Google Answers Logo
View Question
Q: Recovering from a worm hack on Windows - cannot open Network Properties window ( Answered 4 out of 5 stars,   3 Comments )
Subject: Recovering from a worm hack on Windows - cannot open Network Properties window
Category: Computers > Security
Asked by: patrickl999-ga
List Price: $5.00
Posted: 25 May 2004 08:58 PDT
Expires: 24 Jun 2004 08:58 PDT
Question ID: 351686
Recently I suffered from the Donk-Q Worm on Windows XP, also known as
W32SdBot.  By now I have disinfected the computer with Symantec tools,
and to the best of my knowledge the PC is clean and yesterday I
finished downloading all the latest Microsoft Critical Updates.

Everything on my PC is fine now except for one legacy of the worm. 
When it was active it seems to have made a modification to prevent me
from enabling the Windows Internet Firewall. It did this by making it
impossible for me to open the Properties window for my Network
Connection. I simply cannot find a way to open this feature, no matter
how many ways I try.

I will probably install ZoneAlarm as a firewall anyway, but I would
still like to be able to fix this hack that the worm left.

Can anyone help?

Request for Question Clarification by aceresearcher-ga on 25 May 2004 09:56 PDT
Greetings, Patrick!

Can you describe step-by-step what you've done so far to eradicate the worm?



Clarification of Question by patrickl999-ga on 25 May 2004 10:56 PDT
I first realized my PC was infected when it exhibited the following 3 symptoms:
1) Windows would give shutdown warnings because of unauthorized RPC calls. 
2) Windows would not allow me to run msconfig or regedit or download
updates from the Microsoft website.
3) Windows would not allow me to open the Network Properties window to
enable the IPC firewall.

I diagnosed the problem by rebooting in Safe Mode which allowed me to
run msconfig.exe  and take a look at what was running in my boot.ini
and startup file. There were 3 alien files: cool.exe, sys32.exe and
wnetmgr.exe.  When I searched for these on Google I saw that Symantec
classified these as belonging to the Donk-Q worm, which McAfee called

I downloaded Symantec's FixDonk.exe tool. This removed all the alien
files, and old infected System Restore files, and cleaned up my Hosts

I have since run the PC without any problems (except for the Network
Connection Properties issue). I ran FixDonk.exe again, and it can find
no trace of the worm. I also ran the latest version of AntiVir
software from to confirm that my PC does not have any
other viruses on it.

So I am assuming that the PC is clean, and that my current problem is
due to some minor hack that Donk did in my Windows settings to make
the Network Properties window inaccessible.
Subject: Re: Recovering from a worm hack on Windows - cannot open Network Properties window
Answered By: aceresearcher-ga on 25 May 2004 14:54 PDT
Rated:4 out of 5 stars

I think the prescribed medicine for your system is a Windows XP Repair
Install. This should re-implement the Network Properties

There is an excellent tutorial on how to do this (and other XP-related
fixes) on Harry O's Windows XP "New Life For Windows" website:

"How to Repair Install: (also called "In place reinstall")
Sometimes the only way to repair XP is to reinstall. You do not have
to wipe your partition and start over. Just as with previous versions
of Windows you can install over top of an existing setup. This has the
advantage of retaining your installed applications, data and settings.
You will lose previously saved System Restore Points but System
Restore will begin creating new restore points again immediately
following the Repair Install. You will need to reinstall SP1a and any
Critical Updates from the Windows Update Site.

*** Be aware that a Repair Install will leave your system vulnerable
to the Blaster and Welchia worms. Do not go on line until you have
enabled XP's firewall first. Then visit the Windows Update Site to
patch your system. ***

It is always prudent to backup important data before you make changes to XP..."

I also highly recommend that if you have not already done so, you
download and run the following free programs, not just for this
problem, but on a frequent basis (every few days, weekly, or monthly,
depending on how much surfing and download is done on your system):

Spybot Search & Destroy


If you already have Spybot and/or AdAware installed on your PC, be
sure to download the latest updates first **each time you run them**.

Other helpful free anti-scumware utilities:


Online Housecall

Something to keep in mind is that even if these programs give your
system a "clean bill of health", it does *not* mean that you can be
absolutely sure that your system is clean. It is only a *reasonable
assurance* that it is clean.

I definitely recommend that you install Zone Alarm or Zone Alarm Pro.
I (and many people I know) use the Pro (paid) version, which provides
more extensive protection and customization. You can download them

It's also VERY important to continue to check with Microsoft
periodically and make sure that you have installed any new
security-related patches that have been released.
You can find out if there are any available by going here:

Before Rating my Answer, if you have any questions or problems with
the above information or need assistance in performing the
identification and removal procedures, please post a Request for
Clarification, and I will be glad to assist you.

I hope that this Answer helps you to resolve your nasty problem, and
that you have smooth surfing once again!



Request for Answer Clarification by patrickl999-ga on 26 May 2004 06:15 PDT
Well, it's not the answer I was hoping for, since obviously I'd like
to fix the problem without having to completely reinstall XP and
download all the Microsoft updates again over my dial-up connection.

But, if there's no other way....

Clarification of Answer by aceresearcher-ga on 26 May 2004 08:16 PDT

I know it's a pain, but bear in mind that it's not a *complete*
reinstall of Windows and all of your application programs -- plus a
reload of all your data files -- and I've had to do this! I lost a
week of my life...

It's just a repair (the system determines which files have been
corrupted and replaces only those files). However, because the system
compares itself to your original copy of XP, it will also replace
those files which were changed by the security patch updates, which is
why you will need to do them again.

Best Wishes!

patrickl999-ga rated this answer:4 out of 5 stars
quick response!

Subject: Re: Recovering from a worm hack on Windows - cannot open Network Properties window
From: peeyush_maurya-ga on 25 May 2004 13:48 PDT

Boot from windows 2000 installation CD, go to recovery console..and run chkdsk /r

Hope it helps...

Subject: Re: Recovering from a worm hack on Windows - cannot open Network Properties window
From: patrickl999-ga on 28 May 2004 09:46 PDT

  I discovered the source of the problem finally. It was my own ISP,
PeoplePC, that has locked me out of the Network Connection Properties
Subject: Re: Recovering from a worm hack on Windows - cannot open Network Properties window
From: aceresearcher-ga on 28 May 2004 09:55 PDT
Thank you for the update, Patrick! It's odd that they would do that. I
hope you were able to persuade them to enable you to do what you
needed to do.



Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy