Jump to content

WMF patch - gdihook.dll infected by trojan?

Guest Franc Zabkar

By Guest Franc Zabkar
in Windows 98

 Share

Recommended Posts

Guest Franc Zabkar

Guest Franc Zabkar

Posted
Posted

I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year

now but it was only recently that AVG told me that the gdihook.dll

component file was infected with the BackDoor.Hupigon4.ADUA trojan. A

scan at Virustotal resulted in 18 out 36 antivirus software detecting

the same malware. Symantec and TrendMicro were two that didn't detect

it.

 

I'm wondering whether this is a false positive.

 

Here are the results:

 

http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm

 

The package is delivered as a single install.exe file. When this file

is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware.

All other antivirus products detect nothing.

 

I notice the following text strings in gdihook.dll:

 

====================================================================

forbiddenAPIsMutex madCodeHook warning...

You've tried to hook one of the following APIs:

These APIs are usually hooked in order to hide a process. Of course

madCodeHook can do that just fine. But I don't want virus/trojan

writers to misuse madCodeHook for illegal purposes. So I've decided to

not allow these APIs to be hooked. If you absolutely have to hook

these APIs, and if you have a commercial madCodeHook license, you may

contact me.

====================================================================

 

BTW, the subject patch is available here:

http://web.archive.org/web/20070203164123/http://d1.nod32.ch/download/wmfpatch11.zip

 

My research leads me to believe that MadCodeHook is a legitimate

product that has occasionally been misused by malware writers. It is

for this reason that I suspect the WMF patch is being falsely

identified as infected.

 

- Franc Zabkar

--

Please remove one 'i' from my address when replying by email.

  • Replies 21
  • Created
  • Last Reply

Popular Days

Popular Days

Guest thanatoid

Guest thanatoid

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Franc Zabkar <fzabkar@iinternode.on.net> wrote in

news:gio2g4hu4jss3t3r27r4r4d211e8srh78t@4ax.com:

> I've been using Paolo Monti's "GDI32 / WMF Patch" for

> nearly a year now but it was only recently that AVG told me

> that the gdihook.dll component file was infected with the

> BackDoor.Hupigon4.ADUA trojan. A scan at Virustotal

> resulted in 18 out 36 antivirus software detecting the same

> malware. Symantec and TrendMicro were two that didn't

> detect it.

 

<SNIP>

 

Hi again, Franc. Hope you've been well.

 

I am entering WAY above my head here, but no one else to reply

to :-)

 

I thought just replacing the gdiplus.dll with the fixed version

was enough.

 

I googled for "gdihook.dll trojan", and the first 2 (3 if you

read German) hits explain that it is safe but CAN be disguised

and used by malware.

 

I found this page just baffling, but you may find it

interesting:

http://www.tuts4you.com/forum/index.php?showtopic=14624

 

I /know/ I should not have gotten into this subject. I don't

even know what a hook is!

 

--

Those who cast the votes decide nothing. Those who count the

votes decide everything.

- Josef Stalin

 

NB: Not only is my KF over 4 KB and growing, I am also filtering

everything from discussions.microsoft and google groups, so no

offense if you don't get a reply/comment unless I see you quoted

in another post.

Guest MEB

Guest MEB

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Hmm, ESET formerly suggested its use, however, they also suggested removing

it once Microsoft produced the fix....

Hard to say what segment of code of that offering has been picked up as a

virus/Trojan now.... since EVERYONE is attempting to tighten their detection

schemes due to all the junk floating around out here.

Seems there was a lengthy discussion [or was it several] in here during that

time period ....

 

Then again, the exploit WAS to allow, in part, the Backdoor .haxdoor trogan

and its variants [among others] INTO the system....

 

Pick it apart if you think its worthwhile...

