w2k virus/worm affects dns and dhcp

[Bob Forward]

One of my W2K client machines (on a private network behind a Cable/DSL
Router that does DHCP) is infected with some virus or worm that
disables Internet access. Network applications (IE, OE, AVG updates,
SPYBOT updates, etc.) fail to get to the Web--you try but nothing
happens and there is no error message. Other computers on the same
network can get to the Internet. When I reboot this machine with DHCP
enabled, it is reset to NOT ENBABLED and I get an address of
169.254.xxx.xxx. PING then fails for everything except the machine's
own NIC. When I assign a static IP address, PING works if an IP
address is specified but fails with "destination unreachable" using a
URL name. AVG and SPYBOT scans end with nothing found. I have applied
W2KSP4 and IE6SP1. I have uninstalled and reinstalled TCPIP with no
success. I have found nothing susppicious-looking in Task Processes.
Apparently, this thing is well hidden and is still there with each
reboot. I have no idea what to look for. Perhaps someone has seen or
heard of this before and can offer some clues...Thanks.

 

[BT]

Hi Bob

Please check your HOSTS file under Winnt\System32\drivers\etc\ and make sure
your DNS setting in W2K client is correct.

BT

 

[Bob Forward]

Hi Bob

Please check your HOSTS file under Winnt\System32\drivers\etc\ and make sure
your DNS setting in W2K client is correct.

BT

Thanks. It turned out to be the Winsock Registry entries. I exported
them off a similar w2k machine and imported them into the infected
machine. After a reboot, all works well.
=Bob=