Need some quick help with a virus... UPDATE -> FIXED IT! (sort of - I cheated)

[FlyingPenguin]

I've got a client's system that can't browse any web site through IE. Doesn't even try - immediately comes up with a "Page cannot be displayed" error.

I have it connected to my network and now my one computer that had it's anti-virus software temporarily disable also has the same problem, but only in IE. Netscape 6 works fine.

Anyone recognize this virus off hand? In the process of doing a DOS VScan but that could take all night.

Thanks....

[EDIT]
Well I just finished a Vscan of my workstation and no virus files detected. I'm perplexed.

I can restore my workstation boot partition from a Ghost image I made 3 weeks ago, but I still have to figure out WTF is going on in the client's ssytem.

Anyone know what might be happening here?

[blade]

Just a dumb question, but "work offline" isn't checked is it? I had that happen to me before.

Otherwise this might help

That's all I could find so far searching symantec.

[FlyingPenguin]

WEIRD. Definately a Winsock issue but only with IE. I can browse local HTML files on my drive, but I can't browse anything on the net in IE.

Not a DNS issue since I also can't bring up the control panel in my Linksys router using it's IP address in IE.

Netscape 4 & 6 and Opera work fine.
----------
EDIT
----------

Well I fixed my workstation by restoring last month's boot partition Ghost image, but I'm still stumped with the client's system. I've gone through most of the obvious steps documented in MS Knowledgebase Q241344 which is pretty much my bible for winsock and net access problems with no luck.

Replaced all three winsock files, re-installed WinMe (refresh install over itself), even installed IE 5.5 SP2 hoping that would overwrite whatever was screwed up.

It's acting EXACTLY as if it was setup to use a proxy server, but I've made certain that it's NOT setup for a proxy server.

Has to be something corrupt in the registry settings for IE, since it doesn't affect anything else.

I hate to have to wipe her system - major piece of work re-installing everything. Any suggestions appreciated. I'll keep plugging away at it.

[DocSilly]

Maybe it's something weird like a changed proxy setting in IE, did you check her system for that?

[FlyingPenguin]

Proxy settings are disabled in IE. First thing I thought of.

And although I haven't found an infected file, I suspect a Virus. My workstation started doing EXACTLY the same thing as the client's computer after I connected the client's computer to my network.

My workstaton had it's AV program disabled at the time (I usually disable it when playing games). All other computers on the network (wife's & the server) had their AV programs running and were not affected.

[blade]

I know that sux.

You check the settings under the security tab?

I've tried searching and can't find anything else you haven't tried. Perhaps try a windows update?

[FlyingPenguin]

I'm certain it's a corrupt registry issue.

I've seen something like this once before. I dug up the knowledgebase article I used to fix it last time - you need to uninstall all the network protocals and drivers, wipe some registry entries and re-install networking.

I'll try it tomorrow - too tired now. I'm doing a full DOS vscan from a CD to make sure the drive is clean (still puzzling me how it infected my workstation over the network).

I did find evidence that the Goner virus was in there once - there's a registry entry it left behind, but the virus file is not on the drive. I ran the Goner repair kit just to be sure and it couldn't find anything.

I also need to do some creative searches on the newsgroups.

[blade]

Me and registries do not get along at all. I'd rather format than mess with something like that.

Hope they pay you well for this.

[wvjohn]

we had something similar on the server at one of our offices - i had some virus (can't remember) which was removed with norton or mcafee tool - then ie went south as far as the internet was concerned - it ended up being format time - i assume that the registry was corrupted - it was a bitch to fix b/c you can't download the tools you need, etc.

good luck

[FlyingPenguin]

Well I fixed it, in a way.

The box had WinME on it and I just upgraded it to XP (633 Celery w/192Mb so I knew it could run it okay) had a spare copy of XP Home I can give her because I wiped an XP system for a client and put 98 on it (business client with a proprietary custom app that won't work in XP - get a lot of that). Sucker had never even been activated.

I figured an XP upgrade would replace so much of the OS that whatever the corruption was would be removed, and I guessed right.

Much better solution than a clean install. Would have been a hassle since she has a lot of apps installed that require passwords and doesn't know any of her account passwords (DOH!). Plus she uses Juno (YUK!) and you can't (not that I've found) export the address book out of it (all I could do was print it to an ASCII file) and she has a HUGE address book.

Still, I would like to have figured out WTF was going on. I tried EVERYTHING though.

I still have a Ghost image of the corrupted installation I can always install on another box and play with if I get some time.

[wpublic]

it coulda been yer AV program that was messing with IE. i once had a very minor virus intrusion on a client's system and AV was disabled(Norton 2002) but when i enabled and scanned for virus, it picked up the minor intrusion and disabled all .exe under win98SE and yes, it totally corrupted the registry. it would not allow any .exe files to be run. even when i went to symantec site and downloaded the fix.

probably coulda played around with it and fixed it manually, but i just convinced them to upgrade to XP, and problem solved.

that, and a couple other situations cause me to prefer a good firewall and do not use any AV progs on anything anymore.

p.s. M$ shoulda just wrote "!@*& up my computer, i'm begging you!" on their welcome screen for win ME. it would have saved a lot of hassle