 

Additional References:

http://www.dslreports.com/forum/remark,15115819~start=700

http://forums.mozillazine.org/viewtopic.php?p=1989632&sid=feb91de5e6104f433764242b562f8018

 

--

MEB

http://peoplescounsel.org

a Peoples' counsel

_ _

~~

"Franc Zabkar" <fzabkar@iinternode.on.net> wrote in message

news:gio2g4hu4jss3t3r27r4r4d211e8srh78t@4ax.com...

| I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year

| now but it was only recently that AVG told me that the gdihook.dll

| component file was infected with the BackDoor.Hupigon4.ADUA trojan. A

| scan at Virustotal resulted in 18 out 36 antivirus software detecting

| the same malware. Symantec and TrendMicro were two that didn't detect

| it.

|

| I'm wondering whether this is a false positive.

|

| Here are the results:

|

| http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm

|

| The package is delivered as a single install.exe file. When this file

| is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware.

| All other antivirus products detect nothing.

|

| I notice the following text strings in gdihook.dll:

|

| ====================================================================

| forbiddenAPIsMutex madCodeHook warning...

| You've tried to hook one of the following APIs:

| These APIs are usually hooked in order to hide a process. Of course

| madCodeHook can do that just fine. But I don't want virus/trojan

| writers to misuse madCodeHook for illegal purposes. So I've decided to

| not allow these APIs to be hooked. If you absolutely have to hook

| these APIs, and if you have a commercial madCodeHook license, you may

| contact me.

| ====================================================================

|

| BTW, the subject patch is available here:

|

http://web.archive.org/web/20070203164123/http://d1.nod32.ch/download/wmfpatch11.zip

|

| My research leads me to believe that MadCodeHook is a legitimate

| product that has occasionally been misused by malware writers. It is

| for this reason that I suspect the WMF patch is being falsely

| identified as infected.

|

| - Franc Zabkar

| --

| Please remove one 'i' from my address when replying by email.

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Are you running AVG Free or Pro? What version? AFAIK, neither AVG Free or

Pro v7.5 is supported in Win9x anymore; v8.x has never been supported in

Win9x.

 

AVG Free Support Forum

http://freeforum.avg.com/

 

....although I can tell you right now that a search for GDIHOOK in that forum

yields no results.

 

(Certainly sounds like a F/P to me.)

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

Franc Zabkar wrote:

> I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year

> now but it was only recently that AVG told me that the gdihook.dll

> component file was infected with the BackDoor.Hupigon4.ADUA trojan. A

> scan at Virustotal resulted in 18 out 36 antivirus software detecting

> the same malware. Symantec and TrendMicro were two that didn't detect

> it.

>

> I'm wondering whether this is a false positive.

>

> Here are the results:

>

> http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm

>

> The package is delivered as a single install.exe file. When this file

> is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware.

> All other antivirus products detect nothing.

>

> I notice the following text strings in gdihook.dll:

>

> ====================================================================

> forbiddenAPIsMutex madCodeHook warning...

> You've tried to hook one of the following APIs:

> These APIs are usually hooked in order to hide a process. Of course

> madCodeHook can do that just fine. But I don't want virus/trojan

> writers to misuse madCodeHook for illegal purposes. So I've decided to

> not allow these APIs to be hooked. If you absolutely have to hook

> these APIs, and if you have a commercial madCodeHook license, you may

> contact me.

> ====================================================================

>

> BTW, the subject patch is available here:

> http://web.archive.org/web/20070203164123/http://d1.nod32.ch/download/wmfpatch11.zip

>

> My research leads me to believe that MadCodeHook is a legitimate

> product that has occasionally been misused by malware writers. It is

> for this reason that I suspect the WMF patch is being falsely

> identified as infected.

>

> - Franc Zabkar

Guest Franc Zabkar

Guest Franc Zabkar

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

On 24 Oct 2008 06:48:29 GMT, thanatoid <waiting@the.exit.invalid> put

finger to keyboard and composed:

>Franc Zabkar <fzabkar@iinternode.on.net> wrote in

>news:gio2g4hu4jss3t3r27r4r4d211e8srh78t@4ax.com:

>

>> I've been using Paolo Monti's "GDI32 / WMF Patch" for

>> nearly a year now but it was only recently that AVG told me

>> that the gdihook.dll component file was infected with the

>> BackDoor.Hupigon4.ADUA trojan. A scan at Virustotal

>> resulted in 18 out 36 antivirus software detecting the same

>> malware. Symantec and TrendMicro were two that didn't

>> detect it.

>

><SNIP>

>

>Hi again, Franc. Hope you've been well.

>

>I am entering WAY above my head here, but no one else to reply

>to :-)

>

>I thought just replacing the gdiplus.dll with the fixed version

>was enough.

 

I guess I haven't been paying attention to the updates.

>I googled for "gdihook.dll trojan", and the first 2 (3 if you

>read German) hits explain that it is safe but CAN be disguised

>and used by malware.

>

>I found this page just baffling, but you may find it

>interesting:

>http://www.tuts4you.com/forum/index.php?showtopic=14624

 

I only understand it superficially, but not enough to answer the

question in the subject.

>I /know/ I should not have gotten into this subject. I don't

>even know what a hook is!

 

I don't really know either, except to say that a program that hooks

(or intercepts) an interrupt gets the first chance to service it

before passing it on to the original interrupt service routine. If,

for example, a running program has a special hotkey such as

Ctrl-Alt-Del, then it will hook the keyboard API (Application Program

Interface) or driver and inspect the input before allowing the API or

driver to handle it, or not. AIUI, a key logger trojan such as

BackDoor.Hupigon4.ADUA may hook an API or keyboard driver.

 

- Franc Zabkar

--

Please remove one 'i' from my address when replying by email.

Guest Franc Zabkar

Guest Franc Zabkar

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

On Fri, 24 Oct 2008 14:00:35 -0400, "PA Bear [MS MVP]"

<PABearMVP@gmail.com> put finger to keyboard and composed:

>Are you running AVG Free or Pro? What version? AFAIK, neither AVG Free or

>Pro v7.5 is supported in Win9x anymore; v8.x has never been supported in

>Win9x.

 

I'm running AVG Free 7.5.549, virus base 270.8.2/1741, release date

23/10/08.

>AVG Free Support Forum

>http://freeforum.avg.com/

>

>...although I can tell you right now that a search for GDIHOOK in that forum

>yields no results.

>

>(Certainly sounds like a F/P to me.)

 

I have already sent an email query to AVG Support.

 

Update:

 

AVG have replied as follows:

 

======================================================================

Unfortunately, the current virus database version may detect the

mentioned file as infected. We can confirm that it is a false alarm.

We would like to inform you that the false positive will be removed in

the next Definitions update.

======================================================================

 

- Franc Zabkar

--

Please remove one 'i' from my address when replying by email.

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Did you tell them you're running Win98??

 

Franc Zabkar wrote:

> On Fri, 24 Oct 2008 14:00:35 -0400, "PA Bear [MS MVP]"

> <PABearMVP@gmail.com> put finger to keyboard and composed:

>

>> Are you running AVG Free or Pro? What version? AFAIK, neither AVG Free

>> or

>> Pro v7.5 is supported in Win9x anymore; v8.x has never been supported in

>> Win9x.

>

> I'm running AVG Free 7.5.549, virus base 270.8.2/1741, release date

> 23/10/08.

>

>> AVG Free Support Forum

>> http://freeforum.avg.com/

>>

>> ...although I can tell you right now that a search for GDIHOOK in that

>> forum yields no results.

>>

>> (Certainly sounds like a F/P to me.)

>

> I have already sent an email query to AVG Support.

>

> Update:

>

> AVG have replied as follows:

>

> ======================================================================

> Unfortunately, the current virus database version may detect the

> mentioned file as infected. We can confirm that it is a false alarm.

> We would like to inform you that the false positive will be removed in

> the next Definitions update.

> ======================================================================

>

> - Franc Zabkar

Guest Franc Zabkar

Guest Franc Zabkar

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

On Fri, 24 Oct 2008 19:54:53 -0400, "PA Bear [MS MVP]"

<PABearMVP@gmail.com> put finger to keyboard and composed:

>Did you tell them you're running Win98??

