[FoRK] Argh! Help! Windows config mystery

corinna < corinna.schultz at gmail.com > on > Thu Oct 12 10:46:43 PDT 2006

I don't know enough about Windows config. I learned a ton in the last few hours,
though. But my basic problem is still there. I got hit by a worm (I think), and
it appears to have spread through our interal network. I think it's a spybot (
or rBot IRC trojan) variant - found registry keys with wuamgrd.exe.

I cleaned that stuff up (at least on my own machine). 

The main problem right now is that http replies from a handful of sites (a
handful that I know about, at least) are being blocked. google and yahoo are the
main ones - I can't get to my gmail!

I checked hosts, I checked windows firewall (I don't have another firewall...
yet!). I know it's local (and not our ISP or router) because at first only my
machine was infected (as far as I can tell). Even now, other computers can
access yahoo, but not google.

But the thing is that I can access google.com using their ip address, just not
the domain name. ping and nslookup works fine, so it doesn't have anything to do
with DNS.

So that makes me think there's a file somewhere blocking traffic based on the
domain name. I don't know where to look. I don't want to reinstall Windows.

A second question is, how do I know if my machine is now a bot? Will running
Ethereal for a few minutes tell me?

-Corinna



More information about the FoRK mailing list