Larry,
Trojan Qhosts hijacks the HOSTS file, however unlike normal redirectors,
this one hides the HOSTS file in the "Windows\Help" folder. It then
creates entries that redirects *all* major search engines to a website.
Note: this website has now been removed, thus the DNS errors.
Some users have reported multiple HOSTS files in various locations
[more info]
http://www.mvps.org/winhelp2002/hosts.htm
Microsoft has released a cumulative patch for this vulnerability:
Simply go to Windows Update [hotfix 828750]
[more info]
http://www.microsoft.com/security/security_bulletins/ms03-040.asp
[Manual Removal Method]
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
[or]
http://vil.nai.com/vil/content/v_100719.htm
Note: not all machines are affected by the same Registry changes
but the user needs to verify in any case, if changes exist.
You can detect "Qhosts" via a new beta version of HijackThis
http://www.spywareinfo.com/~merijn/files/beta/hijackthis.zip
[more info]
http://forums.spywareinfo.com/index.php?showtopic=12127
For instruction on using HijackThis!
http://www.mvps.org/winhelp2002/unwanted.htm
_______________________________________
Mike Burgess
http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 10-07-03]
Please post replies to this Newsgroup, email address is invalid