 

No.

 

- Franc Zabkar

--

Please remove one 'i' from my address when replying by email.

Guest Franc Zabkar

Guest Franc Zabkar

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

On Fri, 24 Oct 2008 17:16:59 +1100, Franc Zabkar

<fzabkar@iinternode.on.net> put finger to keyboard and composed:

>I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year

>now but it was only recently that AVG told me that the gdihook.dll

>component file was infected with the BackDoor.Hupigon4.ADUA trojan. A

>scan at Virustotal resulted in 18 out 36 antivirus software detecting

>the same malware. Symantec and TrendMicro were two that didn't detect

>it.

>

>I'm wondering whether this is a false positive.

>

>Here are the results:

>

>http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm

>

>The package is delivered as a single install.exe file. When this file

>is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware.

>All other antivirus products detect nothing.

 

Hmm, this suggests that the compression method used to deliver the

constituent files is recognised by only a few antivirus products. I

wonder how many other viruses are lurking inside executable archives

just waiting to be unpacked.

 

- Franc Zabkar

--

Please remove one 'i' from my address when replying by email.

Guest Franc Zabkar

Guest Franc Zabkar

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

On Fri, 24 Oct 2008 17:16:59 +1100, Franc Zabkar

<fzabkar@iinternode.on.net> put finger to keyboard and composed:

>BTW, the subject patch is available here:

>http://web.archive.org/web/20070203164123/http://d1.nod32.ch/download/wmfpatch11.zip

 

I should say that the Wayback Machine still has a downloading bug

which was evident way back in 2005. For example, I know that at least

some ZIP files, and possibly EXEs, will be corrupted. This is because

the last byte is not downloaded.

 

In the above case, Opera told me that the file size was 966,583 bytes,

but it only managed to retrieve 966,582 bytes. I had to add a null

byte (0x00) to the end of the file before Winzip would open it.

 

You can use DOS Debug to create a file named "zero" containing just

one 0x00 byte, as follows.

 

C:\your_folder>debug

-e 100

12E9:0100 5D.00

-rcx

CX 0000

:1

-n zero

-w

Writing 00001 bytes

-q

 

Then use the Copy command to append it to the end of the bad download,

as follows.

 

ren wmfpatch11.zip bad_ZIP

copy /b bad_ZIP + zero wmfpatch11.zip

del bad_ZIP

del zero

 

Use double quotation marks if your filename has spaces.

 

- Franc Zabkar

--

Please remove one 'i' from my address when replying by email.

Guest thanatoid

Guest thanatoid

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Franc Zabkar <fzabkar@iinternode.on.net> wrote in

news:ara4g4deumsl74jijqec8ough4mna4kd2c@4ax.com:

>><SNIP>

>>

>>Hi again, Franc. Hope you've been well.

>>

>>I am entering WAY above my head here, but no one else to

>>reply to :-)

>>

>>I thought just replacing the gdiplus.dll with the fixed

>>version was enough.

>

> I guess I haven't been paying attention to the updates.

>

I pay NO attention to the updates, but this one just happened to

"pass my screen" several times.

 

<SNIP>

>>I found this page just baffling, but you may find it

>>interesting:

>>http://www.tuts4you.com/forum/index.php?showtopic=14624

>

> I only understand it superficially, but not enough to

> answer the question in the subject.

 

I thought you might find the complete Madhook collection (+)

link interesting for research purposes.

The page seems like it's frequented by "reverse engineers" and

hackers and crackers and virus writers - but that's what Google

gave me.

>>I /know/ I should not have gotten into this subject. I

>>don't even know what a hook is!

>

> I don't really know either, except to say that a program

> that hooks (or intercepts) an interrupt gets the first

> chance to service it before passing it on to the original

> interrupt service routine. If, for example, a running

> program has a special hotkey such as Ctrl-Alt-Del, then it

> will hook the keyboard API (Application Program Interface)

> or driver and inspect the input before allowing the API or

> driver to handle it, or not. AIUI, a key logger trojan such

> as BackDoor.Hupigon4.ADUA may hook an API or keyboard

> driver.

