Jump to content
Sign in to follow this  
Cluttermagnet

Patching Win98

Recommended Posts

epp_b

Scary!

Share this post


Link to post
Share on other sites
Cluttermagnet

OK, two threads going here. Regarding IE, Bambi- it's 5.0.2614.3500, that comes stock with 98SE, and despite trying all the little tricks you mention, I have failed to make the (new) active x warning windows go away. Also I get a redirect and get shunted to some stupid page telling me about needing an admin, etc. *Yes, I had been to the update site with it recently and downloaded patches.* Now I've screwed it up. As I said, it's not the end of the world as I can use any of several other machines to run IE5 and download patches. But I'd like to repair this copy of IE if I can. No, I'm not 'trying' to upgrade to IE6 per se, I'm looking prospectively at whether I'd ever want to or not- whether it's worth it or not. At this point I have no intention of doing so. I do have on hand all the downloaded IE6 install files from Microsoft, plus all but the most recent IE6 patches, which include the latest IE6 cumulative patch, among others.BTW I suppose I could fix it by refreshing my 98SE install over itself. That is kind of a blunt instrument, but probably would work. I'm just trying to finesse it a little. Seems a waste of time, but I probably should learn what I've screwed up and fix it myself. Would appreciate a little help, however. Heh!Regarding the state of the art in infections, that is chilling but not altogether unexpected news. I don't know near enough about how such beasties would work. Usually any executable requires some sort of human intervention at some point, even if it is simply to initially download the thing from a remote server to set things in motion. But have they reached the point that they have become 'self-executing'? I'm not sure I even understand what I'm asking. Can your data files become contaminated such that just by copying those files or folders, you cause the execution of malicious code? Because obviously if that is so, the entire concept of 'computer security' becomes pretty much moot- and obsolete. It wouldn't matter one whit which particular platform and software you're running, at that point.Last thought- it is obvious that *if one imaged an infected hard drive, one would reinstall an infected copy of an OS + utilities + files.* My assumption is that it is still possible to build a non-contaminated fresh installation in the first place. Assuming one can still do that (and I figure you still can), then the question is whether imaging is truly enough 'security' in the present threat environment. And of course that question definitely "depends" on your platform and OS and such, obviously- but it *also* depends greatly on one's habits so far as internet use. So, getting back to the imaging question, my inquiry remains mostly unanswered- can any present known threat survive imaging if the image restored is truly clean- known clean, not infected? Can it hide in the boot sector and re-emerge? Can it burrow down into ordinary text or graphics files and then somehow self-execute? Without any operator intervention? If so, especially if it can hide in and strike from our data files, then we're all cooked.If you get rootkitted, and you wipe that OS and reinstall a fresh, clean image, you don't have that rootkit any more. Just so long as your image truly *is* clean! *And* if there is no way for the infection to then reinstall itself. Which goes to the heart of my question.

Edited by Cluttermagnet

Share this post


Link to post
Share on other sites
Marsden11
So, getting back to the imaging question, my inquiry remains mostly unanswered- can any present known threat survive imaging if the image restored is truly clean- known clean, not infected? Can it hide in the boot sector and re-emerge? Can it burrow down into ordinary text or graphics files and then somehow self-execute? Without any operator intervention?
It depends... An example that may or may not apply to your situation. You do a clean install and you install all your updates including the latest definations for your AV program. Let's say you are using Norton 5. You can't use Norton 6 because it will not run on 98. Your clean install and thus clean image depends on the most current updates for your OS and AV definitions you can start with. What happens when Norton no longer puts out definitions for Norton 5? Who is to say if the 3rd party utility companies will will continue support for 98 and for how long?Your plan may work until 3rd party support dries up.As to files that auto execute- typically one must open the file; either by playing a audio file, viewing an image, unpacking a zipped file, or reading a text file. Your AV protection is only as good as your definations. You could still be nailed by a new virus that enters the wild before your definitions are updated.I have never said upgrade only to a newer windows version. I have said move forward to ANY current OS.

Share this post


Link to post
Share on other sites
Guest LilBambi

Clutter, you might want to check this Microsoft page:http://support.microsoft.com/default.aspx?...kb;en-us;249191Don't let the title throw you, it's the forcing of the repair command itself that I am hoping you can do.

Click Run on the File menu in File Manager, and then type the following command:rundll32 setupwbv.dll,IE5Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"

But some of the other info might come in handy for anyone using an older version of IE at some point.

Share this post


Link to post
Share on other sites
lewmur
1. Yes. (Remember a drive image is a snapshot of every bit. Imaging software does not remove bad bits).
BS. Not if the image was un-infected. There would be no point in making an image of an infected partition. Pure FUD.
Yep
More FUD!!! ****** near all malicious code is written in assemlby and always has been. You still need to have it execute in order to do any damage. That was the problem with ansi.sys clear back in the DOS era.

