Support | Find a Store | About Us | Gateway.com



Support Home
Downloads
Contact Us
Account Info

Search Support

Phrase Search

Support Information
Tutorials
Downloads


Special Services

TDD
(Telecommunications
Device for the Deaf)
Support please call
800.846.1778

Take a Tour

Rate our
eSupport Site

 
Email this page
W95.Hybris Virus Warning

The W95.Hybris worm virus is transmitted through e-mail. This virus attaches itself to the Wsock32.dll file. The definitions for this virus have been included in Norton AntiVirus since the Live Update on September 25, 2000.

Because this virus is spread through e-mail, ensure that any e-mail containing the virus attachment is deleted. The subject line of the e-mail may be listed as "[email protected]" or "Snow White and the Seven dwarves".

There are also plug-ins that produce the varying symptoms. Some of the symptoms that have been reported include Invalid Page Fault messages associated with Iexplorer.exe, Wsock32.dll, or Kernel32.dll.

The best way to determine the presence of this virus is to check the size of the Wsock32.dll file. The file size needs to be as follows:

Wsock32.dll File Size
Operating System File Size Date Stamp
Windows® 95 65 Kilobytes (KB) 7/11/1995
Windows® 95
OEM Service Release 2 (OSR2)		 65-KB Varies
Windows® 98 40-KB 5/11/1998
Windows® 98 SE 40-KB 4/23/1999
Windows® Me 36-KB 6/21/2000

Use the following steps to check the size of the Wsock32.dll file:

In Windows Me:

  1. From the Start menu, point to Search, and then click For Files and Folders.

  2. In the Search Results window in the Search for files or folders named area, type: Wsock32.dll, and then click Search Now.

  3. The size and date of the Wsock32.dll file displays in the Search Results window.

In Windows 9x:

  1. From the Start menu, point to Find, and then click For Files and Folders.

  2. In the Find: All Files window in the Named area, type: Wsock32.dll, and then click Find Now.

  3. The size and date of the Wsock32.dll file is located at the bottom of the Find: All Files window.

If the virus is present and the Norton AntiVirus definitions are dated later than September 25, 2000, restart the computer and scan the computer with Norton AntiVirus in Safe mode.

Start the computer in Safe mode:

In Windows 98, Windows 98 SE, or Windows Me:

  1. From the Start, click Run. In the Run dialog box, type: Msconfig, and then click OK.

  2. In the System Configuration Utility dialog box on the General tab, click Diagnostic Startup, and then click OK.

  3. In the System Settings Changed dialog box, click Yes.

  4. In the Windows Me Startup Menu or Windows 98 SE Startup Menu, press the DOWN ARROW key on your keyboard to select Safe mode.

    Note: Run Msconfig again and select Normal Startup to return the computer to normal operations.

In Windows 95:

  1. Turn on the computer, and press the F8 key in one-second intervals until you see the Startup Menu. If Windows loads normally, shut down Windows, and repeat this step.

  2. In the Windows 95 Startup Menu, press the DOWN ARROW key on your keyboard to select Safe mode.

In Windows Safe mode, use Norton AntiVirus to scan the computer for viruses. For help, refer to the Help files.

If you do not have the latest definitions or Norton AntiVirus, or if Norton AntiVirus was unable to remove the virus from the computer, use the following steps:

In Windows Me:

  1. Verify that the .cab files are located on the hard disk drive. The default location is C:\Windows\Options\Cabs.

    • From the Start menu, point to Search, and then click For Files or Folders.
    • In the Search Results window in the Search for files or folders named area, type: *.cab, and then click Search Now.
    • The files are listed in the Search Results window.

  2. From the Start menu, click Run. In the Run dialog box, type: Msconfig, and then click OK.

  3. In the System Configuration Utility dialog box on the General tab, click Diagnostic Startup, and then click OK.

  4. In the System Settings Changed dialog box, click Yes.

  5. On the Windows Me Startup Menu, press the DOWN ARROW key on your keyboard to select Safe mode.

  6. In Windows Me Safe mode, close Gateway HelpSpot or Microsoft Help and Support.

  7. From the Start menu, point to Search, and then click For Files or Folders.

  8. In the Search Results window in the Search for files or folders named: area, type: Wsock32.*, and then click Search Now.

  9. In the Search Results window from the Edit menu, click Select All, and then press the DELETE key.

  10. In the Confirm Multiple File Delete dialog box, click Yes.

  11. In the Search Results window from the File menu, click Close.

  12. From the Start menu, click Run. In the Run dialog box, type: Msconfig, and then click OK.

  13. In the System Configuration Utility dialog box, click Extract File.

  14. In the Extract one file from installation disk dialog box, type: C:\Windows\System\Wsock32.dll, and then click Start.

