49 total posts
(Page 1 of 2)
Hi, Mandy ! Please hold on for Others to Reply......
'cause you've just had bout with some of the worst out there! Several of the newer malware out there will disconnect you from the web if you try to remove them.
For that problem you may find LSP Fix.exe a help in restoring connectability. There is also a text file read me that goes with it. Can be found at: http://cexx.org/lspfix.htm
I think it is important to get all of the bad guys out first before using the fix. I suspect one of your things is trojan and perhaps the "server" you can't reach is one which would either download more baddies or possibly try to take control (at a time of his chosing)to run a DOS attack. I'm no expert, others here are.
They will probably want more info on things like: What are you showing as your Home Page & Search Page (have they been hijacked to a site not set by you)?
Are there known" good sites " listed in your hosts file (a list of banned sites browser is prevented from accessing). Would prevent getting AV updates for example.
Given how broad your problem, is a re-install of 98 out of the question?? As a last resort? You have original install disk?
Definately run AVG now and note exact names & paths (locations) of any found and let fix what it can.
You (in 98) have a registry checker function which holds 5(?) previous restore points. It's used to replace bad reg files if you push "Reset Button". If you only got this bug in last 48 hours, you may be able to choose a date before then but I more afraid that the 5 points there may also be contaminated and allow it all to re-appear. In that case once your clean you'll have to create 5 clean new points manually (can tell you how later if need be). Try above (AVG) while awaiting others to climb on board. Patience!
In mean time, see Parasite Suite post(this page w/lock)
and if able, get the Cool Web Shredder linked there and run it. Do you also have AdawareSE? They have an add-on listed at the lavasoft usa site: VX2 scanner/remover. That might also be helpfull if this batch combined is VX2. Hope this helps. It's 4AM my time so gone 'til the 'morrow.
cwshredder clear and....
vx2 clear as well....will now check this startup thing in anti-parasite suite.
Quick time player keeps coming back after msconfig...everytime.
Now sometimes when typing in an address on the net it goes away and I am still in the same place.
What is NetPumper...it is in my Start/Explore under Windows/Application (something) and when I clicked file up the top in there it was also there...I had not seen this before.
Finally poor AdAware managed to download update...poor thing it was a struggle!
Bye again for now...Mandy
Netpumper was not in my Add/Remove program so...
I went to Start/Explore and deleted it in there then checked start/find Netpumper and found it also in temporary internet files and it would not let me delete...access denied.
Unsure what to do with it as I did not knowingly download this.
Going to check next lot of answers from you all know and follow whatever advice is there...thank you, Mandy
Thanks Tobeach...Extra info.....
My home page is normal...I just have my ISP for home page....although it is slow now.
In Australia this is Westnet.com.au....they are a reputable service provider and are rated highly for their service...I have had an answer almost immediately every time.
Have used AVG and all clear as well as AdAware SE Personal and Spybot Search and Destroy...for now.
I have a Zone Alarm firewall...basic free version.
Cannot re-install as I have no disk...computer was given to me.
5 backup registries are dated in May....not recent?!
Will download cool web shredder shortly.
I still am going to pages I click to.
Drive is making noise as if it is still doing things when I am idle...or longer than it should.
Still unable to update these programs.
check host file
the malware you have has placed some ip address in your host file and that's why you can't update your anti-spyware programs. I would also download a anti trojan program. Here is one of the best
You should also download Webroots updated Spy Sweeper 4.0
Just download the trial. This is one of the few programs that will totally remove CoolWebSearch
Also, install both programs and you must boot into safe mode. Otherwise, you won't get everything. Here is how you boot into safe mode. Restart you computer, when you here a couple beeps start pressing F8 or delete a couple times. You will see a menu and scrool down to safe mode and press enter. Hope this helps
(NT) Which 2 continue free after trial period? Thanks, Roddy
a-squared has a free version right from the beginning actually but it's just the scanner part and not the process guard. You can get updates for the defs whenever they are released for it so it's good for as long as you want to use it. Ewido has a 14 day trial period which includes the process guard and the automatic updates but you lose those after the 14 days. You can still update the program and defs via the updater on the program though, they just won't be automatic. I use both of them and the only thing I didn't like was the process guard during the trial period for Ewido made all my other programs load slower than usual but only by 2 or 3 seconds. That also might be because I also use other programs that have process guards so I'm probably overloaded a little bit.
Thanks, Roddy! That was one of the things...
I didn't like with Trojan Hunter. The resident scanner slowed things way down. Nature of the beast I suppose.
Your machine must be like a juggler with several balls in the ethernet at any given time(LOL)! Thanks!
(NT) You're welcome.
Slowly working through the list folks...
Used the web attack tool to curb a startup program in Anti-Parasite suite to rid myself of the Quicktime (qtask((sp?))-...apparently after looking at task manager programs it is put there by adware....
