Patching Win98

[Marsden11]

So, getting back to the imaging question, my inquiry remains mostly unanswered- can any present known threat survive imaging if the image restored is truly clean- known clean, not infected? Can it hide in the boot sector and re-emerge? Can it burrow down into ordinary text or graphics files and then somehow self-execute? Without any operator intervention?

It depends... An example that may or may not apply to your situation. You do a clean install and you install all your updates including the latest definations for your AV program. Let's say you are using Norton 5. You can't use Norton 6 because it will not run on 98. Your clean install and thus clean image depends on the most current updates for your OS and AV definitions you can start with. What happens when Norton no longer puts out definitions for Norton 5? Who is to say if the 3rd party utility companies will will continue support for 98 and for how long?Your plan may work until 3rd party support dries up.As to files that auto execute- typically one must open the file; either by playing a audio file, viewing an image, unpacking a zipped file, or reading a text file. Your AV protection is only as good as your definations. You could still be nailed by a new virus that enters the wild before your definitions are updated.I have never said upgrade only to a newer windows version. I have said move forward to ANY current OS.

[Guest LilBambi]

Clutter, you might want to check this Microsoft page:http://support.microsoft.com/default.aspx?...kb;en-us;249191Don't let the title throw you, it's the forcing of the repair command itself that I am hoping you can do.

Click Run on the File menu in File Manager, and then type the following command:rundll32 setupwbv.dll,IE5Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"

But some of the other info might come in handy for anyone using an older version of IE at some point.

[lewmur]

1. Yes. (Remember a drive image is a snapshot of every bit. Imaging software does not remove bad bits).

BS. Not if the image was un-infected. There would be no point in making an image of an infected partition. Pure FUD.

Yep

More FUD!!! ****** near all malicious code is written in assemlby and always has been. You still need to have it execute in order to do any damage. That was the problem with ansi.sys clear back in the DOS era.

[Marsden11]

More FUD!!! ****** near all malicious code is written in assemlby and always has been. You still need to have it execute in order to do any damage. That was the problem with ansi.sys clear back in the DOS era.

Talk about your FUD...So there is no such thing as Script Viruses? Like those written in VBS, PHP, INF, JS, HLP.VBS1. VBS.Rabbit.c This is a virus written in Windows Script language, and it is the first known virus of this type, appearing in October 1998. This virus is quite simple - just over 10 commands. It just searches for other script files in the current directory and ove... 2. Virus.VBS.AVM WinScript.AVM is a family of parasitic viruses written in Windows Script language. To replicate themselves they use File System Object (FSO). When run, the viruses locate the host file name, read the file contents, locate their body, search for all ... 3. Virus.VBS.Freelink This is a worm written in Visual Basic Script language (VBS). This worm spreads via e-mail and IRC (Internet Relay Chat) channels. Being executed, the worm script creates a new script file "RUNDLL.VBS" in the Windows system folder, and modifies the s... 4. Virus.VBS.FriendMess This dangerous Internet worm is written in Visual Basic Script language. For spreading, the worm uses MS Outlook 98/2000. If another mailer is used, the worm is not able to spread, but runs its payload routine (see below). The worm arrives to a c... 5. Virus.VBS.GaScript VBS.GaScript is an Internet worm and script virus made with the help of the the virus script construction program Gate Script. The virus and worm code were both written in Visual Basic Script (VBS). The Gate Script program facilitates the building ... 6. Virus.VBS.Hard This is an Internet-worm written in Visual Basic Script language (VBS). It spreads using MS Outlook Express. This worm spreads via e-mail by sending infected messages from infected computers. While spreading, the worm uses MS Outlook Express and ... 7. Virus.VBS.Infi This is a virus written in Visual Basic Script (VBS). When launched, it copies itself to C:\SysPatch.vbs and registers it in the Windows registry auto-start area. Then, the virus searches all available drives for files with the extension "VBS," and ... 8. Virus.VBS.KL-Demo This detection covers files which are designed to check the functioning of antivirus programs. They contain no malicious code, and do not present any threat to systems.... 9. Virus.VBS.Lanus This virus is written in Visual Basic Script (VBS) language and encrypted (it is a VBE - Visual Basic encoded script). When activated, it searches for files with .html and .htm extensions and infects them by writing its code to the top of file. The... 10. Virus.VBS.Mcon.b This worm spreads via networks, scanning them for accessible IP addresses and copies itself to them. Being activated, the worm copies itself into the Windows fonts directory using the name "ttfload.vbs", and modifies the system registry to execute t... 11. Virus.VBS.Monopoly Another Melissa-like worm. It spreads through e-mail using MS Outlook client. The main difference between the two worms is this one is written in Visual Basic Script instead of MS Office macro-language. Most of its code is encrypted to make analysis ... 12. Virus.VBS.Rabbit.a This is a virus written in Windows Script language, and it is the first known virus of this type, appearing in October 1998. This virus are quite simple - just over 10 commands. It just searches for other script files in the current directory and ove... 13. Virus.VBS.Rabbit.b This is a virus written in Windows Script language, and it is the first known virus of this type, appearing in October 1998. This virus are quite simple - just over 10 commands. It just searches for other script files in the current directory and ove... 14. Virus.VBS.Redlof.a VBS. Redlof is written in Visual Basic Script (VBS) and encrypted as VBE (Visual Basic encoded script). On first being run, it creates a file with its executable code in the Windows system directory under the name Kernel.dll. The virus also creates ... 15. Virus.VBS.Sling The virus is written in Visual Basic Script (VBS). The body of the virus is approximately 2.5KB On launching, the virus searches for files with the extension .vbs and .vbe on all accessible disks and infects them. If the date is 16th June or 16th ... PHP Hypertext Preprocessor Viruses1. Virus.PHP.Neworld This is script virus written in PHP scripting language. It uses the same infection technology as first known PHP virus PHP.Pirus: it appends to files an "include" instruction that refers to main virus code. The virus infects .PHP, .HTML, .HTM, .HTT ... 2. Virus.PHP.Pirus This is the first known virus infecting PHP script programs (Hypertext Preprocessor scripting language, see http://www.php.net for more details). It was discovered in October 2000. When the virus is activated, it looks for all .PHP and .HTM files in... 3. Virus.PHP.Virdrus This is one of the few currently known viruses which infect PHP (Hypertext Preprocessor scripting language) script programs. The virus only operates in systems that have PHP-interpreter installed. When launched, the virus searches the current direc... One of the latest viruses in the wild right now is Trojan-Downloader.Win32.Small.chq April 2006The Trojan program downloads files via the Internet without the user's knowledge or consent. The Trojan itself is a Windows PE EXE file 27648 bytes in size, written in C++ and packed using UPX. The unpacked file is approximately 73KB in size.Or there is Trojan-Clicker.JS.Agent.d written in JS. March 2006Once the user opens an infected web page, JavaScript checks for cookies containing the string "seen_search_pops". If such a cookie is not found, the Trojan changes the Internet Explorer start page to http://www.netster.com.Portions of this content is Copyright 1997-2006 Kaspersky Lab. All rights reserved.I recommend you start handing out shovels with your posts.

