Ok I thought I had the Sasser virus but I used the fix and found nothing. Anyways this problem I'm having has been going on for 3-4 days now. I am unable to access any form of the internet unless I am in Safe Mode. In Regular Mode I can't get onto the internet, every page comes up as "Cannot Find Server". I can't get on AIM or MSN, download any updates for anything, nothing at all. Plus after I use a program like, let's say, Music match jukebox I get a weird error message about Quotas and Processes then I go to my Start Menu and all my Programs are gone and I have to restart. Also a very loud Buzzing has occurred once or twice. Please help if you can.

Oh yea I ran like 5 different AV scans and a few SpyWare Scans and nothing.

Try looking in your windows/system directory for a file that is something like 12345_up.exe. The leading numbers are randomly generated. If you find this file, you have been infected by sasser. Some of the scanning / checking tools will not find it due to the random number generation of the file name.

Thanks, but it's not Sasser, I ran the fix and found nothing.

Sounds like it could be that your 'hosts' file has been corrupted.

Look at:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

By default, there should only be one entry:

127.0.0.1 localhost

If not, delete the unwanted entries and things should work. If the file is corrupted again after a reboot, then it could be the same problem I'm seeing. I don't have a solution yet.

jpk, Try cleaning up your HOSTS file in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC by deleting everything below the 127.0.0.1 localhost entry and when you close out save the changes then checkmark the "read only" box. This will prevent any virus/trojan from writing to it and may solve your problem.

Tufenuf

OK, sounds like a good workaround.
But, I really do want to eliminate the real problem.

jpk, I had the problem where I couldn't access any AV sites or run Live Update for my Norton AV 2003. The worm was also disabling my AV real time protection and e-mail scanning. I ran the Housecall 0n-line virus scan and it detected the AGOBOT virus in my C:\WINNT\System32\drivers\etc folder where the HOSTS file (no extension) and it couldn't clean it. After I cleaned up my HOSTS file and marking it "read only" I was able to use my Norton AV and all sites were available. I ran a scan again and it came up clean. I also had a file named msawindows.exe running in Task Manager and also under the Startup tab in MSCONFIG. I ended the process on that file and deleted it and ran regedit and removed 2 entries with that file name and haven't had a problem since. Evidently the virus/worm was hiding in one of the added lines in the HOSTS file.

HTH,
Tufenuf

I've got the same exact problem. Had the sasser virus, and was unable to get to norton or mcafee's site in order to update def's. I cleaned the sasser virus, installed all MS patches/fixes, managed to get somehwere on Norton's site to update virus def's, scanned in safe mode, where it found the gaobot virus, quarantined/deleted that, and I am still unable to go to norton's site to update file def's...nor am I able to run LiveUpdate. Any other ideas/suggestions? Other than reinstalling windows??

Jennifer, Follow the instructions at the link below for your version of Windows, especially the part on the hosts (no extension) file.

Norton Live Update Problem

Please post back as I went thru the agabot worm horror show last week and I should be able to help.

Tufenuf

I have the same problem. Had Sasser worm, cleaned, patched, removed host files, etc. Now the kicker - if I go in through dialup I can connect, but get the "cannot find server" for every site. However, I brought my computer to work and logged in through DSL - all pages work properly - but still have same dial up problem. Any suggestions?

For what it's worth, this is how I solved my problem.

Problem:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts file being corrupted with a list of
security sites mapped to 'localhost'. Also, had problems with McAfee not being able to get updates.

Solution: My problem was due to scvhost.exe
(note this is not 'svchost'.)

I had Registry entries in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
for scvhost.exe. But, could never find that file when searching.

But, after booting in Safe Mode, I found two files:
C:\WINDOWS\SYSTEM32\scvhost.exe
C:\WINDOWS\Prefetch\SCVHOST.EXE-360336d0.pf

Deleting these files, and the Registry entries solved my problem.
My hosts file is no longer being corrupted, and McAfee comes up
and is able to do updates.