 

I think I understand a little better now - but I know I will

never be a programmer ;-)

 

 

Regards

t.

 

 

 

--

Those who cast the votes decide nothing. Those who count the

votes decide everything.

- Josef Stalin

 

NB: Not only is my KF over 4 KB and growing, I am also filtering

everything from discussions.microsoft and google groups, so no

offense if you don't get a reply/comment unless I see you quoted

in another post.

Guest MEB

Guest MEB

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

 

 

"Franc Zabkar" <fzabkar@iinternode.on.net> wrote in message

news:ufr4g41l8gifvb2d4t1no6kru1e22f4u16@4ax.com...

| On Fri, 24 Oct 2008 17:16:59 +1100, Franc Zabkar

| <fzabkar@iinternode.on.net> put finger to keyboard and composed:

|

| >I've been using Paolo Monti's "GDI32 / WMF Patch" for nearly a year

| >now but it was only recently that AVG told me that the gdihook.dll

| >component file was infected with the BackDoor.Hupigon4.ADUA trojan. A

| >scan at Virustotal resulted in 18 out 36 antivirus software detecting

| >the same malware. Symantec and TrendMicro were two that didn't detect

| >it.

| >

| >I'm wondering whether this is a false positive.

| >

| >Here are the results:

| >

| >http://www.users.on.net/~fzabkar/gdihook_dll_scan.htm

| >

| >The package is delivered as a single install.exe file. When this file

| >is scanned by Virustotal, Sophos identifies "Sus/Madcode-A" malware.

| >All other antivirus products detect nothing.

|

| Hmm, this suggests that the compression method used to deliver the

| constituent files is recognised by only a few antivirus products. I

| wonder how many other viruses are lurking inside executable archives

| just waiting to be unpacked.

|

| - Franc Zabkar

| --

| Please remove one 'i' from my address when replying by email.

 

I would say lots, but then merely using a program like Universal Extractor

[which doesn't do them all but does supply a number of the individual

utilities {51 in 1.5}] or another multipurpose extractor should give a hint.

The vast number of compressors and executives creators increases the

likelihood that a download was compressed/encoded with something untoward

within...

 

If the Anti-Virus program can't enter the archive or recognize the

compressed or encoded executive, then there is know way to detect any

malicious activity or inclusion until its run or opened. Even then, an

unknown executive or DLL format may go undetected.

 

Add that to the obvious conclusion that most people never even check what

they've downloaded NOR monitor their running systems {relying upon what

applications they have installed to supposedly protect them}, and the hack

and delivery method may never be discovered until someone finally notices a

problem and reports it to one of the services and works through a diagnostic

routine..... [hence my recent bot farm post]

 

It appear to me {to get back to the WMF/gdi issue} that the other suggested

work-arounds MAY have been of more long term value. ALL of the fancy stuff

found on the Internet brings its own vulnerabilities, and they ARE being

exploited.

 

--

MEB

http://peoplescounsel.org

a Peoples' counsel

_ _

~~

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Franc Zabkar wrote:

>

>> Did you tell them you're running Win98??

>

> No.

 

And are you aware that AVG Free v7.5 is no longer supported in Win98 or any

other Windows version?

Guest Franc Zabkar

Guest Franc Zabkar

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

On Sat, 25 Oct 2008 17:13:39 -0400, "PA Bear [MS MVP]"

<PABearMVP@gmail.com> put finger to keyboard and composed:

>Franc Zabkar wrote:

>>

>>> Did you tell them you're running Win98??

>>

>> No.

>

>And are you aware that AVG Free v7.5 is no longer supported in Win98 or any

>other Windows version?

 

Yes, but I'm still using a lot of other unsupported software,

including this OS. I have other antivirus products, including Avast,

to fall back on. I can still use PC-cillin, if I manually download the

virus patterns, but the scan engine is not being updated so there may

be cases where malware will not be detected by the older scan engine.

