google

  • Thread starter Thread starter larry garton
  • Start date Start date
L

larry garton

i havve a dell computer, running xp, i usded google to
search alot of things. now i can not get google to come
up. it says page will not display. any suggestions on
what to do.
 
Larry,
Trojan Qhosts hijacks the HOSTS file, however unlike normal redirectors,
this one hides the HOSTS file in the "Windows\Help" folder. It then
creates entries that redirects *all* major search engines to a website.
Note: this website has now been removed, thus the DNS errors.
Some users have reported multiple HOSTS files in various locations
[more HOSTS info]
http://www.mvps.org/winhelp2002/hosts.htm

Microsoft has released a cumulative patch for this vulnerability:
Simply go to Windows Update [hotfix 828750]
[more info]
http://www.microsoft.com/security/security_bulletins/ms03-040.asp

[Removal Method]
http://www.brown.edu/Facilities/CIS/Software_Services/virus/index.html
[or]
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
[or]
http://vil.nai.com/vil/content/v_100719.htm
Note: not all machines are affected by the same Registry changes
but the user needs to verify in any case, if changes exist.

You can detect "Qhosts" via "HijackThis!"
http://www.mvps.org/winhelp2002/unwanted.htm
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 10-10-03]
Please post replies to this Newsgroup, email address is invalid
 
I am having the same problem with google and all other
search engine. The problem started when one of my
computers could not access the internet and the others
could. I restored default settings on the Microsoft
Internet Explorer under Tools. Since then the internet
has worked but no search engines.
 
Check this out.

Qhosts virus/trojan, aka delude.

http://www.f-secure.com/v-descs/delude.shtml

NAME: Delude
ALIAS: Trojan.BAT.Startpage.a
Delude is a trojan that is available on a web page. The web page contains a
code that uses a vulnerability in the Internet Explorer (MS03-032) to
execute.
More information about the vulnerability, including a fix, is available from
Microsoft at:
http://www.microsoft.com/security/security_bulletins/ms03-032.asp
VARIANT: Delude.A
The HTA code available on a web page downloads a file "partyboy.exe" from an
ftp site and runs it. This file is is packed with UPX. It is a batch file
which was compiled to executable binary (".exe") using a BatToExe tool.
When executed, it changes the Internet Explorer start page to find-now.info.
It prevents access to the most major search engines such as Google, Yahoo,
Lycos, MSN and AltaVista. To do this it replaces the following file:

More:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
http://vil.nai.com/vil/content/v_100719.htm
http://www.sophos.com/virusinfo/analyses/trojqhosts1.html

An other removal tool that has been used with success.
http://www.brown.edu/Facilities/CIS/Software_Services/virus/index.html
 
Back
Top