Share this post


Link to post
Share on other sites
Marsden11
More FUD!!! ****** near all malicious code is written in assemlby and always has been. You still need to have it execute in order to do any damage. That was the problem with ansi.sys clear back in the DOS era.
Talk about your FUD...So there is no such thing as Script Viruses? Like those written in VBS, PHP, INF, JS, HLP.VBS1. VBS.Rabbit.c This is a virus written in Windows Script language, and it is the first known virus of this type, appearing in October 1998. This virus is quite simple - just over 10 commands. It just searches for other script files in the current directory and ove... 2. Virus.VBS.AVM WinScript.AVM is a family of parasitic viruses written in Windows Script language. To replicate themselves they use File System Object (FSO). When run, the viruses locate the host file name, read the file contents, locate their body, search for all ... 3. Virus.VBS.Freelink This is a worm written in Visual Basic Script language (VBS). This worm spreads via e-mail and IRC (Internet Relay Chat) channels. Being executed, the worm script creates a new script file "RUNDLL.VBS" in the Windows system folder, and modifies the s... 4. Virus.VBS.FriendMess This dangerous Internet worm is written in Visual Basic Script language. For spreading, the worm uses MS Outlook 98/2000. If another mailer is used, the worm is not able to spread, but runs its payload routine (see below). The worm arrives to a c... 5. Virus.VBS.GaScript VBS.GaScript is an Internet worm and script virus made with the help of the the virus script construction program Gate Script. The virus and worm code were both written in Visual Basic Script (VBS). The Gate Script program facilitates the building ... 6. Virus.VBS.Hard This is an Internet-worm written in Visual Basic Script language (VBS). It spreads using MS Outlook Express. This worm spreads via e-mail by sending infected messages from infected computers. While spreading, the worm uses MS Outlook Express and ... 7. Virus.VBS.Infi This is a virus written in Visual Basic Script (VBS). When launched, it copies itself to C:\SysPatch.vbs and registers it in the Windows registry auto-start area. Then, the virus searches all available drives for files with the extension "VBS," and ... 8. Virus.VBS.KL-Demo This detection covers files which are designed to check the functioning of antivirus programs. They contain no malicious code, and do not present any threat to systems.... 9. Virus.VBS.Lanus This virus is written in Visual Basic Script (VBS) language and encrypted (it is a VBE - Visual Basic encoded script). When activated, it searches for files with .html and .htm extensions and infects them by writing its code to the top of file. The... 10. Virus.VBS.Mcon.b This worm spreads via networks, scanning them for accessible IP addresses and copies itself to them. Being activated, the worm copies itself into the Windows fonts directory using the name "ttfload.vbs", and modifies the system registry to execute t... 11. Virus.VBS.Monopoly Another Melissa-like worm. It spreads through e-mail using MS Outlook client. The main difference between the two worms is this one is written in Visual Basic Script instead of MS Office macro-language. Most of its code is encrypted to make analysis ... 12. Virus.VBS.Rabbit.a This is a virus written in Windows Script language, and it is the first known virus of this type, appearing in October 1998. This virus are quite simple - just over 10 commands. It just searches for other script files in the current directory and ove... 13. Virus.VBS.Rabbit.b This is a virus written in Windows Script language, and it is the first known virus of this type, appearing in October 1998. This virus are quite simple - just over 10 commands. It just searches for other script files in the current directory and ove... 14. Virus.VBS.Redlof.a VBS. Redlof is written in Visual Basic Script (VBS) and encrypted as VBE (Visual Basic encoded script). On first being run, it creates a file with its executable code in the Windows system directory under the name Kernel.dll. The virus also creates ... 15. Virus.VBS.Sling The virus is written in Visual Basic Script (VBS). The body of the virus is approximately 2.5KB On launching, the virus searches for files with the extension .vbs and .vbe on all accessible disks and infects them. If the date is 16th June or 16th ... PHP Hypertext Preprocessor Viruses1. Virus.PHP.Neworld This is script virus written in PHP scripting language. It uses the same infection technology as first known PHP virus PHP.Pirus: it appends to files an "include" instruction that refers to main virus code. The virus infects .PHP, .HTML, .HTM, .HTT ... 2. Virus.PHP.Pirus This is the first known virus infecting PHP script programs (Hypertext Preprocessor scripting language, see http://www.php.net for more details). It was discovered in October 2000. When the virus is activated, it looks for all .PHP and .HTM files in... 3. Virus.PHP.Virdrus This is one of the few currently known viruses which infect PHP (Hypertext Preprocessor scripting language) script programs. The virus only operates in systems that have PHP-interpreter installed. When launched, the virus searches the current direc... One of the latest viruses in the wild right now is Trojan-Downloader.Win32.Small.chq April 2006The Trojan program downloads files via the Internet without the user's knowledge or consent. The Trojan itself is a Windows PE EXE file 27648 bytes in size, written in C++ and packed using UPX. The unpacked file is approximately 73KB in size.Or there is Trojan-Clicker.JS.Agent.d written in JS. March 2006Once the user opens an infected web page, JavaScript checks for cookies containing the string "seen_search_pops". If such a cookie is not found, the Trojan changes the Internet Explorer start page to http://www.netster.com.Portions of this content is Copyright 1997-2006 Kaspersky Lab. All rights reserved.I recommend you start handing out shovels with your posts.