  15. In the Extract File dialog box in the Restore From area, type: C:\Windows\Options\Cabs, and then click OK.

  16. If a Backup File dialog box appears, click OK.

  17. If a Backup File does not exist dialog box appears, click Yes.

  18. In the Extract File dialog box, click OK.

  19. On the General tab of the System Configuration Utility dialog box, click Normal Startup, and then click OK.

  20. In the System Settings Changed dialog box, click OK.

In Windows 98 and Windows 98 SE:

  1. From the Start menu, point to Find, and then click For Files and Folders.

  2. In the Find: All Files dialog box in the Named: area, type: Wsock32.*, and then click Find Now.

  3. In the Find: Files named Wsock32.* dialog box from the Edit menu, click Select All, and then press the DELETE key.

  4. In the Confirm Multiple File Delete dialog box, click Yes.

  5. In the Find: Files named Wsock32.* dialog box from the File menu, click Close.

  6. From the Start menu, click Run. In the Run dialog box, type: SFC, and then click OK.

  7. In the System File Checker dialog box, click Extract One file from installation disk.

  8. In the Specify the system file you would like to restore area, type: C:\Windows\System\Wsock32.dll.

  9. In the Restore from area, type: C:\Windows\Options\Cabs, and then click OK.

    Note: If this location is not available, use C:\Cabs. If this location is not available, the D:\Win98 folder on the Windows 98 CD can be used (where D is the drive letter of the CD/DVD drive).

  10. If a Backup File dialog box appears, click OK.

  11. If a Backup File dialog box appears with a message that the backup folder does not exist, click Yes.

  12. In the Extract File dialog box, click OK.

  13. In the System File Checker dialog box, click OK.
In Windows 95:
  1. Verify that the .cab files are located on the hard disk drive.

    • From the Start menu, point to Find, and then click For Files or Folders.
    • In the Find: All Files dialog box, in the Named area, type: *.cab, and then click Find Now.
    • If found, the cab files are listed in the bottom of the window.

  2. If the cab files are not located on the hard disk drive, copy the cab files from the Windows 95 CD to the hard disk drive.

    • Place the Windows 95 CD in the CD/DVD drive. Close any windows that automatically open.
    • From the Start menu, point to Programs, and then click Windows Explorer.
    • In the Exploring C:\ window, click the drive letter of the CD/DVD drive.
    • In the Exploring D:\ window (where D is the drive letter of the CD/DVD drive), double-click the Win95 folder.
    • In the Exploring D:\ window from the Edit menu, click Copy.
    • In the Exploring D:\ window, click hard disk drive (C:).
    • In the Exploring C:\ window from the Edit menu, click Paste.
    • Files copy. This takes several minutes.
    • When complete, in the Exploring C:\ window from the File menu, click Close.

  3. From the Start menu, click Shut Down. In the Shut Down Windows dialog box, click Restart, and then click OK.

  4. When the computer restarts, press the F8 key in one-second intervals until you see the Startup Menu. If Windows loads normally, shut down Windows, and repeat this step.

  5. In the Windows 95 Startup Menu, press the DOWN ARROW key to select Safe mode.

  6. From the Start menu, point to Find, and then click For Files and Folders.

  7. In the Find: All Files dialog box in the Named: area, type: Wsock32.*, and then click Find Now.

  8. In the Find: Files named Wsock32.* dialog box from the Edit menu, click Select All, and then press the DELETE key.

  9. In the Confirm Multiple File Delete dialog box, click Yes.

  10. In the Find: Files named Wsock32.* dialog box from the File menu, click Close.

  11. From the Start menu, click Run.

  12. In the Run dialog box, type: Extract /a C:\WindowsOptions\Cabs\Win95_01.cab Wsock32.dll /L C:\Windows\System, and then click OK.

    Note: The C:\WindowsOptions\CABS\Win95_01.cab path may also be C:\CABS\win95_01.cab or D:\Win95\win95_01.cab (where D is the drive letter of the CD/DVD drive).

There are plug-ins to the W95.Hybris worm virus that may still be on the computer after following this process.

In rare cases, this virus may also infect executable (.exe) files. If this occurs, Norton AntiVirus will prompt you to remove the infected files. If the .exe files were related to programs, the programs will need to be reinstalled. If the .exe files were part of the Windows operating system, they may need to be extracted from the Windows CD, or the computer may need to be formatted and reloaded.

It is recommended that you update Norton AntiVirus to the latest edition, and then the scan the computer again for viruses.

For more information on this virus and how to remove its plug-ins, visit Symantec's Web site at: http://www.sarc.com/avcenter/venc/data/w95.hybris.gen.html.


For Gateway Standard Terms Of Sale And Limited Warranty Agreement click here to view.
  legal | privacy | copyright