Then there's always Virustotal for an online scan ...

 

- Franc Zabkar

--

Please remove one 'i' from my address when replying by email.

Guest Sunny

Guest Sunny

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

 

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl...

> Franc Zabkar wrote:

>>

>>> Did you tell them you're running Win98??

>>

>> No.

>

> And are you aware that AVG Free v7.5 is no longer supported in Win98 or

> any other Windows version?

 

I am still getting updates for AVG 7.5 on my Win98 PC.

(Got another update today)

Guest 98 Guy

Guest 98 Guy

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Sunny wrote:

> > And are you aware that AVG Free v7.5 is no longer supported in

> > Win98 or any other Windows version?

>

> I am still getting updates for AVG 7.5 on my Win98 PC.

> (Got another update today)

 

Symantec Intelligent Updater will still update the scan engine and virus

definition files for NAV 2002.

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Sunny wrote:

> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

> news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl...

>> Franc Zabkar wrote:

>>>

>>>> Did you tell them you're running Win98??

>>>

>>> No.

>>

>> And are you aware that AVG Free v7.5 is no longer supported in Win98 or

>> any other Windows version?

>

> I am still getting updates for AVG 7.5 on my Win98 PC.

> (Got another update today)

 

And another thread is hijacked...

 

Are you running AVG Free 7.5? (Just because it's working doesn't mean it's

supported by AVG, Sunny, and there WILL come a time when AVG 7.5 will not

auto-update.)

Guest Sunny

Guest Sunny

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

 

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

news:uiA737uNJHA.1668@TK2MSFTNGP06.phx.gbl...

> Sunny wrote:

>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

>> news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl...

>>> Franc Zabkar wrote:

>>>>

>>>>> Did you tell them you're running Win98??

>>>>

>>>> No.

>>>

>>> And are you aware that AVG Free v7.5 is no longer supported in Win98

>>> or

>>> any other Windows version?

>>

>> I am still getting updates for AVG 7.5 on my Win98 PC.

>> (Got another update today)

>

> And another thread is hijacked...

>

> Are you running AVG Free 7.5? (Just because it's working doesn't mean

> it's supported by AVG, Sunny, and there WILL come a time when AVG 7.5

> will not auto-update.)

 

Yep it's AVG 7.5 free. I check for updates twice a week.

The Win98 box is connected to two other WinXP computers, through a

router/4 port switch, and I use NetBEUI for file/printer sharing. Still

need an AV though.

Don't know where to go when AVG Free stops :-)

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Avast4 is the only free AV app still supported in Win9x, Sunny.

 

PS: You should check for an install available definition updates at least

once a day!

 

 

Sunny wrote:

> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

> news:uiA737uNJHA.1668@TK2MSFTNGP06.phx.gbl...

>> Sunny wrote:

>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

>>> news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl...

>>>> Franc Zabkar wrote:

>>>>>

>>>>>> Did you tell them you're running Win98??

>>>>>

>>>>> No.

>>>>

>>>> And are you aware that AVG Free v7.5 is no longer supported in Win98

>>>> or

>>>> any other Windows version?

>>>

>>> I am still getting updates for AVG 7.5 on my Win98 PC.

>>> (Got another update today)

>>

>> And another thread is hijacked...

>>

>> Are you running AVG Free 7.5? (Just because it's working doesn't mean

>> it's supported by AVG, Sunny, and there WILL come a time when AVG 7.5

>> will not auto-update.)

>

> Yep it's AVG 7.5 free. I check for updates twice a week.

> The Win98 box is connected to two other WinXP computers, through a

> router/4 port switch, and I use NetBEUI for file/printer sharing. Still

> need an AV though.

> Don't know where to go when AVG Free stops :-)

Guest Sunny

Guest Sunny

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

Thanks PA Bear, AVG Web Site states that 7.5 support will cease on 31 Dec

2008.

Hope Avast keep Win98 support a bit longer than that.

