Explorer and google issue

  • Thread starter Thread starter Brian Lynn
  • Start date Start date
B

Brian Lynn

I have read the previous posts about eh IE6 and the
trojanQhosts issue and I have looked for this trijan in
the registry and with symantec tools. It does not appear
to be resident on my computer. I have run the removal
toola dn the result was negative: no infection.

I am running Win98 iwth all the updates and stuff I can
get... someone please help... when I try to enter
www.google.com I am sent to a site called cPanel. I have
seen this issue discussed before but as I said, I do not
appear to have the trojanQhosts issue.

Thanks for any help!
 
The Trojan, if it is present works by putting an entry into your HOSTS file
for www.google.com with an IP address that redirects to the malicious site.
On your Win98 machine your HOSTS file (no extension) is located in your
Windows folder and you can use a text editor to find and remove the entry
for google.com.

Select the Start=>Run menu option and copy and paste the following into the
Run dialog

notepad %windir%\HOSTS

this will open your HOSTS file in notepad. Locate the entry for google.com
and delete the entry.

Save your changes making sure that it is saved as HOSTS and not HOSTS.txt.

Your HOSTS file may have only read-only access on it which may prevent you
from saving it. If this is the case then open Windows Explorer and find the
HOSTS file in your Windows folder. Right click on it to display the
drop-down menu and select Properties. Un-check the Read-only file attribute
and press the OK button. Then return to the previous steps and you should be
able to save your changes to the HOSTS file.
 
More info on qhosts or delude.
http://www.f-secure.com/v-descs/delude.shtml
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://vil.nai.com/vil/content/v_100719.htm
http://www.sophos.com/virusinfo/analyses/trojqhosts1.html


It may be a new variant of a parasite.

Go to http://www.spywareinfo.com/downloads.php#det
Download "Hijack This!" [freeware] or download direct (below):
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

If you get a 404 error or Access denied, try:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates "hijackthis.log")

Next, HijackThis | Config [button] | Misc Tools [button]
Click: Generate StartupList log [button] (generates "startuplist.txt")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, then copy and paste both files in your message.

HijackThis Quick Start Help
http://www.tomcoyote.org/hjt/
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
 
Exactly, rename the file OLDHOSTS.old
In order to work that file must not have an extension. Just HOSTS
 
WOOHOO! thanks for the help!
-----Original Message-----
Exactly, rename the file OLDHOSTS.old
In order to work that file must not have an extension. Just HOSTS









.
Click to expand...
 
I tried the Norton free fix for this virus and it did not find anything. I
also searched and found the HOST files, opened them with NotePad, deleted
the lines, and saved the changes. But one file would not let me save the
changes. So I still have the virus. Any more suggestions? What am I
missing?
Art
 
Art,
What file wouldn't let you save the changes? The HOSTS file?
If so it may be marked "Read Only" ? .....
You can find a small batch file on my Hosts page to unlock it if needed.
[or]
Try right-click the file, select: Properties, uncheck Read Only
Click Apply\Ok, then make desired changes .......
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-30-03]
Please post replies to this Newsgroup, email address is invalid
--
 
Back
Top