But after using the webattack tool and rebooting it is still there.Absolutely refuses to budge!
LSPFix I also used and it came back with no problems.
Will try the Trojan removers and use my safe mode for deleting the Netpumper.
Be back soon...
Where exactly are you seeing Quicktime and EXACTLY what is it being called, including any extension it has?
is found in : Start/find/files and folders/msconfig
I then double click msconfig...go to startup and find :Quick Time Task
(I always untick every time I start in Windows 98 and am on the Desktop as it is loaded again as the icon is on the bottom right of the screen where the clock is.)
I cannot find it in Start/Explore under Windows \System
nor in the Add/Remove programs or the Quick time properties or folder.In fact I have searched everywhere else I can think of and this is the only place I can find it.
Just checked start/find/files and folders and qttask.exe is in C:\WINDOWS\SYSTEM ...96kb... Application and Qttask.lgc is in C:\WINDOWS\APPLOG...3kb...LGC file.
Have you actually gone into
MSCONFIG and unchecked it? Try that and if that doesn't work, we will try something else. Directions are here.
Roddy, This is what I keep doing.....
I also just did the same in safe mode and it won't work.Try again....Mandy
Try this Mandy
As long as you know exactly where this is, which it appears that you do, try MoveOnBoot which will delete it upon startup. It's easy to use. You can either follow the wizard on it and put the path for QTTASK.EXE in the MoveOnBoot program or you can navigate to the QTTask.exe itself and right click and choose "delete file on next boot". MoveOnBoot will add that context on to your right click menu when you install it. It only deletes files and not folders, just to let you know. Once you get rid of that one for sure, you sure be able to delete the other remnants afterwords.
Hate to say this.....
Went to snapfiles and downloaded moveonboot.
BUT when I entered the file name it told me 'incorrect file name.
I wrote it several ways.
I tried to find it again in Start/right click Explore...Windows\System...and program files....and quicktime....and tasks (where I found something called Xoftspy??)....but nowhere else is this QTTASK.EXE atboottime to be found.
Any more ideas....I am sure you are heading for brain strain soon LOL.
til next try...Mandy
I don't have time to reread the entire thread now but at one point, I thought you had said that you had deleted the ''QTTASK.EXE'' manually but it had come back, IF that is the case, instead of adding the path into MoveOnBoot, just go to where ever you found the file the first time and right click on it and choose ''delete file on next boot''. MoveOnBoot will work that way also. IF you don't know exactly where the file is then we will have to try something else. I had a simliar problem myself a few years ago trying to remove quicktime on an older computer I finally succeeded but I don't remember how I did it. LOL I see from a post further down that you removed Xoftspy. That is a good move, I will not use a program that has EVER been on Eric's list regardless if it has been removed from it or not.
Hi again Roddy,Just done something re:qttask.exe
I put Qttask.exe into my google search browser and went to www.neuber.com/taskmanager/process/qttask.exe.html
here I found down the page a little peoples comments on this and went into my registry.
Start/run/regedit then HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\current version\run....found qttask.exe there...also in run-...and also in Run(disabled by starter).
I deleted all 3 of these entries.
Rebooted....and presto....no qttask showed up!
I noticed that qttask.exe was earlier today put in my startup programs twice...both exactly the same.
After this I went to Start/find files and folders/type in qttask and 2 entries showed up as usual...paths were Windows/System..and..Windows/Applog.Even though when I enter Start/Explore I cannot locate qttask in these paths,I deleted them through find files and folders.I am not holding my breath until I reboot again...but it is the first time it did not start when rebooting.
Looked everywhere else I could think of to locate any more bits of this Xoftspy...unable to locate any extra bits there.
Now having trouble with browser...noticed the pull down window in the address of my browser and also google search browser are blank....and checking it today nothing stays there for me.
The address browser dropped down on me without me touching it not long ago too...I had to put it back.
All the programs I have for 'nasties' are all clear again this evening.
That was probably going to be
my next suggestion. LOL I saw the neuber thread and others when I googled this the other day but it involved going into the registry which most people, including me are uncomfortable with so I always save that as a last resort. Another last resort was going to be the "issues" portion of CCleaner. I'm glad you might have it fixed, that is great news. As far as the dropdown menu not showing anything, mine doesn't either but I have it set that way by turning ''autocomplete'' off. I really HOPE you are all set now Mandy. Keep us posted
Mandy, Since you have Spybot, there is .....
A function that is similar to Config which also lists & describes various items in start up. Like config, it has ticks in boxes before each item which can be on/off'd for temporary testing and also (if you're sure) can be fully toggled off. I don't know for sure if turning QTTask.exe there might be any more effective than in config but the writter of this may not have be counting on you having S&D and may have written the auto start for config only.
