Win98 processes question

  • Thread starter Thread starter Vanessa S.
  • Start date Start date
V

Vanessa S.

My dad in running Win98 on a dial-up connection and has been complaining
about slow web-browsing. Unfortunately, he has no choice about the dial-up
since he lives in the boonies (can't afford satellite). One of the things I
asked him to do is ctrl-alt-delete after the computer had been running a
while. He had about 10-11 processes running, most of which I can identify.
However, one of them is SYSTEM. I also run Win98 and do not have this
process running, the closest I come is systray. So I searched on the
internet and found a couple of sites that say this could be a trojan.

He runs NAV which updates automatically and he does a full scan once a week.
Everything has come up clean. He has run both AdAware and SpyBot and
deleted everything they found. He does not have a firewall installed. Now
what?

How do I have him determine if it is a trojan? If it is, how does he get
rid of it?
 
My dad in running Win98 on a dial-up connection and has been complaining
about slow web-browsing. Unfortunately, he has no choice about the dial-up
since he lives in the boonies (can't afford satellite). One of the things I
asked him to do is ctrl-alt-delete after the computer had been running a
while. He had about 10-11 processes running, most of which I can identify.
However, one of them is SYSTEM. I also run Win98 and do not have this
process running, the closest I come is systray. So I searched on the
internet and found a couple of sites that say this could be a trojan.
Click to expand...

Did you notice there are a number of Trojans that use the file name
SYSTEM.EXE? Here's just one description you find when Googling the
phrase system.exe Trojan:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.c.html

Can you manage to match one of the descriptions with the registry
entries given? Do you have confidence in removing registry entries?
Has he killed the system.exe running process? Deleted the file in Safe
mode?
He runs NAV which updates automatically and he does a full scan once a week.
Click to expand...

And he hasn't noticed that the update function isn't working? Notice
that some of these Trojans disable the update feature.
Everything has come up clean. He has run both AdAware and SpyBot and
deleted everything they found. He does not have a firewall installed. Now
what?
Click to expand...

Why doesn't he use a firewall?
How do I have him determine if it is a trojan?
Click to expand...

Seems it is.
If it is, how does he get
rid of it?
Click to expand...

Try to disable the Trojan manually per the suggestions I've given. As
a bare minimum, delete the system.exe file. Then have him update NAV
and do a scan. He could also try the Sys-Up download from my web site.
See what Trend's Sysclean finds and cleans (in Safe mode).


Art
http://www.epix.net/~artnpeg
 
Back
Top