Anti-malwares programs running under Win98SE ??

Discussion in 'malware problems & news' started by Ashanta, Feb 24, 2015.

  1. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Hi,

    I'm looking for a good anti-malware working on win98SE. This is for an old infected laptop that I have. The keyboard is blocked, it's very hard to reach the Safe Mode. I can't shutdown properly, when opening a notepad, it's automatically filled all the lines with the hyphen key.

    Thanks in advance.
     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Might not be malware - I suspect the keyboard is broken. I've had stuff like that happen to laptops before, and it really does mess things up.

    I'm curious though, what do you want Windows 98SE for? FYI Windows 7 (32 bit) can run most legacy applications very well, and usually with better stability than legacy Windows versions. If you have legacy programs you want to run, I would recommend looking into that, and sparing yourself the crashes...
     
  3. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Do you think that when opening a notepad, it's automatically filled a few lines with the hyphen key. The same occurs if I make a search or wanted to run a program (Start, Run or Start, Find) the hypen keys is automatically activated so that I can't write anything neither even deleted it. If I open Explorer and click with the mouse on a folder, somethimes, this occurs also. I don't thinks it's due to a broken keyboard.

    I've just run a few standalone anti-malwares programs to check if my laptop is really infected as I guess. Anyway, I have a few data that I wanted to recover, but I'd like to firstly check they are free of malwares.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  5. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Thanks J_L, but the point is that I can't choose any options as the keyboard is blocked, only the mouse is ok. The idea I had was to run little programs like Rkill, combofix, gmer from the USB pen drive but unfortunately, they are not compatible with win98.

     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Those programs work outside of Windows. Just burn them into a disc or usb drive on another computer, boot from it, and scan.
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    This does not sound like malware. If not the keyboard itself, possibly a driver problem. Does this laptop have either a floppy or CD drive? If all you're after is recovering some files, try booting it with a DOS floppy or CD. A live linux CD would also work. If the problem still exists when booting from one of these, it's a keyboard problem.
     
  8. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    I know how the rescue disk are working, but as I told you I can't use my keyboard to choose options for the scan or even to execute the scan. Thanks anyway.

     
  9. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    I already tried to remove the driver then restart, after detecting new harware, I installed again the same driver, but this not was fixed. I never changed the keyboard driver, it's always the same.

    I have both floppy disk and CD drive. The floppy disk, I'm not sure it's still working as it didn't boot with my boot disk for win98.

    I will try with a live linux cd, nice recommendation, thank you


     
  10. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    After a few attemps, I did well to enter into Win98. And I had the idea to restart on MSDOS. It worked, I ran scanreg/restore, and I choose the oldest restoration. I restart, and all the errors disappeared. I could use my Keyboard !!! It was too lovely until I noticed that internet connection failed with my ethernet cable. So, I decided to check the Network Settings, while modifying the DNS to set up automatically and also detect automatically ip detection. The hypen key appears replaced by itself the dns, like this ---------- instead of the appropiate dns. After that, I reboot and all the old problems with this issue came back again.

    I decided to deleted today's cab file (restoration file) but every time I start Win98, it comes again with the bad restoration.
    How can I force at start up to have the choice to choose the one cab I wanted again ?
    I'd like that the scanreg/restore window appeared again at start up and be able to choose again the right restoration.

    PS: I tried 2 or 3 times to restart on MSDOS, but it didn't do it.

    THis proof that is not a keyboard problem, but a malware or a rootkit or something like that.
     
  11. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi, if you can remove the drive & connect it to another PC, you could then scan it with tools from there.
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If you only need to recover files from it, I'd remove the existing keyboard driver, hook up a USB keyboard, then transfer the files to a USB stick. If you want to continue using the laptop, I'd take note of the drivers it needs, download them with another PC and reformat it.
     
  13. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Yes, I know about this, but at this moment I don't have an external case with 42 pins (old hdd).

     
  14. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Yes, but I need to buy an USB keyboard.

    After writing my post on today, I succeeded with the keyboard again (after a few more attemps on start and shut down win9:cool:. I restarted with Command Prompt option, then I was writing a few instructions to reset my registry and copy files system.da0 and user.da0 to system.dat and user.dat, and again, the hyphen key was filling automatically the line, no way to remove it. That's why I'm pretty sure about a malware. It appears if I select a folder, if I open a file (ini file for ie) with Notepad, when I unzipped a file, if I type something on 'Run', ...

