Guest Franc Zabkar Posted October 24, 2008 Posted October 24, 2008 I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year now but it was only recently that AVG told me that the gdihook.dll component file was infected with the BackDoor.Hupigon4.ADUA trojan. A scan at Virustotal resulted in 18 out 36 antivirus software detecting the same malware. Symantec and TrendMicro were two that didn't detect it. I'm wondering whether this is a false positive. Here are the results: http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm The package is delivered as a single install.exe file. When this file is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware. All other antivirus products detect nothing. I notice the following text strings in gdihook.dll: ==================================================================== forbiddenAPIsMutex madCodeHook warning... You've tried to hook one of the following APIs: These APIs are usually hooked in order to hide a process. Of course madCodeHook can do that just fine. But I don't want virus/trojan writers to misuse madCodeHook for illegal purposes. So I've decided to not allow these APIs to be hooked. If you absolutely have to hook these APIs, and if you have a commercial madCodeHook license, you may contact me. ==================================================================== BTW, the subject patch is available here: http://web.archive.org/web/20070203164123/http://d1.nod32.ch/download/wmfpatch11.zip My research leads me to believe that MadCodeHook is a legitimate product that has occasionally been misused by malware writers. It is for this reason that I suspect the WMF patch is being falsely identified as infected. - Franc Zabkar -- Please remove one 'i' from my address when replying by email.
Guest thanatoid Posted October 24, 2008 Posted October 24, 2008 Re: WMF patch - gdihook.dll infected by trojan? Franc Zabkar <fzabkar@iinternode.on.net> wrote in news:gio2g4hu4jss3t3r27r4r4d211e8srh78t@4ax.com: > I've been using Paolo Monti's "GDI32 / WMF Patch" for > nearly a year now but it was only recently that AVG told me > that the gdihook.dll component file was infected with the > BackDoor.Hupigon4.ADUA trojan. A scan at Virustotal > resulted in 18 out 36 antivirus software detecting the same > malware. Symantec and TrendMicro were two that didn't > detect it. <SNIP> Hi again, Franc. Hope you've been well. I am entering WAY above my head here, but no one else to reply to :-) I thought just replacing the gdiplus.dll with the fixed version was enough. I googled for "gdihook.dll trojan", and the first 2 (3 if you read German) hits explain that it is safe but CAN be disguised and used by malware. I found this page just baffling, but you may find it interesting: http://www.tuts4you.com/forum/index.php?showtopic=14624 I /know/ I should not have gotten into this subject. I don't even know what a hook is! -- Those who cast the votes decide nothing. Those who count the votes decide everything. - Josef Stalin NB: Not only is my KF over 4 KB and growing, I am also filtering everything from discussions.microsoft and google groups, so no offense if you don't get a reply/comment unless I see you quoted in another post.
Guest MEB Posted October 24, 2008 Posted October 24, 2008 Re: WMF patch - gdihook.dll infected by trojan? Hmm, ESET formerly suggested its use, however, they also suggested removing it once Microsoft produced the fix.... Hard to say what segment of code of that offering has been picked up as a virus/Trojan now.... since EVERYONE is attempting to tighten their detection schemes due to all the junk floating around out here. Seems there was a lengthy discussion [or was it several] in here during that time period .... Then again, the exploit WAS to allow, in part, the Backdoor .haxdoor trogan and its variants [among others] INTO the system.... Pick it apart if you think its worthwhile... Additional References: http://www.dslreports.com/forum/remark,15115819~start=700 http://forums.mozillazine.org/viewtopic.php?p=1989632&sid=feb91de5e6104f433764242b562f8018 -- MEB http://peoplescounsel.org a Peoples' counsel _ _ ~~ "Franc Zabkar" <fzabkar@iinternode.on.net> wrote in message news:gio2g4hu4jss3t3r27r4r4d211e8srh78t@4ax.com... | I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year | now but it was only recently that AVG told me that the gdihook.dll | component file was infected with the BackDoor.Hupigon4.ADUA trojan. A | scan at Virustotal resulted in 18 out 36 antivirus software detecting | the same malware. Symantec and TrendMicro were two that didn't detect | it. | | I'm wondering whether this is a false positive. | | Here are the results: | | http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm | | The package is delivered as a single install.exe file. When this file | is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware. | All other antivirus products detect nothing. | | I notice the following text strings in gdihook.dll: | | ==================================================================== | forbiddenAPIsMutex madCodeHook warning... | You've tried to hook one of the following APIs: | These APIs are usually hooked in order to hide a process. Of course | madCodeHook can do that just fine. But I don't want virus/trojan | writers to misuse madCodeHook for illegal purposes. So I've decided to | not allow these APIs to be hooked. If you absolutely have to hook | these APIs, and if you have a commercial madCodeHook license, you may | contact me. | ==================================================================== | | BTW, the subject patch is available here: | http://web.archive.org/web/20070203164123/http://d1.nod32.ch/download/wmfpatch11.zip | | My research leads me to believe that MadCodeHook is a legitimate | product that has occasionally been misused by malware writers. It is | for this reason that I suspect the WMF patch is being falsely | identified as infected. | | - Franc Zabkar | -- | Please remove one 'i' from my address when replying by email.
