Internet Explorer Version 6.0. 2800.1106IS

[Linda Groshart]

Just within the last two days, I have not been able to
search for anything on the Internet. When I type any word
in the "Search the Web"...after a slow search I get the
error message: "The page cannot be found." I can go to
Favorites and pull up sites, I can click on email links
and go to sites, I can click on any word on the home
page...but I cannot search for new sites. Does anyone
have a solution?

 

[H Leboeuf]

This new virus prevents access to the most major search engines such as
Google, Yahoo, Lycos, MSN and AltaVista.


http://www.f-secure.com/v-descs/delude.shtml

NAME: Delude
ALIAS: Trojan.BAT.Startpage.a
Delude is a trojan that is available on a web page. The web page contains a
code that uses a vulnerability in the Internet Explorer (MS03-032) to
execute.
More information about the vulnerability, including a fix, is available from
Microsoft at:
http://www.microsoft.com/security/security_bulletins/ms03-032.asp
VARIANT: Delude.A
The HTA code available on a web page downloads a file "partyboy.exe" from an
ftp site and runs it. This file is is packed with UPX. It is a batch file
which was compiled to executable binary (".exe") using a BatToExe tool.
When executed, it changes the Internet Explorer start page to find-now.info.
It prevents access to the most major search engines such as Google, Yahoo,
Lycos, MSN and AltaVista. To do this it replaces the following file:

More:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://vil.nai.com/vil/content/v_100719.htm
http://www.sophos.com/virusinfo/analyses/trojqhosts1.html
--


However if you are able to get to the site by including http://www.... to
your address then you have been hacked by parasites.

Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm


Henri Leboeuf
Web page: http://www.generation.net/~hleboeuf/index.htm