Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Ok I thought I had the Sasser virus but I used the fix and found nothing. Anyways this problem I'm having has been going on for 3-4 days now. I am unable to access any form of the internet unless I am in Safe Mode. In Regular Mode I can't get onto the internet, every page comes up as "Cannot Find Server". I can't get on AIM or MSN, download any updates for anything, nothing at all. Plus after I use a program like, let's say, Music match jukebox I get a weird error message about Quotas and Processes then I go to my Start Menu and all my Programs are gone and I have to restart. Also a very loud Buzzing has occurred once or twice. Please help if you can.
Try looking in your windows/system directory for a file that is something like 12345_up.exe. The leading numbers are randomly generated. If you find this file, you have been infected by sasser. Some of the scanning / checking tools will not find it due to the random number generation of the file name.
0 
Sounds like it could be that your 'hosts' file has been corrupted.
Look at:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTSBy default, there should only be one entry:
127.0.0.1 localhost
If not, delete the unwanted entries and things should work. If the file is corrupted again after a reboot, then it could be the same problem I'm seeing. I don't have a solution yet.
0
jpk, Try cleaning up your HOSTS file in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC by deleting everything below the 127.0.0.1 localhost entry and when you close out save the changes then checkmark the "read only" box. This will prevent any virus/trojan from writing to it and may solve your problem.
Tufenuf
0
jpk, I had the problem where I couldn't access any AV sites or run Live Update for my Norton AV 2003. The worm was also disabling my AV real time protection and e-mail scanning. I ran the Housecall 0n-line virus scan and it detected the AGOBOT virus in my C:\WINNT\System32\drivers\etc folder where the HOSTS file (no extension) and it couldn't clean it. After I cleaned up my HOSTS file and marking it "read only" I was able to use my Norton AV and all sites were available. I ran a scan again and it came up clean. I also had a file named msawindows.exe running in Task Manager and also under the Startup tab in MSCONFIG. I ended the process on that file and deleted it and ran regedit and removed 2 entries with that file name and haven't had a problem since. Evidently the virus/worm was hiding in one of the added lines in the HOSTS file.
HTH,
Tufenuf
0
I've got the same exact problem. Had the sasser virus, and was unable to get to norton or mcafee's site in order to update def's. I cleaned the sasser virus, installed all MS patches/fixes, managed to get somehwere on Norton's site to update virus def's, scanned in safe mode, where it found the gaobot virus, quarantined/deleted that, and I am still unable to go to norton's site to update file def's...nor am I able to run LiveUpdate. Any other ideas/suggestions? Other than reinstalling windows??
0
Jennifer, Follow the instructions at the link below for your version of Windows, especially the part on the hosts (no extension) file.
Please post back as I went thru the agabot worm horror show last week and I should be able to help.
Tufenuf
0
I have the same problem. Had Sasser worm, cleaned, patched, removed host files, etc. Now the kicker - if I go in through dialup I can connect, but get the "cannot find server" for every site. However, I brought my computer to work and logged in through DSL - all pages work properly - but still have same dial up problem. Any suggestions?
0
For what it's worth, this is how I solved my problem.
Problem:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts file being corrupted with a list of
security sites mapped to 'localhost'. Also, had problems with McAfee not being able to get updates.Solution: My problem was due to scvhost.exe
(note this is not 'svchost'.)I had Registry entries in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
for scvhost.exe. But, could never find that file when searching.But, after booting in Safe Mode, I found two files:
C:\WINDOWS\SYSTEM32\scvhost.exe
C:\WINDOWS\Prefetch\SCVHOST.EXE-360336d0.pf
Deleting these files, and the Registry entries solved my problem.
My hosts file is no longer being corrupted, and McAfee comes up
and is able to do updates.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