Guest PA Bear [MS MVP] Posted October 24, 2008 Posted October 24, 2008 Re: WMF patch - gdihook.dll infected by trojan? Are you running AVG Free or Pro? What version? AFAIK, neither AVG Free or Pro v7.5 is supported in Win9x anymore; v8.x has never been supported in Win9x. AVG Free Support Forum http://freeforum.avg.com/ ....although I can tell you right now that a search for GDIHOOK in that forum yields no results. (Certainly sounds like a F/P to me.) -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Franc Zabkar wrote: > I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year > now but it was only recently that AVG told me that the gdihook.dll > component file was infected with the BackDoor.Hupigon4.ADUA trojan. A > scan at Virustotal resulted in 18 out 36 antivirus software detecting > the same malware. Symantec and TrendMicro were two that didn't detect > it. > > I'm wondering whether this is a false positive. > > Here are the results: > > http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm > > The package is delivered as a single install.exe file. When this file > is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware. > All other antivirus products detect nothing. > > I notice the following text strings in gdihook.dll: > > ==================================================================== > forbiddenAPIsMutex madCodeHook warning... > You've tried to hook one of the following APIs: > These APIs are usually hooked in order to hide a process. Of course > madCodeHook can do that just fine. But I don't want virus/trojan > writers to misuse madCodeHook for illegal purposes. So I've decided to > not allow these APIs to be hooked. If you absolutely have to hook > these APIs, and if you have a commercial madCodeHook license, you may > contact me. > ==================================================================== > > BTW, the subject patch is available here: > http://web.archive.org/web/20070203164123/http://d1.nod32.ch/download/wmfpatch11.zip > > My research leads me to believe that MadCodeHook is a legitimate > product that has occasionally been misused by malware writers. It is > for this reason that I suspect the WMF patch is being falsely > identified as infected. > > - Franc Zabkar
Guest Franc Zabkar Posted October 24, 2008 Posted October 24, 2008 Re: WMF patch - gdihook.dll infected by trojan? On 24 Oct 2008 06:48:29 GMT, thanatoid <waiting@the.exit.invalid> put finger to keyboard and composed: >Franc Zabkar <fzabkar@iinternode.on.net> wrote in >news:gio2g4hu4jss3t3r27r4r4d211e8srh78t@4ax.com: > >> I've been using Paolo Monti's "GDI32 / WMF Patch" for >> nearly a year now but it was only recently that AVG told me >> that the gdihook.dll component file was infected with the >> BackDoor.Hupigon4.ADUA trojan. A scan at Virustotal >> resulted in 18 out 36 antivirus software detecting the same >> malware. Symantec and TrendMicro were two that didn't >> detect it. > ><SNIP> > >Hi again, Franc. Hope you've been well. > >I am entering WAY above my head here, but no one else to reply >to :-) > >I thought just replacing the gdiplus.dll with the fixed version >was enough. I guess I haven't been paying attention to the updates. >I googled for "gdihook.dll trojan", and the first 2 (3 if you >read German) hits explain that it is safe but CAN be disguised >and used by malware. > >I found this page just baffling, but you may find it >interesting: >http://www.tuts4you.com/forum/index.php?showtopic=14624 I only understand it superficially, but not enough to answer the question in the subject. >I /know/ I should not have gotten into this subject. I don't >even know what a hook is! I don't really know either, except to say that a program that hooks (or intercepts) an interrupt gets the first chance to service it before passing it on to the original interrupt service routine. If, for example, a running program has a special hotkey such as Ctrl-Alt-Del, then it will hook the keyboard API (Application Program Interface) or driver and inspect the input before allowing the API or driver to handle it, or not. AIUI, a key logger trojan such as BackDoor.Hupigon4.ADUA may hook an API or keyboard driver. - Franc Zabkar -- Please remove one 'i' from my address when replying by email.
