1.cant search 2. need to block IM messages

  • Thread starter Thread starter Gary Konigsberg
  • Start date Start date
G

Gary Konigsberg

Hi!
Was on a network and now am just connected directly on
DSL one computer.
Since connecting I have noticed something very strange...
I can go to any website I want to except for Google, All
the Web, some other search engines and I cant search from
Yahoo, MSN or AOL. I get a page not found error or
something like this. Is there some setting in IE that
causes this? I have no firewall up presently.

Also, I know there is a way to block those gray pop up
windows which are somehow IM broadcasts from the sender's
computer to mine but I am not sure where that is.

Thanks for your help!!

Best,
Gary
 
Hello, I have the exact same problem for searching, and I
really need it fixed. The messages you are getting are
caused by messenger, so here's what you need to do.
1 open control panel
2 open administrative tools
3 open services
4 find the "messenger" service
5 stop this service
6 open properties of messenger service and change startup
mode to disabled or manual to prevent it from being
restarted every time you turn your computer on.
Hope this helps, and hope i get helped, James
 
Searching problems may be caused by this trojan.

http://www.f-secure.com/v-descs/delude.shtml

NAME: Delude
ALIAS: Trojan.BAT.Startpage.a
Delude is a trojan that is available on a web page. The web page contains a
code that uses a vulnerability in the Internet Explorer (MS03-032) to
execute.
More information about the vulnerability, including a fix, is available from
Microsoft at:
http://www.microsoft.com/security/security_bulletins/ms03-032.asp
VARIANT: Delude.A
The HTA code available on a web page downloads a file "partyboy.exe" from an
ftp site and runs it. This file is is packed with UPX. It is a batch file
which was compiled to executable binary (".exe") using a BatToExe tool.
When executed, it changes the Internet Explorer start page to find-now.info.
It prevents access to the most major search engines such as Google, Yahoo,
Lycos, MSN and AltaVista. To do this it replaces the following file:

More:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://vil.nai.com/vil/content/v_100719.htm
http://www.sophos.com/virusinfo/analyses/trojqhosts1.html

Messenger spams
Messenger Service Window That Contains an Internet Advertisement Appears
A Messenger service window appears that contains an Internet advertisement
that is similar to the following text:
Messenger Service
Message from source to your_computer_name.ISP_name on date time Message Text
http://support.microsoft.com/?kbid=330904 (NT4/XP/2000 Oct. 22, 2002)


Stop Messenger SPAM
The developer of the messenger spam software indicates on their web site
that "these messages are completely anonymous and virtually untraceable.
With this program your IP address never shows up anywhere."
http://www.stopmessengerspam.com/
 
Check this out.

http://www.f-secure.com/v-descs/delude.shtml

NAME: Delude
ALIAS: Trojan.BAT.Startpage.a
Delude is a trojan that is available on a web page. The web page contains a
code that uses a vulnerability in the Internet Explorer (MS03-032) to
execute.
More information about the vulnerability, including a fix, is available from
Microsoft at:
http://www.microsoft.com/security/security_bulletins/ms03-032.asp
VARIANT: Delude.A
The HTA code available on a web page downloads a file "partyboy.exe" from an
ftp site and runs it. This file is is packed with UPX. It is a batch file
which was compiled to executable binary (".exe") using a BatToExe tool.
When executed, it changes the Internet Explorer start page to find-now.info.
It prevents access to the most major search engines such as Google, Yahoo,
Lycos, MSN and AltaVista. To do this it replaces the following file:

More:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://vil.nai.com/vil/content/v_100719.htm
http://www.sophos.com/virusinfo/analyses/trojqhosts1.html
 
Gary,
Trojan Qhosts hijacks the HOSTS file, however unlike normal redirectors,
this one hides the HOSTS file in the "Windows\Help" folder. It then
creates entries that redirects *all* major search engines to a website.
Note: this website has now been removed, thus the DNS errors.
[more info]
http://www.mvps.org/winhelp2002/hosts.htm (bottom of page)

Microsoft has released a cumulative patch for this vulnerability:
Simply go to Windows Update [hotfix 828750]
[more info]
http://www.microsoft.com/security/security_bulletins/ms03-040.asp

If your AV did not detect or you simply don't have an AV (bad idea)
Free Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html

AVG AntiVirus 6.0 [freeware] http://www.grisoft.com/
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-30-03]
Please post replies to this Newsgroup, email address is invalid
 
James,
Trojan Qhosts hijacks the HOSTS file, however unlike normal redirectors,
this one hides the HOSTS file in the "Windows\Help" folder. It then
creates entries that redirects *all* major search engines to a website.
Note: this website has now been removed, thus the DNS errors.
[more info]
http://www.mvps.org/winhelp2002/hosts.htm (bottom of page)

Microsoft has released a cumulative patch for this vulnerability:
Simply go to Windows Update [hotfix 828750]
[more info]
http://www.microsoft.com/security/security_bulletins/ms03-040.asp

If your AV did not detect or you simply don't have an AV (bad idea)
Free Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html

AVG AntiVirus 6.0 [freeware] http://www.grisoft.com/
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-30-03]
Please post replies to this Newsgroup, email address is invalid
 
Back
Top