Redirecting and dns error

[Zteve]

I have been getting random dns errors for about a month
saying page not available and now after that happens i
get re-directed to http://www.spacereg.com all the time

 

[Jim Byrd]

Hi Zteve - Well, you kinda need to know what the parasite(s) is/are before
you can do much about fixing them except to apply some general tools like
AdAware and/or SpyBot S&D (see below). Start here:

Download HijackThis, free, here:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://www.spywareinfo.com/forums/index.php?s=8a236cdf61469fbad3bddbe810be0374&act=SF&f=11

or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here:
http://tomcoyote.org/forums/index.php?act=ST&f=10&t=495&s=2c6e92805e310b519b9fa61cc7098fba

Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).


For the general hijack case, the best way to start is to get Ad-Aware 6.0,
Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
Update and run this regularly to get rid of most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re-boot and rerun
AdAware again and repeat this cycle until you get a clean scan. The reason
is that it may have to remove things which are currently "in use" before it
can then clean up others.

Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
using both normally. After fixing things with SpyBot S&D, be sure to
re-boot and rerun SpyBot again and repeat this cycle until you get a clean
"no red" scan. The reason is that SpyBot sometimes has to remove things
which are currently "in use" before it can then clean up others.


Note that sometimes you need to make a judgement call about what these
programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Zteve]

Thanks for your help Ive downloaded adaware and spybot
and run them both but I can't access tje page for
hijackthis as it keeps redirecting me to the same site I
can't access the tomcoyote site either same thing

-----Original Message-----
Hi Zteve - Well, you kinda need to know what the parasite (s) is/are before
you can do much about fixing them except to apply some general tools like
AdAware and/or SpyBot S&D (see below). Start here:

Download HijackThis, free, here:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://www.spywareinfo.com/forums/index.php? s=8a236cdf61469fbad3bddbe810be0374&act=SF&f=11

or Net-Integration here:
http://www.net-integration.net/cgi- bin/forum/ikonboard.cgi?
s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here:
http://tomcoyote.org/forums/index.php? act=ST&f=10&t=495&s=2c6e92805e310b519b9fa61cc7098fba

Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).


For the general hijack case, the best way to start is to get Ad-Aware 6.0,
Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
Update and run this regularly to get rid of most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re- boot and rerun
AdAware again and repeat this cycle until you get a clean scan. The reason
is that it may have to remove things which are currently "in use" before it
can then clean up others.

Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-

bin/forums/ikonboard.cgi. I recommend

 

[Jim Byrd]

Hi Zteve - Try using this URL to download it:
http://216.180.252.218/~merijn/files/hijackthis.zip Then proceed as before,
but post your info to the Spyware Info site here:
http://216.180.252.218/forums/index.php?s=8a236cdf61469fbad3bddbe810be0374&act=SF&f=11
I suspect that your HOSTS file has been compromised. Try that and post back
with your results.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Zteve]

It comes up with page cannot be displayed

-----Original Message-----
Hi Zteve - Try using this URL to download it:
http://216.180.252.218/~merijn/files/hijackthis.zip Then proceed as before,
but post your info to the Spyware Info site here:
http://216.180.252.218/forums/index.php? s=8a236cdf61469fbad3bddbe810be0374&act=SF&f=11
I suspect that your HOSTS file has been compromised. Try that and post back
with your results.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In


.

 

[Zteve]

I have managed to get the hijackthis program and Ive run
it and looking through the tutorial nothing seems to be
there that shouldn't be. but i'm still being directed to
http://www.spacereg.com/df.html? especially when trying
to visit sites relating to spyware removal

 

[Zteve]

Thanks for your help Jim
I have now found out the error is with my internet
supplier ntlworld.com and they have supplied me with new
proxy settings which have sorted it out. The issue is
redirection to www.spacereg.com.

 

[Jim Byrd]

Hi Zteve - Well, YW, but I don't think I helped very much. Glad you got it
straightened out though.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Johnny Storm]

Thanks for your help Jim
I have now found out the error is with my internet
supplier ntlworld.com and they have supplied me with new
proxy settings which have sorted it out. The issue is
redirection to www.spacereg.com.

Looks like it wasnt entirely NTLs fault this time !!!

Patrick from Spacereg posted the following over the weekend

http://www.ntlhell.co.uk/forums/index.php?showtopic=3352&st=45&hl=


========================================================================
(Old_Soak @ Dec 13 2003, 05:52 PM) Wrote:

http://cr.yp.to/djbdns/com-wildcard.html

QUOTE

"Bottom line: Don't publish incorrect DNS information. In particular,
don't publish *.com wildcards. You may think that it's safe, because
properly functioning caches will never see the incorrect information;
but many caches on the Internet do not work properly."


Looks like even your software suppliers advise against using wildcards

In Reply Patrick wrote:

"I had never seen that before, but in retrospect it may not have been a
good idea to implement our services using DNS wildcard. Usually the
simplest way of implementing an application is the best, using DNS
wildcards vastly simplifies our applications. There is no way we could
have foreseen this kind of problem (well I suppose I could have read the
quoted page, but I didn't).

The fact is that the quotation is only advice. Our network setup is
perfectly viable and we did not purposely set out to steal traffic.

If DJB believed that that wild card records were not viable he would not
have implemented them (just like he did not implement hybrid
authoritative/caching name servers)

In future I will try and follow this advice since it will clearly save
me a lot of trouble...."
========================================================================