|It is a major virus! I am a system adminstrator and even after I did my little tricks to stop the virus (discovered a few days after the user infected the PC), it still remains. I removed all connected references to "whitesmoke" from the registry and file references on the hard drive. I then ran 4 different virus scan+removal utilities. They removed several files on the hard drive. But, when I try to go to update.microsoft.com or windowsupdate.microsoft.com or the IP address for the same sites, it will not let me. In fact, it will not even allow a DNS lookup for the IP of those sites. Note that CMD prompt does do the PING with resultant IP address, however. I disabled all add-ons for IE8, but same issues. In fact, when I turn on the network card (NIC) I quickly get an intrusion detection on my Norton Antivirus software. I uninstalled IE8, back to IE7, and as far as I could tell, the intrusions stopped at that time. Launching my existing firefox, however, caused the issues to reappear, grrrr... |
It also stopped me from going back to a previous restore point as well, and I tried several days worth of restore points.. Windows goes through all the almost 1/2 hour motions of going back to a restore point, but upon reboot tells me that it could not go back to the restore point.
The thing that is most frustrating is that Norton continues to stop "intrusions" about once every 10 to 15 minutes as due to svchost.exe -- that is an essential MS file.
I cannot figure out how they're blocking me from update.microsoft.com
The c:\windows\system32\drivers\etc\hosts ...etc. files do not have a modified entry for it and IE does not have a block on that site and the NIC does not have a proxy setting set up...
I even loaded OPERA browser and still cannot browse to update.microsoft.com nor via microsoft.com's link to windows updates.
Very tricky virus here... infected core windows system files and won't let me do a restore point... not much left but a reburn.
IF YOU HAVE THIS VIRUS, disable your NIC just in case it acts as a worm, trying to infect other PCs on your network.