Guest Franc Zabkar Posted October 24, 2008 Posted October 24, 2008 Re: WMF patch - gdihook.dll infected by trojan? On Fri, 24 Oct 2008 14:00:35 -0400, "PA Bear [MS MVP]" <PABearMVP@gmail.com> put finger to keyboard and composed: >Are you running AVG Free or Pro? What version? AFAIK, neither AVG Free or >Pro v7.5 is supported in Win9x anymore; v8.x has never been supported in >Win9x. I'm running AVG Free 7.5.549, virus base 270.8.2/1741, release date 23/10/08. >AVG Free Support Forum >http://freeforum.avg.com/ > >...although I can tell you right now that a search for GDIHOOK in that forum >yields no results. > >(Certainly sounds like a F/P to me.) I have already sent an email query to AVG Support. Update: AVG have replied as follows: ====================================================================== Unfortunately, the current virus database version may detect the mentioned file as infected. We can confirm that it is a false alarm. We would like to inform you that the false positive will be removed in the next Definitions update. ====================================================================== - Franc Zabkar -- Please remove one 'i' from my address when replying by email.
Guest PA Bear [MS MVP] Posted October 24, 2008 Posted October 24, 2008 Re: WMF patch - gdihook.dll infected by trojan? Did you tell them you're running Win98?? Franc Zabkar wrote: > On Fri, 24 Oct 2008 14:00:35 -0400, "PA Bear [MS MVP]" > <PABearMVP@gmail.com> put finger to keyboard and composed: > >> Are you running AVG Free or Pro? What version? AFAIK, neither AVG Free >> or >> Pro v7.5 is supported in Win9x anymore; v8.x has never been supported in >> Win9x. > > I'm running AVG Free 7.5.549, virus base 270.8.2/1741, release date > 23/10/08. > >> AVG Free Support Forum >> http://freeforum.avg.com/ >> >> ...although I can tell you right now that a search for GDIHOOK in that >> forum yields no results. >> >> (Certainly sounds like a F/P to me.) > > I have already sent an email query to AVG Support. > > Update: > > AVG have replied as follows: > > ====================================================================== > Unfortunately, the current virus database version may detect the > mentioned file as infected. We can confirm that it is a false alarm. > We would like to inform you that the false positive will be removed in > the next Definitions update. > ====================================================================== > > - Franc Zabkar
Guest Franc Zabkar Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? On Fri, 24 Oct 2008 19:54:53 -0400, "PA Bear [MS MVP]" <PABearMVP@gmail.com> put finger to keyboard and composed: >Did you tell them you're running Win98?? No. - Franc Zabkar -- Please remove one 'i' from my address when replying by email.
Guest Franc Zabkar Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? On Fri, 24 Oct 2008 17:16:59 +1100, Franc Zabkar <fzabkar@iinternode.on.net> put finger to keyboard and composed: >I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year >now but it was only recently that AVG told me that the gdihook.dll >component file was infected with the BackDoor.Hupigon4.ADUA trojan. A >scan at Virustotal resulted in 18 out 36 antivirus software detecting >the same malware. Symantec and TrendMicro were two that didn't detect >it. > >I'm wondering whether this is a false positive. > >Here are the results: > >http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm > >The package is delivered as a single install.exe file. When this file >is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware. >All other antivirus products detect nothing. Hmm, this suggests that the compression method used to deliver the constituent files is recognised by only a few antivirus products. I wonder how many other viruses are lurking inside executable archives just waiting to be unpacked. - Franc Zabkar -- Please remove one 'i' from my address when replying by email.
Guest Franc Zabkar Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? On Fri, 24 Oct 2008 17:16:59 +1100, Franc Zabkar <fzabkar@iinternode.on.net> put finger to keyboard and composed: >BTW, the subject patch is available here: >http://web.archive.org/web/20070203164123/http://d1.nod32.ch/download/wmfpatch11.zip I should say that the Wayback Machine still has a downloading bug which was evident way back in 2005. For example, I know that at least some ZIP files, and possibly EXEs, will be corrupted. This is because the last byte is not downloaded. In the above case, Opera told me that the file size was 966,583 bytes, but it only managed to retrieve 966,582 bytes. I had to add a null byte (0x00) to the end of the file before Winzip would open it. You can use DOS Debug to create a file named "zero" containing just one 0x00 byte, as follows. C:\your_folder>debug -e 100 12E9:0100 5D.00 -rcx CX 0000 :1 -n zero -w Writing 00001 bytes -q Then use the Copy command to append it to the end of the bad download, as follows. ren wmfpatch11.zip bad_ZIP copy /b bad_ZIP + zero wmfpatch11.zip del bad_ZIP del zero Use double quotation marks if your filename has spaces. - Franc Zabkar -- Please remove one 'i' from my address when replying by email.
