Search engines

  • Thread starter Thread starter Jim Smith
  • Start date Start date
J

Jim Smith

I can't get Internet Explorer to do a search of the web.
I can't seem to get any search engine to work.
 
Hello
Mr. Jim Smith
I have one technical problem in our pc the problem is with
iam unable to open the home page of my company
We have the Windows NT 4.0 workstation on that PC I
installed it through image CD which the company had
provided
It is Dell system PIII 600 Optiplex GX1p WinNT 128MB RAM
20GB Hard disk 8MBVRAM 1.44MB FDD 512KB
Other than my home page iam able to browse .But not my
Home page Internet Explorer was 5.5 then upgrade it to 6
Even though it was not working in 5.5 can you suggest the
best solution for this problem but with same configuration?
We could have but in that system its working fine any way
please finds it Immeadtely
I hope your correspondence will appreciate me.
Thank you
Ahmed Syed J
 
Qhosts virus/trojan, aka delude.

http://www.f-secure.com/v-descs/delude.shtml

NAME: Delude
ALIAS: Trojan.BAT.Startpage.a
Delude is a trojan that is available on a web page. The web page contains a
code that uses a vulnerability in the Internet Explorer (MS03-032) to
execute.
More information about the vulnerability, including a fix, is available from
Microsoft at:
http://www.microsoft.com/security/security_bulletins/ms03-032.asp
VARIANT: Delude.A
The HTA code available on a web page downloads a file "partyboy.exe" from an
ftp site and runs it. This file is is packed with UPX. It is a batch file
which was compiled to executable binary (".exe") using a BatToExe tool.
When executed, it changes the Internet Explorer start page to find-now.info.
It prevents access to the most major search engines such as Google, Yahoo,
Lycos, MSN and AltaVista. To do this it replaces the following file:

More:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://vil.nai.com/vil/content/v_100719.htm
http://www.sophos.com/virusinfo/analyses/trojqhosts1.html

Removal tool that has been used with success.
http://www.brown.edu/Facilities/CIS/Software_Services/virus/index.html
 
-----Original Message-----
I can't get Internet Explorer to do a search of the web.
I can't seem to get any search engine to work.
.

I am having the same problems. Have you found a
solution. I also cant contact google.com or ask.com, they
come back with a message from cpanel.
If you find a solution, please contact me.
 
Hi Matt - You've apparently gotten infected with the QHosts trojan. Read
here for information:

http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719
http://www3.ca.com/virusinfo/virus.aspx?ID=37191


Try the following:

1. Be sure that you install hotfix 828750 which fixes the exploit that this
virus uses:

http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp

2. Update and run a complete Anti-Virus software check of your system. Most
of the major AV companies have updated their latest signatures to detect
this virus (for Network Associates (McAfee), be sure to get the EXTRADAT.exe
update from the above page as well as your regular update).

3a. If running your AV doesn't clean it up, go to this page, read the
directions CAREFULLY (particularly about the Restore option) and download
and run the removal tool:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html

3b. An alternative that by report may work better than the Symantec tool is
the Brown University Removal Tool, here:

http://software.brown.edu/dist/w-cleanqhosts.html THIS WOULD BE MY PRIMARY
RECOMMENDATION

If that still doesn't clean it up (and a number of people are reporting that
it did not with the Symantec tool), then follow the Manual Removal
instructions at the link in 3a. The following is courtesy of Mike Burgess:

"Does a HOSTS file still exist in Windows\Help?
Trojan Qhosts hijacks the HOSTS file, however unlike normal redirectors,
this one hides the HOSTS file in the "Windows\Help" folder. It then
creates entries that redirects all major search engines to a website.
Note: this website has now been removed, thus the DNS errors.
[more info]
http://www.mvps.org/winhelp2002/hosts.htm (bottom of page)
Run the beta version of HijackThis
(http://www.spywareinfo.com/~merijn/files/beta/hijackthis.zip)
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-30-03]
Please post replies to this Newsgroup, email address is invalid"


Just to follow up on this - there may be multiple different HOSTS files on
your machine with the trojan's settings some of which cannot not be removed
by the Removal Tools, and you'll need to do a search to find and just delete
them all, or clean them per the manual directions at the Symantec site.

4. You probably will then need to restore your HOSTS file if you plan to use
it for DNS speedup and/or ad blocking. Download the Hosts File Reader:

http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe

To create a new Default version of HOSTS, run the program, click the "Read
Hosts File" button, click the button labeled "Reset Defaults" and click
"Save Changes." Note that this is NOT a recreation of your original HOSTS
file, but a brand new "initialized" one. Now go to normal HOSTS file
location (Windows XP\2000 Location: - C:\WINDOWS\SYSTEM32\DRIVERS\ETC or
Windows 98\ME Location: - C:\WINDOWS) and rename the "hosts" file that it
created to "HOSTS" (no quotes, all caps, no extension). If you've been using
your HOSTS file for ad blocking (see
http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted Ads with a Hosts
File), then you'll need to reset the new default you've created up for that
purpose. (Recommended, BTW - it also blocks a lot of "malware" as well as
offensive advertising.)


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
Back
Top