Win32: Klez-H problem

[DavidR]

Co-incidence or not, an invalid page fault is usually switching between RAM and virtual memory, swap file and a page (a block of memory) that was expected is no longer there.

A google search for returns many hits, here are a few. http://www.computerhope.com/issues/ch000222.htm

Bad Memory, invalid bits or physically bad memory:

    It is possible that bad memory can cause Illegal Operations. If you have recently added memory to the computer it is recommended that it first be removed to verify that you are not experiencing conflictions with the recently installed memory.

    If no memory has been recently added to the computer it is recommended you follow all other steps found on this page before replacing the memory within the computer. 

http://support.microsoft.com/kb/q286180/
http://www.aumha.org/win4/kbeipf.php

Personally I wouldn't worry about trying to repair what is in the chest as it isn't going to resolve anything as Klez doesn't appear to be on your system otherwise it would be detected.

[Lohengrin]

Sorry for the delay in my reply but I've been trying to sort through this mess. I uninstalled Avast and reinstalled it again, and did a full scan which found several malware. I don't know what happened to the Klez worm that was in the Virus Chest when I removed Avast but it wasn't picked up in the scan I did today. The scan found a total of 4 malware, all of which was moved to the Virus Chest.

At this point IE works but has the occassional hang up, which I'm not sure is caused by malware, damaged files, or the lack of updates from when I reinstalled the OS the other day. I'm not sure what to do there. Scratch that, I just checked IE again and it's not loading any other page apart from the home page

OE still comes up with that msimn error. I did the system back up from the abf-soft program Polonus gave me but I'm not quite sure what to do next. Should I do the restore this abf-aoft program has or isn't that going to fix the error?

The last part is MSN Messenger, but I guess I should be able to just reinstall that and it'll work right. Is there anywhere I can get the older version of MSNM? I prefer version 7.0 Also, will me contacts list and message history be saved if I remove MSNM and reinstall it?

Also, certain icons  in my system tray seem to dissapeer after I run a scan. When I scroll over them they show the pop ups telling me what programs they are but the icons have been removed.

Sorry for all the questions, but I'm just trying to get out of this mess. I'm not sure if Polonus and DavidR are still reading this thread but I could use your help.

[polonus]

Hallo Lohengrin,

Well Polonus is reading the thread sure thing, and is considering a Winsock repair. Maybe you can also post a HijackThis log here, to be evaluated: http://www.hijackthis.de/

The winsock repair can be found here, with the documentation, and how to run this fix: http://cexx.org/lspfix.zip

In the meantime we ask the Walkyries to be favourite to our Lohengrin once again,

polonus

[DavidR]

The chest and its contents will be removed on an uninstall.

Since I don't use MSNM I can't say for sure but I would have though an uninstall would or should clean everything, unless it leaves settings, etc. in the Documents and Settings folder under your user name. Is there not a means of backing-up or exporting your contacts/history in the program.

[Lohengrin]

Polonus: I ran the HijackThis program and got a log file. I did a test on the log file which can be seen here:

http://www.hijackthis.de/logfiles/7ddd1ff52ce002ed64e484ed2006935e.html

The only thing it found classed as "Nasty" was some adware belonging to a Gaming Portal that I use that has never given me any problems before. It also found the following:

"O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing"

I then ran the LSPFix exe and it found the same problem. Xfire is a program I no longer use so I chose the "remove" option and rebooted. I checked my IE but it still won't go to any other sites other than the home page.

I had a look at the instructions but have no idea what I am meant to do with the LSPFix-Source folder though.

DavidR: If the Chest and it's contents are also removed with an uninstall do you have any idea what happened to the Klez worm it found a few days ago? Because I did a full system scan today and it didn't find the Klez worm again.

MSNM could probably be fixed with a reinstall, but to be honest my main concern is getting IE and OE fixed right now. Is there a repair option for the 2 programs? If not, can I reinstall them from the internet or something?

[Lohengrin]

Okay, I tried uninstalling / reinstalling MSNM v7.0 and I still can't log in. I clicked on "Help" on the "log in failed" window, IE launched and I found myself able to browse various sites (yet it won't do this when I start IE and try to go beyond the home page).