Guest thanatoid Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? Franc Zabkar <fzabkar@iinternode.on.net> wrote in news:ara4g4deumsl74jijqec8ough4mna4kd2c@4ax.com: >><SNIP> >> >>Hi again, Franc. Hope you've been well. >> >>I am entering WAY above my head here, but no one else to >>reply to :-) >> >>I thought just replacing the gdiplus.dll with the fixed >>version was enough. > > I guess I haven't been paying attention to the updates. > I pay NO attention to the updates, but this one just happened to "pass my screen" several times. <SNIP> >>I found this page just baffling, but you may find it >>interesting: >>http://www.tuts4you.com/forum/index.php?showtopic=14624 > > I only understand it superficially, but not enough to > answer the question in the subject. I thought you might find the complete Madhook collection (+) link interesting for research purposes. The page seems like it's frequented by "reverse engineers" and hackers and crackers and virus writers - but that's what Google gave me. >>I /know/ I should not have gotten into this subject. I >>don't even know what a hook is! > > I don't really know either, except to say that a program > that hooks (or intercepts) an interrupt gets the first > chance to service it before passing it on to the original > interrupt service routine. If, for example, a running > program has a special hotkey such as Ctrl-Alt-Del, then it > will hook the keyboard API (Application Program Interface) > or driver and inspect the input before allowing the API or > driver to handle it, or not. AIUI, a key logger trojan such > as BackDoor.Hupigon4.ADUA may hook an API or keyboard > driver. I think I understand a little better now - but I know I will never be a programmer ;-) Regards t. -- Those who cast the votes decide nothing. Those who count the votes decide everything. - Josef Stalin NB: Not only is my KF over 4 KB and growing, I am also filtering everything from discussions.microsoft and google groups, so no offense if you don't get a reply/comment unless I see you quoted in another post.
Guest MEB Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? "Franc Zabkar" <fzabkar@iinternode.on.net> wrote in message news:ufr4g41l8gifvb2d4t1no6kru1e22f4u16@4ax.com... | On Fri, 24 Oct 2008 17:16:59 +1100, Franc Zabkar | <fzabkar@iinternode.on.net> put finger to keyboard and composed: | | >I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year | >now but it was only recently that AVG told me that the gdihook.dll | >component file was infected with the BackDoor.Hupigon4.ADUA trojan. A | >scan at Virustotal resulted in 18 out 36 antivirus software detecting | >the same malware. Symantec and TrendMicro were two that didn't detect | >it. | > | >I'm wondering whether this is a false positive. | > | >Here are the results: | > | >http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm | > | >The package is delivered as a single install.exe file. When this file | >is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware. | >All other antivirus products detect nothing. | | Hmm, this suggests that the compression method used to deliver the | constituent files is recognised by only a few antivirus products. I | wonder how many other viruses are lurking inside executable archives | just waiting to be unpacked. | | - Franc Zabkar | -- | Please remove one 'i' from my address when replying by email. I would say lots, but then merely using a program like Universal Extractor [which doesn't do them all but does supply a number of the individual utilities {51 in 1.5}] or another multipurpose extractor should give a hint. The vast number of compressors and executives creators increases the likelihood that a download was compressed/encoded with something untoward within... If the Anti-Virus program can't enter the archive or recognize the compressed or encoded executive, then there is know way to detect any malicious activity or inclusion until its run or opened. Even then, an unknown executive or DLL format may go undetected. Add that to the obvious conclusion that most people never even check what they've downloaded NOR monitor their running systems {relying upon what applications they have installed to supposedly protect them}, and the hack and delivery method may never be discovered until someone finally notices a problem and reports it to one of the services and works through a diagnostic routine..... [hence my recent bot farm post] It appear to me {to get back to the WMF/gdi issue} that the other suggested work-arounds MAY have been of more long term value. ALL of the fancy stuff found on the Internet brings its own vulnerabilities, and they ARE being exploited. -- MEB http://peoplescounsel.org a Peoples' counsel _ _ ~~
Guest PA Bear [MS MVP] Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? Franc Zabkar wrote: > >> Did you tell them you're running Win98?? > > No. And are you aware that AVG Free v7.5 is no longer supported in Win98 or any other Windows version?
