[Ham-Computers] RE: Help with Win 98

[Hsu, Aaron (NBC Universal)]

Brian,

Sounds like it may be fixed as it's booting again, but I would still dig
further to find out what was causing the problem.  Scandisk and Defrag
*might* fix some issues, but the type of problem you were reporting isn't
the type that these utils normally fix.  Here are some thoughts...

If a dialer is starting, then some app is looking for a network connection -
Windows 9x/2K/XP has the ability to auto-dial a connetion if no other
network connection is currently available.  This is set in the Internet
Options control panel (aka the Internet Explorer control panel) under the
"Connections" tab.  If a dial-up "connectoid" is configured in the Windows,
it'll be listed in this tab.  Under the list, there are three options,
"Never dial", "Dial if no connection present", and "Always dial" (not word
for word).  If #2 or #3 are a selected, then Windows will initiate a dial-up
connection whenever an application needs network access and no other network
access method is available.  Malware and Virii will trigger the dial-up
connection if they are trying to "phone home".  Since you found trojans, I
suspect that one or more of these triggered the dial-up box.

You mentioned that you found 29 trojans using AVG.  Considering the state of
the system, I would also run a thorough sweep for malware (spy and/or
adware).   Unfortunately, no one anti-malware application catches all
malware, so you can only do as best as you're able to with the tools you
have (and experience).  It use to take me 4 to 6 hours on a system to do a
full malware sweep "by hand".  I can now get it done in about 2 hours or
less as long as I have a 'net connection to look-up "unknown" apps/tasks.
This is just using HijackThis and no other utilities.  In the past, I
sometimes used Spybot and Ad-aware, but I've found that I can now find most
everything faster manually and by using HijackThis.  Another application I
use is Process Explorer by Sysinternals.  It's a task list manager that
includes additional information such as the path and command-line options
that were used to launch the app/task.  You can find it and other great
*FREE* utilities at sysinternals.com.

As to KERNELS32, are you sure of the spelling (with the "S")?  Also, what is
the extension?  "KERNEL32.DLL" (no "S") is the "core" of the Windows
operating system(s).  However, there are malware and virii that launch tasks
with a similar name in order to disguise themselves.  If you have
"KERNELS32" (.exe or .dll), "KERNEL32.EXE", "KERNEL32.COM", or any other
variation of KERNEL32, then it's most likely a virus or malware.

And, a typical home computer user will never learn to keep their computers
well protected (well, almost never).  Most people are unaware that their
systems are infected, let alone vulnerable.  They believe that their
computing habits alone will protect them.  Typical comments are, "I never
visit "adult" sites, or "I only use my computer for e-mail".  What they
don't realize is that their systems are vulnerable JUST BY BEING ON THE
INTERNET (especially with vulnerable operating systems and browsers)!  Even
worse, many of the pop-ups advertising anti-spyware, anti-virus, and
any-pop-up applications are in and of themselves spyware, adware, or pop-up
applications.  But the typical user will not know this, and, being barraged
with pop-ups/spyware/adware, will plunk down $$$ to try something that
advertises as such.  Some people are lucky in that they know someone at
least someone knowledgable about virii/malware.  Other, more resourceful
individuals, will pick-up a reputable magazine, and find info about
applications that really work.

Expounding on "knowing someone knowledgable..." - You'd be surprised at how
many computer "people" don't know a thing about spyware/adware/virii
(finding, fixing, or preventing).  There are many facets of computing and
most people are "users" - this includes computer salespeople, data entry
ops, even programmers and IT/IS instructors (who typically come from a
Programming background).  You need to ask the right type of computer person
how to find/fix/repair/prevent problems.  A typical "programmer" (aka
"developer") is trained to write business programs for a "larger" system
(such as a midrange (AS/400, HP9000, etc) or mainframe (S390, zSeries, etc)
computer).  Or, they "develop" applications using "enterprise" tools (such
as Microsoft Visual Studio, Oracle, Sybase, SAP, etc).  They only "use" a PC
for these tasks and really don't actually know much about the desktop OS
itself.  As such, they are almost as unaware about malware/virii as a
typical home user.  For malware/virii, you need to find a *knowledgable*
computer technician or Support Analyst/Engineer.  It's the same with
cars...you don't ask the salesperson how to repair a leaking shaft
seal...he/she won't know - you need to ask an auto mechanic.

Since it seems we're listing credentials recently...
("Id" mode enabled)
I directly support 4500 PC's locally and indirectly support approximately
15,000 PC's globally in the dual role of Senior Desktop Engineer / 3rd Level
Support Analyst.  Even with firewalls, enterprise intrusion detection
systems, managed desktops, etc, I still find myself cleaning up "in-house"
systems with malware on an almost daily basis.  Luckily, there is a good
base of 2nd Level support analysts here and they're able to fix most malware
issues...I only see the really *bad* ones.  Many of these systems belong to
programmers/developers who think they're safe because they have a computer
degree and work on computers daily.  Yeah, right...they're more likely to
have the more "serious" malware/virii infections as they're less cautious in
their actions.
("Id" mode disabled)

Anyways, you can only do the best you can to help others and no more.  When
you're stumped, make use of the 'net and find the information you need (such
as via Google or a list with many knowledgable people - like this one!).
Ask questions - knowledge can only be gained by those who seek it.

73,

  - Aaron Hsu, NN6O


-----Original Message-----
Sent: Saturday, August 27, 2005 10:31 PM
Subject: Re: [Ham-Computers] Help with Win 98


Ok everybody who is helping with the Win 98 problem...What is kernels32? I
have run defrag, scandisk all in safe mode and everything came up ok, as in
fixed itself.

I did put on AVG antivirus, since there was NO AV program on before and
found 29 trojans...Geeeessss when will people learn to have a AV program on
their computer...


-----Original Message-----

*** snip ***