     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If you can get back to safe mode, use MSCONFIG and enable selective startup. Disable everything listed, reboot and see if the keyboard works. Re-enable each group one at a time until you find the one causing the problem. Repeat the procedure for each item in the problem group. You should be able to narrow it down to the offending item. IMO, this still points to a driver problem, not necessarily the keyboard driver.
     
  16. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    I already tried it, I succeed in booting properly my laptop, but the hyphen key issue was alive.

    At this moment, accidentaly, I'm installing a linux rescue cd. Yes, because what I wanted is to turn the demo, in order to simulate a linux OS. I didn't see the two options when I insert the cd. Now, it's installing a linux version, Ubuntu 11. I suppose I will lost some datas. Anyway, I can tell you during loading this cd, the hyphen key appeared again to modify any instructions, but hopefully, it's not dangerous, only like visual issue.

     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Did I read this correctly, you are installing a linux rescue CD by accident? If you didn't instruct the installer to create a separate partition for linux and to leave the Windows partition alone, you will likely lose all of the data on that hard drive. Did this laptop originally have Win 98 installed? If so, it will probably have insufficient RAM and processor power to run Ubuntu well.

    If the hyphen key is still a problem with Ubuntu, malware from Windows is ruled out. the only possibilities left are the hardware or keyboard itself, firmware, or possibly the BIOS.
     
  18. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Fortunately, it didn't installed Ubuntu.

    You said that 'malware from Windows is ruled out', the hyphen key appeared when loading the rescue linux cd, I aborted this installation demo. So that, I didn't install it. Hyphen key appeared during the loading drivers for linux. Are you sure about your sentence ?
     
  19. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    I've just re-read one of my previous post and I noticed that I made a mistake.

    I'ven't run any standalone anti-malware programs. I wanted to say that I wanted an anti-malware program instead. Thanks for your understanding

     
  20. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Some live CDs use a hyphen or an underscore as a progress indicator. If the hyphen issue is still present after you boot to (not install) a linux CD, it's a hardware or firmware issue. Windows malware doesn't run on linux. I suppose that it is remotely possible for the firmware or BIOS to be compromised, but the age of that laptop makes this unlikely unless you've been targeted by a government agency. Those things weren't in circulation back then.
     
  21. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    This is a Compaq Armada E500, very old. I already checked on the Device Manager, but there is no yellow exclamation mark next to a device. All is ok.
    Do I need to enter into the bios ? I tried also but I couldn't enter.
     
  22. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That could get tough without a functional keyboard. You might be able to get to the BIOS by continuously tapping the key from the moment it begins booting. I'd be surprised if this could be fixed with a BIOS setting, but you might be able to disable the built in keyboard from there. Even then, you'd still need another keyboard. I'd try a live CD again just to rule out malware and corrupt Windows drivers. Puppy would be light enough to function decently on hardware that age. An old version of Knoppix would likely work as well.
     
  23. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    I tried again and I found that config.sys and autoexec.bat are the culprit of my shutdown and restart troubles. When disabled both, I haven't troubles except the keyboard.

    Is that normal that for the config.sys, I only have 2 lines written and it referred to country.sys and display.sys files. I also have 2 lines for the autoexec.bat. Maybe these 2 files are corrupts, what do you think about it ? Let me know if you need more details

     
  24. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    On 98SE, both autoexec.bat and config.sys are standard text files. Those files were much more complicated up to 98FE when most of the boot configuration was contained there. If the files are readable, they're fine. The files that they load could be corrupt or possibly missing. Individual entries in each file can be disabled by adding "rem " at the beginning of the line. Starting with 98SE, these files are used to load additional items. They aren't directly required for the system to boot. The files you named are for languages other than english. Check to see that they are present at the locations specified in config.sys. The usage for autoexec.bat varies widely, depending on what you have installed. You may have better results with the keyboard problem by disabling individual options under system.ini or the startup group.
     
  25. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Please check my

    autoexec.bat:
    mode con codepage prepare=((850) c:\windows\command\ega.cpi)
    mode con codepage select=850

    config.sys
    device=C:\WINDOWS\COMMAND\display.sys con=(ega,,1)
    Country=033,850,C:\WINDOWS\COMMAND\country.sys


    That's the only 2 lines I get. I keyboard.sys is missing in the autoexec.bat

    Could you please tell what do I need to add on both files ? I will try it and hope it will be fixed.

    PS: YES, these files are present on the command folder.

    I found a few keyboard files on this folder: keyb.com, keyboard.sys, keybrd2.sys, keybrd3.sys and keybrd4.sys
     
Loading...