Share this post


Link to post
Share on other sites
Dan D

There are various web sites that describe restoring the default settings of IE5, such as this one which I found with this Google search. ;) Dan

Share this post


Link to post
Share on other sites
Cluttermagnet
It depends... Who is to say if the 3rd party utility companies will will continue support for 98 and for how long?Your plan may work until 3rd party support dries up.As to files that auto execute- typically one must open the file
Thanks. Well, that's pretty much what I figure. It will take a while, but eventually, 3rd party support will indeed dry up. So far, lots of good companies like Alwil (Avast!) and Zone Labs (Zone Alarm) are still supporting the OS. But at some point you essentially do become a sitting duck and the game is up. I do not believe, however, that cessation of Win98 support by Microsoft is in and of itself a death sentence. I intend to keep running 98SE cautiously, conservatively, for a while longer. Perhaps 5 percent or so of netizens still do. It's a diminishing pool. I need to learn my way into Linux. That's my out. Yes, a late version of Linux. Heh!
There are various web sites that describe restoring the default settings of IE5, such as this one which I found with this Google search. ;) Dan
Thanks LilBambi and Dan D. Both good resources. I will figure out this little problem and get my IE5 running again. I'm thinking seriously of upgrading to IE6 later and seeing how that goes. I do have it on one of my slower machines that I have out on loan right now, and that box seems to basically behave with it installed. Might as well do so, so I can maximize my patching of the OS. As time passes, it will become more a matter of both luck and caution as to whether one can successfully avoid attack. I try to keep a low profile...

Share this post


Link to post
Share on other sites
lewmur
Talk about your FUD...So there is no such thing as Script Viruses? Like those written in VBS, PHP, INF, JS, HLP.VBS
I'm not the one trying to implant Fear, Uncertainty and Doubt in the minds of those that don't run M$'s latest and greatest. And I did NOT say that ALL malicious code was assembly. The simplist one is a .bat file that says "format c:." But you still have to get someone to run it.

Share this post


Link to post
Share on other sites
Cluttermagnet
formatc.jpg At last- the answer to all my problems. :thumbsup: B)

Share this post


Link to post
Share on other sites
Temmu

should i keep an old os?i wanted to preserve my knowledge of dos & win 3.1, and the os's themselves, as i figured others would need help with those os's.so, years ago, i had ftp-downloaded probably 2/3 of the ms kb articles for dos before circumstances caused a long break in that project. after that break, i thought about it, win 95 had been out for a year, dos and win 3.11 was probably soon to become not only obsolete, but unused by the majority.i could've resumed the ftp kb project, kept the 8086 & 80286 machines. but it would have been for museum pieces, not for something exposed to real world threats. i abandoned the project and got rid of several old pc's and an old mac too.======if the only hardware i had ran only win 98 and couldn't run xp, or i couldn't get a copy of xp, then of course i'd run with what i had. (i had a pentium pro 200mhz w/128mb of ram running win 2k for the longest time.)======not everybody wishes to spend their money on current hardware & os's. circumstances may prevent others.

Share this post


Link to post
Share on other sites
lewmur
not everybody wishes to spend their money on current hardware & os's. circumstances may prevent others.
It need not even be a question cost. Iv'e had an Action Pack subscription for years and have several copies of XP Pro, SBS 2003, Server 2002 and XP Media Edition sitting around gathering dust. I am running XP Home on a laptop but my main machine, with plenty of horsepower for XP, still runs W2K Pro. And the only reason it isn't running Win98SE is that I can't find Win98 driver for a couple of the cards I'm using. Of course it also has several Linux distros on it but I also have problems with Linux as a workstation solution.My problem with XP is that, as a workstation, its file access from servers is slow as molasses going uphill in January. That and the fact that it is a major resource hog.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...