Cheers Nick,
|| After careful deliberation I have come to the conclusion that your
problem
|| is known as
||
|| "Outlook Express"
LOL
|| You're running a 100% up-to-date Windows I presume?
Oh that I <had> been, sigh.
|| The thing about OE is that it is a complete bugger to uninstall
Hey, Whoa there, good buddy!! I've lost my favourite newsgroup but the
others are all 100% fine and dandy. Uninstall sounds like heavy action.
[Little did I know...]
|| HKEY_CURRENT_USER\Identities\{-GUID-}\Software\Microsoft\Outlook\blah
|| I believe this is where Outlook Express's settings are stored (for
some bizaar reason).
If you look on the Outlook File menu there will be Switch Identity and
Identities... Each identity (user) has it's own settings. This can be for
one person to have multiple setups, but is designed more with shared
machines in mind, eg a family computer. The identities are stored at a high
level in the registry with the company and program (Outlook, WAB) as
subsidiaries because MS envisaged other applications implementing their User
concept in the same way.
|| Anyway I hope this helps
Not per se, because I had a different problem, as it turned out. [sigh...]
But the fact that you and Cor replied at all was a most welcome boost to my
morale.
By the way. I meant to ask you to respond directly to me as I wasn't sure
that I could get in to read your reply posts. But an email notification came
from Developersdex. How did that happen ?
==================================================
The story.
So there I was with this missing newsgroup. And to make matters worse my
machine was crawling along dead slow. I've been running Kazaa and Shareaza
solidly, so I'd become used to waiting [get this - a 56K modem and it won't
go above 42K. Shareaza takes most of <that> trying to find me some rare
material - so there's precious little left for browsing the newsgroup and
Internet - maybe 8-12K!!].
But this was beyond slow. Every page in the browser was coming back
<immediately> with "Server not found" - so fast it was as if it wasn't even
trying. Anyway I left the browsing because I wanted to see if I could get
Forte News Agent to get back my precious languages.vb. I've never used it
before so at first I took it for granted, if impatiently, that it was slow
to download the headers.
But after waiting and waiting (I'd switched Shareaza off by then), I
checked the modem status to see if there was any flow at all - perhaps it
had stalled? Shock horror!! It wasn't just receiving, it was sending. And
not the normal small flow of request packets - stuff was flooding out!!
Megabytes of stuff. Now I may be new to newsgroups but I'm pretty certain
they don't send more than they receive.
At this point I thought I'd check ZoneAlarm to see if it was logging any
unusual activity. Shock horror II + Sinking Feeling. I'd forgotten to switch
ZoneAlarm on!! [Who can guess the story yet?]. On it went - immediately - so
I could check what it's logging. And the next thing I know is that it's
asking if I want DLLHOST.EXE to send to the Internet? No way!! How about
SVCHOST.EXE? No thank you!!
This stopped the flow of data out to the Internet, but these programs
were now showing in the log every time they got blocked. Which was umpteen
times per second. Poking away at 62.127.43.<19>:135, 62.127.43.<20>:135,
62.127.43.<21>:135, and so on.
Well I knew these had to be bogus programs. Not just because of the
strange behaviour but because of their names. I hate program names, if fact
almost any text, that it all in capitals, so I'd gone through my WinNT
folders normalising anything that appeared in TaskMan, which I use a lot.
And DllHost.exe and SvcHost.exe shouldn't have been in caps.
I couldn't kill them in Taskman which indicated that they were running
as services. And indeed, there they were in the Services section of the
Computer Management utility. Stop they went. Kill they went. And then I
found where they lived - WinNT\System32\Wins.
Having disabled them, I was able to get back onto the Internet and did a
search for the two names. And there it was. My lapse with ZoneAlarm
(presumably) had got me caught by the virus Win32.Worm.Welchia.A.
An article there showed me how to finish off cleaning them out of the
registry and that was the job done. The article said that this variant of
the virus only came out 8 days ago. My virus checker hadn't picked up on it.
[I later updated the checker and it <still> didn't detect them - even when I
stuck them under it's nose and said "here, sniff these" - so I reckon it's
change time there.]
The next task was to at last get me a 100% up-to-date Windows. I'd been
putting it off because the Windows Update web site wanted me to download
tens of MB and install lots of new stuff with (to my wary mind) as much
change of making it all go down the toilet as of strengthening anything.
Well that took all night as you might expect, with one nervous period
towards the end of a 32MB download - will it make it before the two-hour
cutoff? (My modem connection status had was strangely missing from the
SysTray and I hadn't clocked the time). It made. So I installed. I rebooted.
I downloaded. I installed. Yawn. Gotta keep going... I rebooted. I
downloaded. I installed. I rebooted.
Finally, eventually, at long last, I got to return to Outlook Express
and resubscribe. And I got you all back. :-D
And I'm very happy to be back. :-D :-D :-D
Best wishes to everyone,
Fergus.
Thanks again, Cor and Nick.
=========================================================
There's more info about the security leak which allows this worm to work:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-007.asp
You can get your OS checked out for missing service packs and patches:
http://windowsupdate.microsoft.com/