Guest Franc Zabkar Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? On Sat, 25 Oct 2008 17:13:39 -0400, "PA Bear [MS MVP]" <PABearMVP@gmail.com> put finger to keyboard and composed: >Franc Zabkar wrote: >> >>> Did you tell them you're running Win98?? >> >> No. > >And are you aware that AVG Free v7.5 is no longer supported in Win98 or any >other Windows version? Yes, but I'm still using a lot of other unsupported software, including this OS. I have other antivirus products, including Avast, to fall back on. I can still use PC-cillin, if I manually download the virus patterns, but the scan engine is not being updated so there may be cases where malware will not be detected by the older scan engine. Then there's always Virustotal for an online scan ... - Franc Zabkar -- Please remove one 'i' from my address when replying by email.
Guest Sunny Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl... > Franc Zabkar wrote: >> >>> Did you tell them you're running Win98?? >> >> No. > > And are you aware that AVG Free v7.5 is no longer supported in Win98 or > any other Windows version? I am still getting updates for AVG 7.5 on my Win98 PC. (Got another update today)
Guest 98 Guy Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? Sunny wrote: > > And are you aware that AVG Free v7.5 is no longer supported in > > Win98 or any other Windows version? > > I am still getting updates for AVG 7.5 on my Win98 PC. > (Got another update today) Symantec Intelligent Updater will still update the scan engine and virus definition files for NAV 2002.
Guest PA Bear [MS MVP] Posted October 25, 2008 Posted October 25, 2008 Re: WMF patch - gdihook.dll infected by trojan? Sunny wrote: > "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message > news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl... >> Franc Zabkar wrote: >>> >>>> Did you tell them you're running Win98?? >>> >>> No. >> >> And are you aware that AVG Free v7.5 is no longer supported in Win98 or >> any other Windows version? > > I am still getting updates for AVG 7.5 on my Win98 PC. > (Got another update today) And another thread is hijacked... Are you running AVG Free 7.5? (Just because it's working doesn't mean it's supported by AVG, Sunny, and there WILL come a time when AVG 7.5 will not auto-update.)
Guest Sunny Posted October 26, 2008 Posted October 26, 2008 Re: WMF patch - gdihook.dll infected by trojan? "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:uiA737uNJHA.1668@TK2MSFTNGP06.phx.gbl... > Sunny wrote: >> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message >> news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl... >>> Franc Zabkar wrote: >>>> >>>>> Did you tell them you're running Win98?? >>>> >>>> No. >>> >>> And are you aware that AVG Free v7.5 is no longer supported in Win98 >>> or >>> any other Windows version? >> >> I am still getting updates for AVG 7.5 on my Win98 PC. >> (Got another update today) > > And another thread is hijacked... > > Are you running AVG Free 7.5? (Just because it's working doesn't mean > it's supported by AVG, Sunny, and there WILL come a time when AVG 7.5 > will not auto-update.) Yep it's AVG 7.5 free. I check for updates twice a week. The Win98 box is connected to two other WinXP computers, through a router/4 port switch, and I use NetBEUI for file/printer sharing. Still need an AV though. Don't know where to go when AVG Free stops :-)
Guest PA Bear [MS MVP] Posted October 27, 2008 Posted October 27, 2008 Re: WMF patch - gdihook.dll infected by trojan? Avast4 is the only free AV app still supported in Win9x, Sunny. PS: You should check for an install available definition updates at least once a day! Sunny wrote: > "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message > news:uiA737uNJHA.1668@TK2MSFTNGP06.phx.gbl... >> Sunny wrote: >>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message >>> news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl... >>>> Franc Zabkar wrote: >>>>> >>>>>> Did you tell them you're running Win98?? >>>>> >>>>> No. >>>> >>>> And are you aware that AVG Free v7.5 is no longer supported in Win98 >>>> or >>>> any other Windows version? >>> >>> I am still getting updates for AVG 7.5 on my Win98 PC. >>> (Got another update today) >> >> And another thread is hijacked... >> >> Are you running AVG Free 7.5? (Just because it's working doesn't mean >> it's supported by AVG, Sunny, and there WILL come a time when AVG 7.5 >> will not auto-update.) > > Yep it's AVG 7.5 free. I check for updates twice a week. > The Win98 box is connected to two other WinXP computers, through a > router/4 port switch, and I use NetBEUI for file/printer sharing. Still > need an AV though. > Don't know where to go when AVG Free stops :-)
