I am having the same problem. I noticed this machine had-----Original Message-----
i am having a problem with ie just in the last two days
none of my seach boxs work at all if i type in google it
comes up sith a fault
.
-----Original Message-----
Hi Dale and Terry - You've apparently gotten infected with the QHosts
trojan. Read here for information:
http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html
http://us.mcafee.com/virusInfo/default.asp? id=description&virus_k=100719
http://www3.ca.com/virusinfo/virus.aspx?ID=37191
Try the following:
1. Be sure that you install hotfix 828750 which fixes the exploit that this
virus uses:
http://www.microsoft.com/windows/ie/downloads/critical/82 8750/default.asp
2. Update and run a complete Anti-Virus software check of your system. Most
of the major AV companies have updated their latest signatures to detect
this virus (for Network Associates (McAfee), be sure to get the EXTRADAT.exe
update from the above page as well as your regular update).
3. If running your AV doesn't clean it up, go to this page, read the
directions CAREFULLY (particularly about the Restore option) and download
and run the removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/t rojan.qhosts.removal.tool.html
If that still doesn't clean it up (and a number of people are reporting that
it did not), then follow the Manual Removal instructions there. The
following is courtesy of Mike Burgess:
"Does a HOSTS file still exist in Windows\Help?
Trojan Qhosts hijacks the HOSTS file, however unlike normal redirectors,
this one hides the HOSTS file in the "Windows\Help" folder. It then
creates entries that redirects all major search engines to a website.
Note: this website has now been removed, thus the DNS errors.
[more info]
http://www.mvps.org/winhelp2002/hosts.htm (bottom of page)
Run the beta version of HijackThis (link on Hosts page)
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-30- 03]
Please post replies to this Newsgroup, email address is invalid"
Just to follow up on this - there may be multiple different HOSTS files on
your machine with the trojan's settings, and you'll need to do a search to
find and just delete them all, or clean them per the manual directions at
the Symantec site.
4. You probably will then need to restore your HOSTS file if you plan to use
it for DNS speedup and/or ad blocking. Download the Hosts File Reader:
http://members.shaw.ca/techcd/VB_Projects/HostsFileReader ..exe
To create a new Default version of HOSTS, run the program, click the "Read
Hosts File" button, click the button labeled "Reset Defaults" and click
"Save Changes." Note that this is NOT a recreation of your original HOSTS
file, but a brand new "initialized" one. Now go to normal HOSTS file
location (Windows XP\2000 Location: - C:\WINDOWS\SYSTEM32 \DRIVERS\ETC or
Windows 98\ME Location: - C:\WINDOWS) and rename the "hosts" file that it
created to "HOSTS" (no quotes, all caps, no extension). If you've been using
your HOSTS file for ad blocking (see
http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted Ads with a Hosts
File), then you'll need to reset the new default you've created up for that
purpose. (Recommended, BTW - it also blocks a lot of "malware" as well as
offensive advertising.)
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
Indale said:i am having a problem with ie just in the last two days
none of my seach boxs work at all if i type in google it
comes up sith a fault
.
terry said:Thanks, I'll give this a try. You're the best!
Cheers.
-----Original Message-----
Hi Dale and Terry - You've apparently gotten infected with the QHosts
trojan. Read here for information:
http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html
http://us.mcafee.com/virusInfo/default.asp?
id=description&virus_k=100719
http://www3.ca.com/virusinfo/virus.aspx?ID=37191
Try the following:
1. Be sure that you install hotfix 828750 which fixes the exploit
that this virus uses:
http://www.microsoft.com/windows/ie/downloads/critical/82
8750/default.asp
2. Update and run a complete Anti-Virus software check of your
system. Most of the major AV companies have updated their latest
signatures to detect this virus (for Network Associates (McAfee), be
sure to get the EXTRADAT.exe update from the above page as well as
your regular update).
3. If running your AV doesn't clean it up, go to this page, read the
directions CAREFULLY (particularly about the Restore option) and
download and run the removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/t
rojan.qhosts.removal.tool.html
If that still doesn't clean it up (and a number of people are
reporting that it did not), then follow the Manual Removal
instructions there. The following is courtesy of Mike Burgess:
"Does a HOSTS file still exist in Windows\Help?
Trojan Qhosts hijacks the HOSTS file, however unlike normal
redirectors, this one hides the HOSTS file in the "Windows\Help"
folder. It then creates entries that redirects all major search
engines to a website. Note: this website has now been removed, thus
the DNS errors. [more info]
http://www.mvps.org/winhelp2002/hosts.htm (bottom of page)
Run the beta version of HijackThis (link on Hosts page)
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a
HOSTS file http://www.mvps.org/winhelp2002/hosts.htm [updated 9-30-
03] Please post replies to this Newsgroup, email address is invalid"
Just to follow up on this - there may be multiple different HOSTS
files on your machine with the trojan's settings, and you'll need to
do a search to find and just delete them all, or clean them per the
manual directions at the Symantec site.
4. You probably will then need to restore your HOSTS file if you
plan to use it for DNS speedup and/or ad blocking. Download the
Hosts File Reader:
http://members.shaw.ca/techcd/VB_Projects/HostsFileReader .exe
To create a new Default version of HOSTS, run the program, click the
"Read Hosts File" button, click the button labeled "Reset Defaults"
and click "Save Changes." Note that this is NOT a recreation of your
original HOSTS file, but a brand new "initialized" one. Now go to
normal HOSTS file location (Windows XP\2000 Location: -
C:\WINDOWS\SYSTEM32 \DRIVERS\ETC or Windows 98\ME Location: -
C:\WINDOWS) and rename the "hosts" file that it
created to "HOSTS" (no quotes, all caps, no extension). If you've
been using your HOSTS file for ad blocking (see
http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted Ads with
a Hosts File), then you'll need to reset the new default you've
created up for that purpose. (Recommended, BTW - it also blocks a
lot of "malware" as well as
offensive advertising.)
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
Indale said:i am having a problem with ie just in the last two days
none of my seach boxs work at all if i type in google it
comes up sith a fault
.