Discussion
Has anyone had problems recently with this nasty little virus? Hope someone can help me....
I had it dropped on me via MS Messneger last night. I blocked the install request but it appeared in Windows Prefetch. Deleted that lot and ran a registry check using Unhackme.
Now I'm experiencing some odd behaviours which I can't solve
Quick Launch toolbar disappeared so I reinstalled it (tickbox had been cleared!). Things seem ok now but I can't can't access Paypal (directly or via ebay) or Amazon (perhaps more?!), with Firefox or IE.
I can access other https sites such as "my ebay" and other "normal" sites, including my hotmail account.
So why can't I get into the previous two mentioned???
I could only get into the amazon site via IP address, didn't work with paypal...Amazon then said I should enable cookies...but they are!
Anything to do with this Worm thing above? I done so much fiddling about I could easily have messed with something in the registry, but why only affect the two sites (so far!)?
Might be worth mentioning I've used both Amazon and Paypal to pay for items in the past few days...also, running through a router with XP pro, my partners laptop n the same connection is not having problems so it's definitely my system
Any ideas....?
wrinx
I had it dropped on me via MS Messneger last night. I blocked the install request but it appeared in Windows Prefetch. Deleted that lot and ran a registry check using Unhackme.
Now I'm experiencing some odd behaviours which I can't solve
Quick Launch toolbar disappeared so I reinstalled it (tickbox had been cleared!). Things seem ok now but I can't can't access Paypal (directly or via ebay) or Amazon (perhaps more?!), with Firefox or IE.
I can access other https sites such as "my ebay" and other "normal" sites, including my hotmail account.
So why can't I get into the previous two mentioned???
I could only get into the amazon site via IP address, didn't work with paypal...Amazon then said I should enable cookies...but they are!
Anything to do with this Worm thing above? I done so much fiddling about I could easily have messed with something in the registry, but why only affect the two sites (so far!)?
Might be worth mentioning I've used both Amazon and Paypal to pay for items in the past few days...also, running through a router with XP pro, my partners laptop n the same connection is not having problems so it's definitely my system
Any ideas....?
wrinx
Edited by wrinx on Sunday 10th February 20:03
if IP works but the name doesnt then its something to do with name resolution thats causing the fault - obviously.
first thing your PC looks at is the HOSTS file
then the DNS server etc
the HOSTS file is in \\windows\system32\drivers\etc and is just called HOSTS open it with notepad or similar & check it. its just a text file with entries such as
100.100.100.100 www.somewebsite.com
if you see entries for the sites you cant get on, just delete them from the file & save it.
first thing your PC looks at is the HOSTS file
then the DNS server etc
the HOSTS file is in \\windows\system32\drivers\etc and is just called HOSTS open it with notepad or similar & check it. its just a text file with entries such as
100.100.100.100 www.somewebsite.com
if you see entries for the sites you cant get on, just delete them from the file & save it.
:lol: Thanks or your reply, just been looking at that file after reading http://www.howtofixcomputers.com/bb/ftopic139500.h... of them are "txt" files, but are SAM, MSN, ICS and BACKUP files???
Only websites mentioned are:
"hosts" file
127.0.0.1 localhost
"HOST.ICS" file is empty
"lmhosts" SAM file has lots of info about stuff but no info about sites.
"networks" has "loopback 127"
"protocol" has the following:
ip 0 IP # Internet protocol
icmp 1 ICMP # Internet control message protocol
ggp 3 GGP # Gateway-gateway protocol
tcp 6 TCP # Transmission control protocol
egp 8 EGP # Exterior gateway protocol
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # User datagram protocol
hmp 20 HMP # Host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
rvd 66 RVD # MIT remote virtual disk
...and finally,the "service file" has port numbers for well-known services defined by IANA.
None of which makes much sense to me!
wrinx
Only websites mentioned are:
"hosts" file
127.0.0.1 localhost
"HOST.ICS" file is empty
"lmhosts" SAM file has lots of info about stuff but no info about sites.