Guest Sunny Posted October 27, 2008 Posted October 27, 2008 Re: WMF patch - gdihook.dll infected by trojan? Thanks PA Bear, AVG Web Site states that 7.5 support will cease on 31 Dec 2008. Hope Avast keep Win98 support a bit longer than that. "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:%23MPLvu8NJHA.1896@TK2MSFTNGP02.phx.gbl... > Avast4 is the only free AV app still supported in Win9x, Sunny. > > PS: You should check for an install available definition updates at > least once a day! > > > Sunny wrote: >> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message >> news:uiA737uNJHA.1668@TK2MSFTNGP06.phx.gbl... >>> Sunny wrote: >>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message >>>> news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl... >>>>> Franc Zabkar wrote: >>>>>> >>>>>>> Did you tell them you're running Win98?? >>>>>> >>>>>> No. >>>>> >>>>> And are you aware that AVG Free v7.5 is no longer supported in Win98 >>>>> or >>>>> any other Windows version? >>>> >>>> I am still getting updates for AVG 7.5 on my Win98 PC. >>>> (Got another update today) >>> >>> And another thread is hijacked... >>> >>> Are you running AVG Free 7.5? (Just because it's working doesn't mean >>> it's supported by AVG, Sunny, and there WILL come a time when AVG 7.5 >>> will not auto-update.) >> >> Yep it's AVG 7.5 free. I check for updates twice a week. >> The Win98 box is connected to two other WinXP computers, through a >> router/4 port switch, and I use NetBEUI for file/printer sharing. >> Still >> need an AV though. >> Don't know where to go when AVG Free stops :-) >
Guest 98 Guy Posted October 27, 2008 Posted October 27, 2008 Re: WMF patch - gdihook.dll infected by trojan? "PA Bear [MS MVP]" wrote: > Avast4 is the only free AV app still supported in Win9x, > Sunny. Sunny wrote: > Thanks PA Bear, AVG Web Site states that 7.5 support will cease > on 31 Dec 2008. > Hope Avast keep Win98 support a bit longer than that. While technically not free, Norton AntiVirus 2002 might be available via torrent. It doesn't require activation, and it can still be fully updated by periodically manually downloading the "Symantec Intelligent Updater" package. Updates to the scan engine are usually part of the package.
Guest PA Bear [MS MVP] Posted October 27, 2008 Posted October 27, 2008 Re: WMF patch - gdihook.dll infected by trojan? That policy applies to the AVG Pro 7.5, not the free version. Sunny wrote: > Thanks PA Bear, AVG Web Site states that 7.5 support will cease on 31 Dec > 2008. > Hope Avast keep Win98 support a bit longer than that. > > "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message > news:%23MPLvu8NJHA.1896@TK2MSFTNGP02.phx.gbl... >> Avast4 is the only free AV app still supported in Win9x, Sunny. >> >> PS: You should check for an install available definition updates at >> least once a day! >> >> >> Sunny wrote: >>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message >>> news:uiA737uNJHA.1668@TK2MSFTNGP06.phx.gbl... >>>> Sunny wrote: >>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message >>>>> news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl... >>>>>> Franc Zabkar wrote: >>>>>>> >>>>>>>> Did you tell them you're running Win98?? >>>>>>> >>>>>>> No. >>>>>> >>>>>> And are you aware that AVG Free v7.5 is no longer supported in Win98 >>>>>> or >>>>>> any other Windows version? >>>>> >>>>> I am still getting updates for AVG 7.5 on my Win98 PC. >>>>> (Got another update today) >>>> >>>> And another thread is hijacked... >>>> >>>> Are you running AVG Free 7.5? (Just because it's working doesn't mean >>>> it's supported by AVG, Sunny, and there WILL come a time when AVG 7.5 >>>> will not auto-update.) >>> >>> Yep it's AVG 7.5 free. I check for updates twice a week. >>> The Win98 box is connected to two other WinXP computers, through a >>> router/4 port switch, and I use NetBEUI for file/printer sharing. >>> Still >>> need an AV though. >>> Don't know where to go when AVG Free stops :-)
Recommended Posts