[Dan D]

There are various web sites that describe restoring the default settings of IE5, such as this one which I found with this Google search. Dan

[Cluttermagnet]

It depends... Who is to say if the 3rd party utility companies will will continue support for 98 and for how long?Your plan may work until 3rd party support dries up.As to files that auto execute- typically one must open the file

Thanks. Well, that's pretty much what I figure. It will take a while, but eventually, 3rd party support will indeed dry up. So far, lots of good companies like Alwil (Avast!) and Zone Labs (Zone Alarm) are still supporting the OS. But at some point you essentially do become a sitting duck and the game is up. I do not believe, however, that cessation of Win98 support by Microsoft is in and of itself a death sentence. I intend to keep running 98SE cautiously, conservatively, for a while longer. Perhaps 5 percent or so of netizens still do. It's a diminishing pool. I need to learn my way into Linux. That's my out. Yes, a late version of Linux. Heh!

There are various web sites that describe restoring the default settings of IE5, such as this one which I found with this Google search. Dan

Thanks LilBambi and Dan D. Both good resources. I will figure out this little problem and get my IE5 running again. I'm thinking seriously of upgrading to IE6 later and seeing how that goes. I do have it on one of my slower machines that I have out on loan right now, and that box seems to basically behave with it installed. Might as well do so, so I can maximize my patching of the OS. As time passes, it will become more a matter of both luck and caution as to whether one can successfully avoid attack. I try to keep a low profile...

[lewmur]

Talk about your FUD...So there is no such thing as Script Viruses? Like those written in VBS, PHP, INF, JS, HLP.VBS

I'm not the one trying to implant Fear, Uncertainty and Doubt in the minds of those that don't run M$'s latest and greatest. And I did NOT say that ALL malicious code was assembly. The simplist one is a .bat file that says "format c:." But you still have to get someone to run it.

[Cluttermagnet]

At last- the answer to all my problems.

[lewmur]

not everybody wishes to spend their money on current hardware & os's. circumstances may prevent others.

It need not even be a question cost. Iv'e had an Action Pack subscription for years and have several copies of XP Pro, SBS 2003, Server 2002 and XP Media Edition sitting around gathering dust. I am running XP Home on a laptop but my main machine, with plenty of horsepower for XP, still runs W2K Pro. And the only reason it isn't running Win98SE is that I can't find Win98 driver for a couple of the cards I'm using. Of course it also has several Linux distros on it but I also have problems with Linux as a workstation solution.My problem with XP is that, as a workstation, its file access from servers is slow as molasses going uphill in January. That and the fact that it is a major resource hog.