. But apparently Kaspersky AV was not able to identify the original agents causing the infection because I always scan my downloads.

Well, it is very possible that the original source of infection had been skillfully hexed as to escape signature detection while still working, (something which is much easier to achieve than writing a new malware from scratch) but I think real time protection would have blocked execution of the infected files which you run routinely everyday and were responsible for the bulk of your massive infection.

#21
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 758 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag

Out of curiosity - did you (or can you) take note of any changes to the time or date-stamps on any EXE files on your system? There are some reports that your file time or date will be changed to reflect when the virus infected the file.

Not sure if time stamps had been altered, I didn't check that but I monitor a certain number of files/folder for changes at least once daily using Syslog and Md5Checker so it hadn't been running for too long until I became aware there was a problem.

Also, do you run a Gnutella client (ie Limewire or other)? That is one of the methods known to spread this virus (but I'm not sure how exactly the virus can be executed without the user's knowledge or direct intention).

I run uTorrent and eMule from time to time but I don't download executables with them and they aren't Gnutella clients anyway AFAIK. Anyway those malware reports that are copy/pasted everywhere are usually a mixture of good info and rubbish IMO.

You probably downloaded and ran a file that was already infected with Polipos.

That's most probably what happened when I was sorting and running some of the massive number of programs I had downloaded from sites such as leetupload, vxchaos and so on sometime ago..

Most likely the files that were tampered with (infected) will be limited to your /program_files and /windows directories.

Nope, I had files altered by it in various other directories, including some on other drives.

#22
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 758 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag

There is a lot of malware that knows how to disable or circumvent any software firewall you may have running.

While this is true, I don't think it means firewalls are useless as the larger number of malware don't use firewall circumvention methods and I selected Jetico as my firewall as it would appear most circumvention methods don't work with it (Perhaps not so true today as it was some years ago since I use version 1 which doesn't get updated anymore).

I've asked here before if people could post their experiences with windows 98 and software firewalls and give examples of how the software firewall detected a bona-fide (real) instance of malware trying to make an external connection to the internet to download additional malware.

Jetico blocked the gozi trojan from accessing the network for fetching some other files when it was still a zero-day and went undetected by my then real time antivirus. I then uploaded the file on Jotti for online scan and it was deemed clean by all scanners. I was still using IE at the time and it ended on my machine through a javascript/active X exploit.

I don't believe any such examples were ever posted.

I posted about it under another nickname a few years ago.

#23
Fredledingue

Fredledingue

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,267 posts
  • Joined 10-February 05
  • OS:98SE
  • Country: Country Flag
No AV, no FireWall, not even Spybot S&D or similar.
No software to protect my computer at all!
It's been years I don't use them anymore and I'v never been infected. (It's still possible that a virus came and crashed instantly but I don't think so).

However I disable many things that was designed by Microsoft to allow viruses to penetrate and propagate into a computer:

1/ ActiveX. With the help of Maxthon I dosable this, but that can be done in K-Meleon or another w9x compatible browser. The downside of it is that it disable YouTube and flv videos. So I re-activate it when I realy want to watch a video in the YouTube format, and only on very well-known websites and only on the tab and for the session where I want to watch this video.

2/ Javascript. On dangerous or very-dangerous websites (I do go to such websites sometimes) I completely disable javascript. While I think that disabling ActiveX is enough safe, disabling Javascript is even better psychologicaly. I also disable javascript to increase speed.

3/ e-mail HTML. In Outlook Express I read all my e-mail as plain text. No HTML for me in my input box, even when the message is unreadable. Poeple have to send me pure text if they want an answer.

4/ Windows Media Player. I don't use it because it has features to download and install stuffs. This was exploited in the past on various platforms.

5/ Auto Insert Notification. That thing that pops up and run the virus installed on a CD. Even when there is no virus it's so annoying that you want it disabled.

6/ Spam. My service provider is effective in filtering span and I edited over the years good spam filtering rules. And of course suspicious attachements are immediately deleted. But that goes without saying.
When spam are automaticaly deleted from the server they don't even touch your computer. That alone must stop a bunch of viruses IMO.

Probably I forgot other stuffs... I don't consider myself as being safe by the use I do with my computer, yet it's been ages since I have seen a virus here.

HTASoft.com

superchargedwindows9xig1.png
Still Using W98SE+++ ...Daily.

#24
Steven W

Steven W

    Advanced Member

  • Member
  • PipPipPip
  • 365 posts
  • Joined 02-June 06
Here's something I always thought was overkill, "Registry Protection" programs, like RegistryProt:

http://www.tucows.com/preview/218922

I've found them far more annoying than useful.

#25
AlteredAaron

AlteredAaron

    Newbie

  • Banned
  • 15 posts
  • Joined 21-January 11
  • OS:none specified
  • Country: Country Flag
I tried using Eusing Free Registry Cleaner and all it did was delete a bunch of "un-used" file extensions like .zip, .bmp, .jpg and other important file associations.

So then I had to re-associate all those file extensions with the correct programs. Basically all Eusing did was screw up my computer.

The only registry cleaner I use is the one inside CCleaner.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users