 

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

news:%23MPLvu8NJHA.1896@TK2MSFTNGP02.phx.gbl...

> Avast4 is the only free AV app still supported in Win9x, Sunny.

>

> PS: You should check for an install available definition updates at

> least once a day!

>

>

> Sunny wrote:

>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

>> news:uiA737uNJHA.1668@TK2MSFTNGP06.phx.gbl...

>>> Sunny wrote:

>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

>>>> news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl...

>>>>> Franc Zabkar wrote:

>>>>>>

>>>>>>> Did you tell them you're running Win98??

>>>>>>

>>>>>> No.

>>>>>

>>>>> And are you aware that AVG Free v7.5 is no longer supported in Win98

>>>>> or

>>>>> any other Windows version?

>>>>

>>>> I am still getting updates for AVG 7.5 on my Win98 PC.

>>>> (Got another update today)

>>>

>>> And another thread is hijacked...

>>>

>>> Are you running AVG Free 7.5? (Just because it's working doesn't mean

>>> it's supported by AVG, Sunny, and there WILL come a time when AVG 7.5

>>> will not auto-update.)

>>

>> Yep it's AVG 7.5 free. I check for updates twice a week.

>> The Win98 box is connected to two other WinXP computers, through a

>> router/4 port switch, and I use NetBEUI for file/printer sharing.

>> Still

>> need an AV though.

>> Don't know where to go when AVG Free stops :-)

>

Guest 98 Guy

Guest 98 Guy

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

"PA Bear [MS MVP]" wrote:

> Avast4 is the only free AV app still supported in Win9x,

> Sunny.

 

Sunny wrote:

> Thanks PA Bear, AVG Web Site states that 7.5 support will cease

> on 31 Dec 2008.

> Hope Avast keep Win98 support a bit longer than that.

 

While technically not free, Norton AntiVirus 2002 might be available via

torrent. It doesn't require activation, and it can still be fully

updated by periodically manually downloading the "Symantec Intelligent

Updater" package. Updates to the scan engine are usually part of the

package.

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

Re: WMF patch - gdihook.dll infected by trojan?

 

That policy applies to the AVG Pro 7.5, not the free version.

 

Sunny wrote:

> Thanks PA Bear, AVG Web Site states that 7.5 support will cease on 31 Dec

> 2008.

> Hope Avast keep Win98 support a bit longer than that.

>

> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

> news:%23MPLvu8NJHA.1896@TK2MSFTNGP02.phx.gbl...

>> Avast4 is the only free AV app still supported in Win9x, Sunny.

>>

>> PS: You should check for an install available definition updates at

>> least once a day!

>>

>>

>> Sunny wrote:

>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

>>> news:uiA737uNJHA.1668@TK2MSFTNGP06.phx.gbl...

>>>> Sunny wrote:

>>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

>>>>> news:eIKf3guNJHA.1144@TK2MSFTNGP05.phx.gbl...

>>>>>> Franc Zabkar wrote:

>>>>>>>

>>>>>>>> Did you tell them you're running Win98??

>>>>>>>

>>>>>>> No.

>>>>>>

>>>>>> And are you aware that AVG Free v7.5 is no longer supported in Win98

>>>>>> or

>>>>>> any other Windows version?

>>>>>

>>>>> I am still getting updates for AVG 7.5 on my Win98 PC.

>>>>> (Got another update today)

>>>>

>>>> And another thread is hijacked...

>>>>

>>>> Are you running AVG Free 7.5? (Just because it's working doesn't mean

>>>> it's supported by AVG, Sunny, and there WILL come a time when AVG 7.5

>>>> will not auto-update.)

>>>

>>> Yep it's AVG 7.5 free. I check for updates twice a week.

>>> The Win98 box is connected to two other WinXP computers, through a

>>> router/4 port switch, and I use NetBEUI for file/printer sharing.

>>> Still

>>> need an AV though.

>>> Don't know where to go when AVG Free stops :-)

 Share
Go to topic listing
×
×
  • Create New...