So I thought I'd try a windows update and got the following message:

"Software Update Incomplete

The Windows Update software did not update successfully. Below are some suggestions to help you proceed:

You may have clicked No when prompted to accept the Trust Certificate. To allow the Windows Update site software to install, click Yes when presented with the Security Warning dialog box.

Your Internet Explorer security settings may be set too high. To install the updated software and access Windows Update, Internet Explorer security must be set to medium or lower, and active scripting and the download and initialization of ActiveX controls must be enabled."

Now, I didn't click "no" to any trust certificate and my security settings are at medium, so something else must be wrong. I know Microsoft is going to stop updating 98SE but have they stopped providing previous updates as well?

It's frustrating that I am apparently virus / malware / spyware free, yet I'm still having these problems. I don't know what to update first (windows, IE, OE) or whether I should reinstall windows again (would that remove the malware from quarantine?). 

[Spiritsongs]

   Hi Lohengrin :

      Get that GameSpy OFF your computer !! It is nothing but
      potential trouble IF not trouble. Quite a while ago I had
      the misfortune of going to it from a Bridge program &
      discovered it is nothing but trouble .
      As far as major company IM's are concerned, Yahoo is the
      safest; I have "disabled" my MSN IM .
      I believe there are no more Updates for Win 98 .

[polonus]

Hi Lohengrin,

Thjs could be the solution to your problems now:
http://exuberant.ms11.net/98sesp.html

At the bottom are the versions in other languages: german etc.

I had the unofficial 98SE on a comp, give you the ME icons, USB drivers et.al.,
worked as a charm. Originally produced by a Turkish developer.

The KB918547.EXE on your comp is OK, a M$ update essential for protection.
Remove GameSpy like Spiritsongs says. Here are the removal instructions,
also if you wish to do it manually:
http://www.securemost.com/articles/rm_gamespy_arcade.htm

polonus

[DavidR]

DavidR: If the Chest and it's contents are also removed with an uninstall do you have any idea what happened to the Klez worm it found a few days ago? Because I did a full system scan today and it didn't find the Klez worm again.

It is gone, the only location it was after it was detected and avast moved it to the chest was the chest (it was moved [copy and delete effectively] from its original location). The uninstall deleted the chest so it is gone.

[Lohengrin]

Okay guys thanks for the replies, I'll keep you updated on the never ending story

Polonus: I'll try the 98SE update and see if it works.

I had a question about the Winsock repair that I mentioned in my previous post. I ran the LSPFix exe and it found an Xfire program I no longer use so I chose the "remove" option and rebooted (I hope this was the right thing to do).

There was another zip file called "LSPFix-Source" though with 2 other exe programs in the folder. Do I need to  use these as well? The instructions didn't tell me what they were for or whether I need to use them.

The programs / files included:

Icon
Icon-small
LSPFix.bpr
LSPFix.cpp
LSPFix.res
Unit1.cpp
Unit1.dfm
Unit1.h

[polonus]

Hi Lohengrin,

No source is source. I think the unofficial service pack will get you out of the woods here.

polonus

[Lohengrin]

Okay, I tried the unofficial update and it didn't do any good. The first problem was that I got several messages during the installation asking me if I wanted to replace current newer files with older ones on the update (I selected no).

Then I went to reboot and it got to the desktop and said there were errors with the registry and that I needed to reboot for Windows to correct them. I did that and it went into the Registry Checker blue screen, saying that I had installed over a good registry and asked me to reboot. The same Registry Checker screen kept coming up and after about 6 reboots I decided to reinstall the OS again (it said that's the only way to get rid of the updates), and removed the updates once I got to the desk top.

After all that I managed to be able to connect to the internet again (via Firefox) and give you this little update. What I'd like to do is get something like System Works that can go through my system and fix any registry problems. Do you know of a good program for this? (I don't have $100 to buy System Works).

Once I've done that I'll reinstall the Bigfix program I have and let it scan for all 98SE updates. I don't know if it will find everything I need, but it's worth a try.

Then I'll reinstall I.E. from the MS site and get it to the correct version so that hopefully MSNM will work.

What do you think guys?