Browser hijacker

  • Thread starter Thread starter Ben Stevenson
  • Start date Start date
B

Ben Stevenson

I received a pop-up box saying something like that in my Hosts File is a
browser hijacker that can also transfer my Home page to another. The box
then disappeared. Where do I have to go to find and correct this problem?
TIA
 
The system host file allows for website redirection to unintended sources,
should spyware take advantage of that. To find your host file, go to
C:\WINDOWS\SYSTEM32\DRIVERS\ETC. The file is called HOSTS. Open it in
Notepad and take a look at what's inside. Generally only one redirected
address is contained inside it:

127.0.0.1 localhost

What that means is that if you type in "localhost" into an Internet Explorer
bar, your computer will try to connect to the local address 127.0.0.1.
Spyware tries to exploit that by adding other entries to force you to surf
to their site. If there are any other address listed below the localhost one
that you did not add yourself, delete them. Also, I'd highly suggest
scanning your system with Ad Aware
(http://www.lavasoftusa.com/software/adaware/) to get rid of any spyware on
your system.

--
______________________________________________
Michael Katz
[Microsoft MVP - MSN Client]
"There's no I in 'team' but there is 'me'"
http://msmvps.com/msntral

This posting is provided 'AS IS' with no warranties, and confers no rights.
 
Ben Stevenson said:
I received a pop-up box saying something like that in my Hosts File is a
browser hijacker that can also transfer my Home page to another. The box
then disappeared. Where do I have to go to find and correct this problem?
TIA
Click to expand...

Have you installed a particular Hosts file to block certain Web sites? Some
anti-spyware programs, including the Microsoft Anti-Spyware beta will give a
false positive on any entries in Hosts except the default one.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/
 
Thanks for your response.
Went to the C:\WINDOWS\SYSTEM32\DRIVERS\ETC. folder as you advised.
I do not see one but six files as below:
hosts
hosts.bak
lmhosts.sam
networks
protocol
services

None of them show any address. All the six were created on 6/21/2003, a year
before I bought this brand new NEC computer which came preinstalled with XP
Home. The icon of these files is of the "Open With" type (the upright
rectangle with colored dots in it), that cannot normally be opened as they
do not have an application associated with it.
Would appreciate your further advise.
Thanks

Michael Katz said:
The system host file allows for website redirection to unintended sources,
should spyware take advantage of that. To find your host file, go to
C:\WINDOWS\SYSTEM32\DRIVERS\ETC. The file is called HOSTS. Open it in
Notepad and take a look at what's inside. Generally only one redirected
address is contained inside it:

127.0.0.1 localhost

What that means is that if you type in "localhost" into an Internet Explorer
bar, your computer will try to connect to the local address 127.0.0.1.
Spyware tries to exploit that by adding other entries to force you to surf
to their site. If there are any other address listed below the localhost one
that you did not add yourself, delete them. Also, I'd highly suggest
scanning your system with Ad Aware
(http://www.lavasoftusa.com/software/adaware/) to get rid of any spyware on
your system.

--
______________________________________________
Michael Katz
[Microsoft MVP - MSN Client]
"There's no I in 'team' but there is 'me'"
http://msmvps.com/msntral

This posting is provided 'AS IS' with no warranties, and confers no rights.




Ben Stevenson said:
I received a pop-up box saying something like that in my Hosts File is a
browser hijacker that can also transfer my Home page to another. The box
then disappeared. Where do I have to go to find and correct this problem?
TIA
Click to expand...
Click to expand...
 
Thanks for your response.
I did not install any particular Hosts file. I am not good in that area so
I steer clear of it. I do have Microsoft Anti-Spyware.
 
Ben Stevenson said:
Thanks for your response.
I did not install any particular Hosts file. I am not good in that area so
I steer clear of it. I do have Microsoft Anti-Spyware.
Click to expand...

What exactly does the message say?

Try renaming hosts (the first one in your list) to hosts.old

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/
 
I was referring to the HOSTS file in that directory. Right click the file,
click "Open With" and select Notepad.

--
______________________________________________
Michael Katz
[Microsoft MVP - MSN Client]
"There's no I in 'team' but there is 'me'"
http://msmvps.com/msntral

This posting is provided 'AS IS' with no warranties, and confers no rights.



Ben Stevenson said:
Thanks for your response.
Went to the C:\WINDOWS\SYSTEM32\DRIVERS\ETC. folder as you advised.
I do not see one but six files as below:
hosts
hosts.bak
lmhosts.sam
networks
protocol
services

None of them show any address. All the six were created on 6/21/2003, a
year
before I bought this brand new NEC computer which came preinstalled with
XP
Home. The icon of these files is of the "Open With" type (the upright
rectangle with colored dots in it), that cannot normally be opened as they
do not have an application associated with it.
Would appreciate your further advise.
Thanks

Michael Katz said:
The system host file allows for website redirection to unintended
sources,
should spyware take advantage of that. To find your host file, go to
C:\WINDOWS\SYSTEM32\DRIVERS\ETC. The file is called HOSTS. Open it in
Notepad and take a look at what's inside. Generally only one redirected
address is contained inside it:

127.0.0.1 localhost

What that means is that if you type in "localhost" into an Internet Explorer
bar, your computer will try to connect to the local address 127.0.0.1.
Spyware tries to exploit that by adding other entries to force you to
surf
to their site. If there are any other address listed below the localhost one
that you did not add yourself, delete them. Also, I'd highly suggest
scanning your system with Ad Aware
(http://www.lavasoftusa.com/software/adaware/) to get rid of any spyware on
your system.

--
______________________________________________
Michael Katz
[Microsoft MVP - MSN Client]
"There's no I in 'team' but there is 'me'"
http://msmvps.com/msntral

This posting is provided 'AS IS' with no warranties, and confers no rights.




Ben Stevenson said:
I received a pop-up box saying something like that in my Hosts File is a
browser hijacker that can also transfer my Home page to another. The
box
then disappeared. Where do I have to go to find and correct this problem?
TIA
Click to expand...
Click to expand...
Click to expand...
 
Back
Top