Suggest you might try turning it off there and even if config boots it , the extra cutout may mess with it. Worth 5 mins trial? You need your S&D to be in "Advanced Mode". Start S&D, on main page at top (next to "file') check mark to Advanced. Should show (at bottom left) one button each for settings & tools. Click tools and from list click on words "system start-up" if QTTask listed there untick and reboot. If it has turned off this beast, then go, and after highlighting item, click toggle at top. While there look for any Strange, weird or mispelled items listed. Sometimes they're made to look like legit programs except (for example) maybe has first letter in uppercase where ms program has it all in lower case. Often the program will be under 2 different names with the second one the re-activator of the first one(misdirection).
The other idea that occurs is 98s registry back-up tool with the 5 past registry files. I'm pretty sure these must be contaminated (similar to sys restore).
IF you'd gotten rid of 90% of the problems, I might be tempted to replace all of those, with 5 copies of current 90% clean in hopes of preventing those from having any re-install chance at all.Pretty careful double back-up thinking on the bad guys part but if he wrote for config re-tick would he pass up chance to pull same trick with the reg tool? Normally I'd only suggest this if 100% clean.
Don't really know this will solve much, and certainly Roddy has the expertise (miles beyond myself)... some times the forrest for the trees..
I am certinaly watching your progress with great interest and applauding each of your successes as if my own. You go , girl!!
Several Sites List QTTask.exe as actually....
coming from Quicktime/ IPod tunes program install. I note the HP laptop we got has it on desktop. Some suggest its' main purpose was to monitor what movies/songs you watch/listen to and report back to Apple. (eventually to RIAA?).
One poster said he stopped the problem by unticking in config and then applying S&D Teatimer to prevent it re-enabling. That might work but you don't want to apply T>T> until you're fully clean of all else as it prevents registry changes without your permission. Would make other clean up difficult?? Thought worth a mention.
Qucktime was already installed on my o.s.....
when my brother gave it to me and I notice that quicktime is used for some? pictures on the screen.
When I start the internet explorer I go to my (most popular in Australia)ISP home page and I have noticed recently that I have a 'broken' Q dotted in several places while navigating around this site.I know this icon means quicktime.I assume there are pictures supposed to be in these spots.Some pictures are there and some are not...bit odd?
I think I have come accross these in Yahoo also and maybe a couple of other places but have not been in many other places on the net recently.
Will keep your thought in mind for now....
Hi tobeach....just started up spybot in advanced...
mode....I already had it in advanced I noticed.I
went into startup and found QTTASK.EXE_atboottime was in there...BUT...it was unticked.....not sure now that I have tried so many things but I think I did that earlier.But in the side window next to this it does tell me according to 'Paul Collins startup list' that this is either:System tray access to Apple's & quot;Quick Time and quot;viewer from version 5 onwards
OR CoolWebSearch parasite variant.
I already downloaded CWShredder and that is clear.
So is Spybot, AVG and ADware only came back with a number of tracking cookies...I deleted those.
I did download the recent Version of quicktime just to update.But the computer is slow and a couple of times the address changed/or stopped on me when I entered an address in the browser.
I sure am glad for your support between us all I look forward to licking this problem....sure is stubborn...I am more stubborn though!!
Thanks again tobeach....
Mandy, I've just noticed in post to Roddy, Xoftspy is....
mentioned. The program (all versions before version 4.0) was classed as a rogue program for all the usual reasons. Now claims to have stopped false positives as sales goad and reformed (after blaming their associates).
I see no reason to take their word for it (the fox swearing he's reformed and no longer eats chickens (just ducks)! Remove any refrence to it you find in programs or registry or move on boot.
You also mention AdWare. If you go to above link,you'll find many mentions of various versions listed. Anything mentioned in lists, I'd remove. Good page to ad to your Favorites/Bookmarks, I refrence it quite often. I'm assuming here you meant AdWare not Adaware(legitimate from Lavasoft). HTH!!!
Very informative page is now added to my favorites...
Thank you for that info tobeach....and I hopefully have removed Xoftspy....I must admit I am unsure how that got into my system....nothing written rings any bells??!
Back again...something seriously wrong here....
On rebooting qttask is gone...BUT...connected up to the internet,clicked on my icon for IE, after waiting for it to finish clicking away (quite slow),clicked on my favorites for cnet...waited again slow...clicked on my outlook express...then lost the page buttons I had on the bottom along with clock,icons next to that and the start button was white blank.
Could not do anything for a minute or 2 then got to the desktop clicking the outlook express x up the top right corner and was immediately at my desktop.Still was connected to the internet though but got everything back on the bottom of the screen except my 'pages'buttons and the internet icon that should be showing next to the clock.
Now getting straight into cnet from favorites when I click to change the page only half of the page showed...clicked back button twice for it to work then the same thing happened.Now I am able to do this message finally...was not sure if I should start a new message as my original message here is fixed as my programs have been able to be updated.(As of yesterday anyway)Have not tried today.
What to do....I am unsure what is happening...Mandy