Windows 98 ME anti-virus and security configuration

By Jerry Winegarden, Duke University and RTPnet.org
Last Revised 03/07/03

1. Disable System Restore (Win98 ME only)

   Many viruses hide there, get re-installed automatically, and are difficult to cleanly remove.

   
      ==>Start ==>Settings ==>Control Panel ==>System
      ==>Performance ==>File System ==>Troubleshooting
      ==>Disable System Restore  (click to check the selection box)
      ==>OK ==>Close
      Restart? ==>Yes
   

   This will empty out the (hidden) directory C:\_RESTORE. Although it will mean not being able to restore the system to a previous state, it will also remove a significant source of virus problems. When the system restarts, there will be two files in the upper level of C:\_RESTORE, but the hidden subdirectories there, especially TEMP, will be truly empty. (By the way, Windows Explorer will not list files in C:\_RESTORE\TEMP.)

   In case you have troubles removing or emptying C:\_RESTORE, then boot from a floppy and use DELTREE.EXE: (deltree removes whole directories, even if they have files in them; rmdir or delete only works on empty directories.)

   1. Insert Windows ME startup disk
   2. ==>Start==Run==>XCOPY C:\Windows\command\deltree.exe a:
   3. ==>start==>shutdown==>restart
   4. ==>deltree C:\_RESTORE
   5. remove floppy, reboot

2. Obtain, install, run AVG anti-virus software (free version)

   AVG from www.grisoft.com is free for personal use, with free updates available. (If you want to use Norton or something else and are willing to pay for updates every year or six months, go ahead. However, whatever you use, you MUST GET UPDATES often, since new viruses come out daily!)

   1. download AVG from www.grisoft.com

      
            ==>http://www.grisoft.com
            ==>Free downloads
            ==>Download AVG Free edition  
                    (note: in future, Download Free Updates)
            ==>Download AVG Fee Edition (button at bottom of page)
      	   Note:  do NOT click on "30-day Trial version of AVG 6.0
                     Standard Edition"   and
                     do NOT click on "30-days AVG TRIAL version of AVG 6.0
                        AVG Professional"
                     (Unless, of course, you want to pay them for those products.
      		Note that the license for the free avg allows you to run it
      		on only 1 machine.  If you have several machines, you should
      		either buy the Multi-License AVG Professional for the number
      		of machines that you have (1,2,5,10,20,30,50,100), or you
      		can purchase someone else's product (e.g. Norton Anti-Virus).
      
            License agreement:   Suggest you actually read this one! ;-)
      
            ==>Yes, I agree
      
            Fill in personal information  ("*" indicates required fields):
      
            First name:*
            Last name:*
            Email Address:*   (Make sure this is your real e-mail address :-)
            Street Address Line1:*
            City:*
            State:
            Country:* (select from list)
      
            ==>Continue
      
            ==>Please click here to start the download process...
      
            save it to C:\downloads (create it if you haven't yet)
            file name:  c:\downloads\avg6459fu_free.exe
      

      This is an installer program for AVG (anti-virus program).

      NOTE: before you run this installer, you will need to write down the product SERIAL NUMBER, which you will receive in the mail from Grisoft in response to the registration you did as part of the download process. (That's why you needed to use a real e-mail address).

   2. install AVG
      It will prompt for the serial number, which can be found in the email message you received from Grisoft as a result of your registration when you downloaded avg. You can view Grisoft's AVG instructions here.

      Do a complete test.

      Note: if it tells you that it has found a virus, it will move it to the "Quarantine folder". You can then get it to delete from the quarantine (or you can get it to try to "Heal" the files in the quarantine, which means it will try to remove the virus part of the file if it can.

      Note: if it tells you that it cannot remove a virus:

      1. write down the file name(s), including the full path: (e.g. C:\_RESTORE\TEMP\A0012345.CPY)
      2. put in win98 ME startup floppy and boot from floppy
      3. delete files from the list (e.g. del C:\_RESTORE\TEMP\A0012345.CPY)
         Note: you can use deltree to delete a whole directory if necessary
      4. remove floppy and reboot
      
      It will start running automatically upon system startup

3. Download and install anti-adware program: adaware from lavasoft:
   
   • Information about Ad aware from Lavasoft
   • Download Lavasoft's free Ad-aware Choose a download site for Ad-Aware Standard Edition (free)
     e.g.: download.com
   • save download to: C:\downloads\aaw6.exe (or whatever the latest version)
   • install ad-aware: ==>C:\downloads\aaw6.exe
     ==>Next==>Next==>Next==>Next==>Finish`
   • run scan: ==>Ad-Aware 6.0 (icon on desktop)
     Note: run scan often. (Automatic screening can be done by the professional version that you pay $ for but not by this free standard version).
     • ==>Start ==>Next
     • Look at summary. if found "New objects", then clean up:
     • ==>Next (displays list of offending objects)
     • Click to check boxes to include all objects listed
     • ==>Next
       "2 objects will be removed. Continue?
     • ==>OK
     • Done, unless it tells you that it cannot remove some of the objects.
       If so, write down file or folder names, boot from floppy and delete them.

Anti-virus anti-spyware security steps to perform often

• run anti-virus scan (should be automatic)
• get anti-virus updates (both data file and program updates) - this may be able to be automated
• run ad-aware scan
• get updates for ad-aware
• get updates for MS Windows from Microsoft (e.g. Internet Explorer):
  1. ==>Internet Explorer==>www.microsoft.com/updates
     
  2. Note: you can set MS Windows or Internet Explorer to check in with Microsoft and notify you of available "Critical Updates". If they are for the versions that you have, then install them. However, if you have IE 5.5, you may or may not want to install IE 6 "critical updates". It might be a good idea, but pay attention.
  1. clean out Internet Explorer's "Temporary Internet Files" every now and then:
  2. ==>Start==>Settings==>Control Panels==>Internet Options ("Internet Properties")
  3. ==>General
     "Temporary Internet Files"
     ==>Delete Files (will "clear the cache")

     ==>Settings==>View Files
     	then, select and delete files with File and Edit menus
     		(copies of every web page which you have read)
     	then close this "Temporary Internet Files" folder window
     
     ==>View Objects
     	select and delete programs listed here using File and Edit menus
     		(these are programs which were downloaded by web pages to
     		help you read or view or listen to the content of the
     		web pages you have downloaded).
     This can be a place where bad programs get downloaded to you, without you
     knowing it!  Clearing these out is NOT HARMFUL and might help.