[FoRK] Argh! Help! Windows config mystery
corinna.schultz at gmail.com
> on >
Thu Oct 12 10:46:43 PDT 2006
I don't know enough about Windows config. I learned a ton in the last few hours,
though. But my basic problem is still there. I got hit by a worm (I think), and
it appears to have spread through our interal network. I think it's a spybot (
or rBot IRC trojan) variant - found registry keys with wuamgrd.exe.
I cleaned that stuff up (at least on my own machine).
The main problem right now is that http replies from a handful of sites (a
handful that I know about, at least) are being blocked. google and yahoo are the
main ones - I can't get to my gmail!
I checked hosts, I checked windows firewall (I don't have another firewall...
yet!). I know it's local (and not our ISP or router) because at first only my
machine was infected (as far as I can tell). Even now, other computers can
access yahoo, but not google.
But the thing is that I can access google.com using their ip address, just not
the domain name. ping and nslookup works fine, so it doesn't have anything to do
So that makes me think there's a file somewhere blocking traffic based on the
domain name. I don't know where to look. I don't want to reinstall Windows.
A second question is, how do I know if my machine is now a bot? Will running
Ethereal for a few minutes tell me?
More information about the FoRK