"networks" has "loopback 127"
"protocol" has the following:
ip 0 IP # Internet protocol
icmp 1 ICMP # Internet control message protocol
ggp 3 GGP # Gateway-gateway protocol
tcp 6 TCP # Transmission control protocol
egp 8 EGP # Exterior gateway protocol
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # User datagram protocol
hmp 20 HMP # Host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
rvd 66 RVD # MIT remote virtual disk
...and finally,the "service file" has port numbers for well-known services defined by IANA.
None of which makes much sense to me!
wrinx
Edited by wrinx on Sunday 10th February 23:42
Edited by wrinx on Monday 11th February 00:11
those two in HOSTS start with a # yeah? they are examples, the # comments the line out.
if its not there then err... let me think for a bit i cant remember the other ones
lmhosts you can ignore, its a leftover from an old MS product 'lan manager'.
the others shouldnt cause the problem you've got.
trying to think of anything atm. what are your IP settings? auto configure? & auto detect DNS server? thats the norm.
check the settings on a working PC & make sure they are the same, although i doubt its that as other sites work.
could be a duff entry in the routing table, cant think how to do that at this moment though.
if its not there then err... let me think for a bit i cant remember the other ones
lmhosts you can ignore, its a leftover from an old MS product 'lan manager'.
the others shouldnt cause the problem you've got.
trying to think of anything atm. what are your IP settings? auto configure? & auto detect DNS server? thats the norm.
check the settings on a working PC & make sure they are the same, although i doubt its that as other sites work.
could be a duff entry in the routing table, cant think how to do that at this moment though.
OK, my daughter's PC got infected with this bugger.
Make sure you search for the wkssvc.exe file and delete it. You also need to run regedit and remove it from the registry. Then, edit your hosts file .... the sneaky buggers leave a large chunk of blank space and then create a lot of entries with 127.0.0.1 as the IP address. Delete all of these from the hosts file and then you should be good.
Make sure you search for the wkssvc.exe file and delete it. You also need to run regedit and remove it from the registry. Then, edit your hosts file .... the sneaky buggers leave a large chunk of blank space and then create a lot of entries with 127.0.0.1 as the IP address. Delete all of these from the hosts file and then you should be good.
Spokey said:
.... the sneaky buggers leave a large chunk of blank space and then create a lot of entries with 127.0.0.1 as the IP address. Delete all of these from the hosts file and then you should be good.
I only have one entry in the host file....and it's that one!So I should delete it....but why aren't there any more???
Already deleted the virus but is didn't din it's way into the registry afaik, been running various bits of software for what seems like all day! :lol:
(edit....found out what you mean, lots of white space and more entries!).
wrinx
Edited by wrinx on Monday 11th February 00:26
wrinx said:
Spokey said:
.... the sneaky buggers leave a large chunk of blank space and then create a lot of entries with 127.0.0.1 as the IP address. Delete all of these from the hosts file and then you should be good.
I only have one entry in the host file....and it's that one!So I should delete it....but why aren't there any more???
Already deleted the virus but is didn't din it's way into the registry afaik, been running various bits of software for what seems like all day! :lol:
(edit....found out what you mean, lots of white space and more entries!).
wrinx
wrinx said:
Pretty sure I've run two different programs Registry Mechanic, Unhackme and Registry Booster, several times since last night.
Will do another check tomorrow...
wrinx
Start|Run Will do another check tomorrow...
wrinx
Type in "regedit" (without the quotes)
Press enter
Move to the top and click on "My Computer"
Ctrl+F
Type in "wkssvc.exe" (without the quotes)
Press enter
Spokey said:
wrinx said:
Pretty sure I've run two different programs Registry Mechanic, Unhackme and Registry Booster, several times since last night.
Will do another check tomorrow...
wrinx
Start|Run Will do another check tomorrow...
wrinx
Type in "regedit" (without the quotes)
Press enter
Move to the top and click on "My Computer"
Ctrl+F
Type in "wkssvc.exe" (without the quotes)
Press enter
wrinx
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff