virus?

Archived from groups: alt.comp.hardware.homebuilt (More info?)

Everytime I click on the icon to open IE it opens up with a dark blue page
with the following in white writing

Detected SPYware! System error #384
__________________________________________________________________________

Your IP address is 62.254.0.36. Using this address a remote computer has
gained anaccess to your computer and probably is collecting the information
about the sites you've visited and the files contained in the folder
Temporary Internet Files. Attention! Ask for help or install the software
for deleting secret information about the sites you visited.
__________________________________________________________________________
Your computer is full of evidences!

ISP of transmission:NTLI
Your IP address:62.254.0.36
They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Your computer is:Windows XP
Risk status for further investigation:VERY HIGH RISK


To protect from the Spyware - click here
To prevent information transmission - click here
To delete the history of your activity, click here

The above three lines are links to
http://www.e-shredder.com/enter.phtml?wm=kamid

The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
called secure.html in the windows folder but everytime I open IE the same
blue page appears and the secure.html file reappears in my windows folder

Everytime I close the window a full page window pops up advertising porn and
I get a red alert from NAV saying Bloodhound.Exploit.10 has been detected in
my local settings and that NAV is unable to repair it

But when I do a full NAV system scan it says there are no viruses on my
computer. What else can be causing this?

Thanks in advance

Fran
20 answers Last reply
More about virus
  1. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    "Purple" <fparkus@spamtrapntlworld.com> wrote in message
    news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
    > Everytime I click on the icon to open IE it opens up with a dark blue page
    > with the following in white writing
    >
    > Detected SPYware! System error #384
    > __________________________________________________________________________
    >
    > Your IP address is 62.254.0.36. Using this address a remote computer has
    > gained anaccess to your computer and probably is collecting the
    information
    > about the sites you've visited and the files contained in the folder
    > Temporary Internet Files. Attention! Ask for help or install the software
    > for deleting secret information about the sites you visited.
    > __________________________________________________________________________
    > Your computer is full of evidences!
    >
    > ISP of transmission:NTLI
    > Your IP address:62.254.0.36
    > They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    > Your computer is:Windows XP
    > Risk status for further investigation:VERY HIGH RISK
    >
    >
    >
    >
    > To protect from the Spyware - click here
    > To prevent information transmission - click here
    > To delete the history of your activity, click here
    >
    > The above three lines are links to
    > http://www.e-shredder.com/enter.phtml?wm=kamid
    >
    > The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
    > called secure.html in the windows folder but everytime I open IE the same
    > blue page appears and the secure.html file reappears in my windows folder
    >
    > Everytime I close the window a full page window pops up advertising porn
    and
    > I get a red alert from NAV saying Bloodhound.Exploit.10 has been detected
    in
    > my local settings and that NAV is unable to repair it
    >
    > But when I do a full NAV system scan it says there are no viruses on my
    > computer. What else can be causing this?
    >
    > Thanks in advance
    >
    > Fran
    >
    Basically you installed, or allowed to be installed, spyware or adware on
    your computer and are now paying the price. Good first steps toward fixing
    things are to: 1. download Spybot Search & Destroy and install it 2.
    download Lavasoft's AdAware and install it 3. run each program after
    downloading the most recent detection files and allow them to fix the
    problems they discover 4. obtain a firewall program or at least turn on the
    built-in firewall if you are running XP.
    --
    John McGaw
    [Knoxville, TN, USA]
    http://johnmcgaw.com
  2. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    Purple wrote:

    > Everytime I click on the icon to open IE

    Mistake #1


    > it opens up with a dark blue page
    > with the following in white writing
    >
    > Detected SPYware! System error #384

    Run both Ad-Aware and Spybot Search & Destroy to remove any nasties.
    If you still have trouble after that, post your HijackThis log.


    -WD
  3. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    "John McGaw" <nowhere@at.all> wrote in message
    news:7yFFc.1424$285.465@bignews6.bellsouth.net...
    > "Purple" <fparkus@spamtrapntlworld.com> wrote in message
    > news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...

    <snip my previous post>

    > >
    > Basically you installed, or allowed to be installed, spyware or adware on
    > your computer and are now paying the price. Good first steps toward fixing
    > things are to: 1. download Spybot Search & Destroy and install it 2.
    > download Lavasoft's AdAware and install it 3. run each program after
    > downloading the most recent detection files and allow them to fix the
    > problems they discover 4. obtain a firewall program or at least turn on
    the
    > built-in firewall if you are running XP.
    > --
    > John McGaw
    > [Knoxville, TN, USA]
    > http://johnmcgaw.com
    >
    >

    Hi John

    I already have AdAware and completed a scan, I have Norton Firewall which I
    keep on permanently

    I will download spybot now and see if that helps

    Thankyou for your advice

    Fran
  4. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    "Will Dormann" <wdormann@yahoo.com.invalid> wrote in message
    news:aAFFc.182689$DG4.118631@fe2.columbus.rr.com...
    > Purple wrote:
    >
    > > Everytime I click on the icon to open IE
    >
    > Mistake #1
    >
    >
    > > it opens up with a dark blue page
    > > with the following in white writing
    > >
    > > Detected SPYware! System error #384
    >
    > Run both Ad-Aware and Spybot Search & Destroy to remove any nasties.
    > If you still have trouble after that, post your HijackThis log.
    >
    >
    > -WD

    Hi Will

    How do I obtain the HijackThis log?

    Thanks

    Fran
  5. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    Purple wrote:

    > Hi Will
    >
    > How do I obtain the HijackThis log?


    Run HijackThis.
    Paste the log into a reply to this message.


    If any of the above doesn't make sense, try google.


    -WD
  6. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    Sounds like it may be spyware/ trojan horse software. If so, or if it's a
    virus that NAV cannot resolve, you have little choice but to reformat your
    harddrive and do a fresh install of the OS and then reinstall your
    applications from your backup.

    --
    DaveW


    "Purple" <fparkus@spamtrapntlworld.com> wrote in message
    news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
    > Everytime I click on the icon to open IE it opens up with a dark blue page
    > with the following in white writing
    >
    > Detected SPYware! System error #384
    > __________________________________________________________________________
    >
    > Your IP address is 62.254.0.36. Using this address a remote computer has
    > gained anaccess to your computer and probably is collecting the
    information
    > about the sites you've visited and the files contained in the folder
    > Temporary Internet Files. Attention! Ask for help or install the software
    > for deleting secret information about the sites you visited.
    > __________________________________________________________________________
    > Your computer is full of evidences!
    >
    > ISP of transmission:NTLI
    > Your IP address:62.254.0.36
    > They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    > Your computer is:Windows XP
    > Risk status for further investigation:VERY HIGH RISK
    >
    >
    >
    >
    > To protect from the Spyware - click here
    > To prevent information transmission - click here
    > To delete the history of your activity, click here
    >
    > The above three lines are links to
    > http://www.e-shredder.com/enter.phtml?wm=kamid
    >
    > The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
    > called secure.html in the windows folder but everytime I open IE the same
    > blue page appears and the secure.html file reappears in my windows folder
    >
    > Everytime I close the window a full page window pops up advertising porn
    and
    > I get a red alert from NAV saying Bloodhound.Exploit.10 has been detected
    in
    > my local settings and that NAV is unable to repair it
    >
    > But when I do a full NAV system scan it says there are no viruses on my
    > computer. What else can be causing this?
    >
    > Thanks in advance
    >
    > Fran
    >
    >
    >
  7. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    DaveW wrote:

    > Sounds like it may be spyware/ trojan horse software. If so, or if it's a
    > virus that NAV cannot resolve, you have little choice but to reformat your
    > harddrive and do a fresh install of the OS and then reinstall your
    > applications from your backup.
    >

    Actually, there are lot's of alternatives short of a fresh install.

    http://www.spychecker.com/software/antispy.html
  8. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    Great advice Dave!!
    Won't be asking you for any.

    Go to www.trendmicro.com and then go to the personal tab at the top of the
    page. Click on the housecall icon and follow the instructions. Never failed
    me yet when norton can't remove a virus.

    Hope you have broadband otherwise it may take some time.

    Spencer


    "David Maynard" <dNOTmayn@ev1.net> wrote in message
    news:10ef2njc3t3um9c@corp.supernews.com...
    > DaveW wrote:
    >
    > > Sounds like it may be spyware/ trojan horse software. If so, or if it's
    a
    > > virus that NAV cannot resolve, you have little choice but to reformat
    your
    > > harddrive and do a fresh install of the OS and then reinstall your
    > > applications from your backup.
    > >
    >
    > Actually, there are lot's of alternatives short of a fresh install.
    >
    > http://www.spychecker.com/software/antispy.html
    >
  9. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    "Will Dormann" <wdormann@yahoo.com.invalid> wrote in message
    news:ycGFc.182703$DG4.37051@fe2.columbus.rr.com...
    > Purple wrote:
    >
    > > Hi Will
    > >
    > > How do I obtain the HijackThis log?
    >
    >
    > Run HijackThis.
    > Paste the log into a reply to this message.
    >
    >
    > If any of the above doesn't make sense, try google.
    >
    >
    > -WD

    After instally and running everybit of spyware software I could find I have
    finally fixed the problem

    Thanks all for your help

    Fran
  10. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    "Purple" <fparkus@spamtrapntlworld.com> wrote in message
    news:LwGFc.604$hW3.292@newsfe5-win.ntli.net...
    >
    > "John McGaw" <nowhere@at.all> wrote in message
    > news:7yFFc.1424$285.465@bignews6.bellsouth.net...
    > > "Purple" <fparkus@spamtrapntlworld.com> wrote in message
    > > news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
    >
    > <snip my previous post>
    >
    > > >
    > > Basically you installed, or allowed to be installed, spyware or adware
    on
    > > your computer and are now paying the price. Good first steps toward
    fixing
    > > things are to: 1. download Spybot Search & Destroy and install it 2.
    > > download Lavasoft's AdAware and install it 3. run each program after
    > > downloading the most recent detection files and allow them to fix the
    > > problems they discover 4. obtain a firewall program or at least turn on
    > the
    > > built-in firewall if you are running XP.
    > > --
    > > John McGaw
    > > [Knoxville, TN, USA]
    > > http://johnmcgaw.com
    > >
    > >
    >
    > Hi John
    >
    > I already have AdAware and completed a scan, I have Norton Firewall which
    I
    > keep on permanently
    >
    > I will download spybot now and see if that helps
    >
    > Thankyou for your advice
    >
    > Fran
    >
    You may want to check out the news group alt.privacy.spyware.
  11. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    naturesgift@ns.sympatico.ca

    "John McGaw" <nowhere@at.all> wrote in message
    news:7yFFc.1424$285.465@bignews6.bellsouth.net...
    > "Purple" <fparkus@spamtrapntlworld.com> wrote in message
    > news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
    > > Everytime I click on the icon to open IE it opens up with a dark blue
    page
    > > with the following in white writing
    > >
    > > Detected SPYware! System error #384
    > >
    __________________________________________________________________________
    > >
    > > Your IP address is 62.254.0.36. Using this address a remote computer has
    > > gained anaccess to your computer and probably is collecting the
    > information
    > > about the sites you've visited and the files contained in the folder
    > > Temporary Internet Files. Attention! Ask for help or install the
    software
    > > for deleting secret information about the sites you visited.
    > >
    __________________________________________________________________________
    > > Your computer is full of evidences!
    > >
    > > ISP of transmission:NTLI
    > > Your IP address:62.254.0.36
    > > They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
    5.1)
    > > Your computer is:Windows XP
    > > Risk status for further investigation:VERY HIGH RISK
    > >
    > >
    > >
    > >
    > > To protect from the Spyware - click here
    > > To prevent information transmission - click here
    > > To delete the history of your activity, click here
    > >
    > > The above three lines are links to
    > > http://www.e-shredder.com/enter.phtml?wm=kamid
    > >
    > > The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
    > > called secure.html in the windows folder but everytime I open IE the
    same
    > > blue page appears and the secure.html file reappears in my windows
    folder
    > >
    > > Everytime I close the window a full page window pops up advertising porn
    > and
    > > I get a red alert from NAV saying Bloodhound.Exploit.10 has been
    detected
    > in
    > > my local settings and that NAV is unable to repair it
    > >
    > > But when I do a full NAV system scan it says there are no viruses on my
    > > computer. What else can be causing this?
    > >
    > > Thanks in advance
    > >
    > > Fran
    > >
    > Basically you installed, or allowed to be installed, spyware or adware on
    > your computer and are now paying the price. Good first steps toward fixing
    > things are to: 1. download Spybot Search & Destroy and install it 2.
    > download Lavasoft's AdAware and install it 3. run each program after
    > downloading the most recent detection files and allow them to fix the
    > problems they discover 4. obtain a firewall program or at least turn on
    the
    > built-in firewall if you are running XP.
    > --
    > John McGaw
    > [Knoxville, TN, USA]
    > http://johnmcgaw.com
    >
    >
  12. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    "John McGaw" <nowhere@at.all> wrote in message
    news:7yFFc.1424$285.465@bignews6.bellsouth.net...
    > "Purple" <fparkus@spamtrapntlworld.com> wrote in message
    > news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
    > > Everytime I click on the icon to open IE it opens up with a dark blue
    page
    > > with the following in white writing
    > >
    > > Detected SPYware! System error #384
    > >
    __________________________________________________________________________
    > >
    > > Your IP address is 62.254.0.36. Using this address a remote computer has
    > > gained anaccess to your computer and probably is collecting the
    > information
    > > about the sites you've visited and the files contained in the folder
    > > Temporary Internet Files. Attention! Ask for help or install the
    software
    > > for deleting secret information about the sites you visited.
    > >
    __________________________________________________________________________
    > > Your computer is full of evidences!
    > >
    > > ISP of transmission:NTLI
    > > Your IP address:62.254.0.36
    > > They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
    5.1)
    > > Your computer is:Windows XP
    > > Risk status for further investigation:VERY HIGH RISK
    > >
    > >
    > >
    > >
    > > To protect from the Spyware - click here
    > > To prevent information transmission - click here
    > > To delete the history of your activity, click here
    > >
    > > The above three lines are links to
    > > http://www.e-shredder.com/enter.phtml?wm=kamid
    > >
    > > The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
    > > called secure.html in the windows folder but everytime I open IE the
    same
    > > blue page appears and the secure.html file reappears in my windows
    folder
    > >
    > > Everytime I close the window a full page window pops up advertising porn
    > and
    > > I get a red alert from NAV saying Bloodhound.Exploit.10 has been
    detected
    > in
    > > my local settings and that NAV is unable to repair it
    > >
    > > But when I do a full NAV system scan it says there are no viruses on my
    > > computer. What else can be causing this?
    > >
    > > Thanks in advance
    > >
    > > Fran
    > >
    > Basically you installed, or allowed to be installed, spyware or adware on
    > your computer and are now paying the price. Good first steps toward fixing
    > things are to: 1. download Spybot Search & Destroy and install it 2.
    > download Lavasoft's AdAware and install it 3. run each program after
    > downloading the most recent detection files and allow them to fix the
    > problems they discover 4. obtain a firewall program or at least turn on
    the
    > built-in firewall if you are running XP.

    Don't advise to arbitrarily turn on the XP firewall (ICF). This firewall
    was not meant for use in a networked environment. I don't know if the
    original poster is running his PC as part of a network, but turning on ICF
    in that situation would just create more problems.
  13. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    I had the same problem. Nothing seemed to work even system restore to
    an earlier date did not cure it. It seems, this program redirects all
    your searches to this web page. It blocks all search engines as well
    and will not let you go the google or yahoo or any other search
    engines. Look at this link, I will paste the text of it as well. It
    seems to work so far. It makes sense. Good luck. It is such a pain,
    those things

    http://www.network54.com/Forum/message?forumid=10524&messageid=1065770556


    THE PROBLEM WITH GOOGLE SOLVED!!!!
    by !mpact
    Well, after a long while I have solved the problem I had with Google.
    It seems like it was a virus afterall, though not a virus that sends
    itself, but one that gets downloaded if one surfs into a webpage.

    It's called Trojan.QHOSTS, and I suggest you go to symantec if you get
    the problem (latest update with windows internet explorer is a
    safetymeassurment towards this trojan aswell.)

    They have a rmoval tool for the virus, but I had to do something
    manually aswell, which I will share with you people:

    I searched my computer for a file called HOSTS (no extensions at all)
    It was found in two places, under Windows, and under Windows/help.
    I opened it with notepad (wordpad works aswell) and I saw that there
    was a long list of names for websites and in front of them one IP,
    the same for all of the webpages.

    I deleted it all, in both files i found, and saved the file empty,
    rebooted the comuter and it now works perfect.

    Thanks to KingSix, who helped me realize what the problem was (Dynamic
    Names Servers: DNS)I could easily figure out that the IP + different
    website adresses in the HOSTS file meant that something was masking
    the actual IP to all those sites.


    Spread the word about this, because I have seen increasingly reports
    (on microsoft helpforums for instance) about people who get this
    problem.

    NOTE: that I not only used the antivirustool and updated Windows IE6,
    I also had to manually change the files called HOSTS and reboot. I
    did not ERASE the files, because the files are put there by
    Microsoft, the virus just changes them.

    Also, when I did the antivirus checkup with the symantec tool, it did
    not find the virus, which leads me to believe that it actually got
    removed by my own antivirus program, but that it allready made the
    changes, but use the tool nevertheless, its better to be safe then
    sorry.

    ==============
    Posted through www.HowToFixComputers.com/bb - free access to hardware troubleshooting newsgroups.
  14. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    HOSTS is a valid name for legitimate files within Windows. This article
    would incorrectly lead one to believe that just because HOSTS appears in a
    search on their system that they are infected with some strange virus. Not
    the case. For example. c:\windows\system32\drivers\etc\HOSTS is a legitimate
    file at least on my XP Pro system. A search could turn up many other valid
    entries containing the name HOSTS. Do the proper research and avoid running
    off deleting files from your hard drive.


    "vladimir" <vladimir@onecando-dot-com.no-spam.invalid> wrote in message
    news:40ee1aae$1_3@news.athenanews.com...
    > I had the same problem. Nothing seemed to work even system restore to
    > an earlier date did not cure it. It seems, this program redirects all
    > your searches to this web page. It blocks all search engines as well
    > and will not let you go the google or yahoo or any other search
    > engines. Look at this link, I will paste the text of it as well. It
    > seems to work so far. It makes sense. Good luck. It is such a pain,
    > those things
    >
    > http://www.network54.com/Forum/message?forumid=10524&messageid=1065770556
    >
    >
    > THE PROBLEM WITH GOOGLE SOLVED!!!!
    > by !mpact
    > Well, after a long while I have solved the problem I had with Google.
    > It seems like it was a virus afterall, though not a virus that sends
    > itself, but one that gets downloaded if one surfs into a webpage.
    >
    > It's called Trojan.QHOSTS, and I suggest you go to symantec if you get
    > the problem (latest update with windows internet explorer is a
    > safetymeassurment towards this trojan aswell.)
    >
    > They have a rmoval tool for the virus, but I had to do something
    > manually aswell, which I will share with you people:
    >
    > I searched my computer for a file called HOSTS (no extensions at all)
    > It was found in two places, under Windows, and under Windows/help.
    > I opened it with notepad (wordpad works aswell) and I saw that there
    > was a long list of names for websites and in front of them one IP,
    > the same for all of the webpages.
    >
    > I deleted it all, in both files i found, and saved the file empty,
    > rebooted the comuter and it now works perfect.
    >
    > Thanks to KingSix, who helped me realize what the problem was (Dynamic
    > Names Servers: DNS)I could easily figure out that the IP + different
    > website adresses in the HOSTS file meant that something was masking
    > the actual IP to all those sites.
    >
    >
    > Spread the word about this, because I have seen increasingly reports
    > (on microsoft helpforums for instance) about people who get this
    > problem.
    >
    > NOTE: that I not only used the antivirustool and updated Windows IE6,
    > I also had to manually change the files called HOSTS and reboot. I
    > did not ERASE the files, because the files are put there by
    > Microsoft, the virus just changes them.
    >
    > Also, when I did the antivirus checkup with the symantec tool, it did
    > not find the virus, which leads me to believe that it actually got
    > removed by my own antivirus program, but that it allready made the
    > changes, but use the tool nevertheless, its better to be safe then
    > sorry.
    >
    > ==============
    > Posted through www.HowToFixComputers.com/bb - free access to hardware
    troubleshooting newsgroups.
  15. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    jch wrote:

    > HOSTS is a valid name for legitimate files within Windows. This article
    > would incorrectly lead one to believe that just because HOSTS appears in a
    > search on their system that they are infected with some strange virus. Not
    > the case. For example. c:\windows\system32\drivers\etc\HOSTS is a legitimate
    > file at least on my XP Pro system. A search could turn up many other valid
    > entries containing the name HOSTS. Do the proper research and avoid running
    > off deleting files from your hard drive.

    Good advice but only if they misread what was written. The problem found,
    as stated, is correct: a 'hijack' where a gaggle of websites are entered
    into the HOSTS file, the same one you correctly point out is a standard
    Windows file, with a single IP address for all of them thereby directing
    the machine to go there for every site listed.

    And he corrected that particular problem by removing the bogus ENTRIES in
    the hosts file and re-saving it.

    He should have, however, left
    127.0.0.1 localhost
    in it.

    >
    > "vladimir" <vladimir@onecando-dot-com.no-spam.invalid> wrote in message
    > news:40ee1aae$1_3@news.athenanews.com...
    >
    >>I had the same problem. Nothing seemed to work even system restore to
    >>an earlier date did not cure it. It seems, this program redirects all
    >>your searches to this web page. It blocks all search engines as well
    >>and will not let you go the google or yahoo or any other search
    >>engines. Look at this link, I will paste the text of it as well. It
    >>seems to work so far. It makes sense. Good luck. It is such a pain,
    >>those things
    >>
    >>http://www.network54.com/Forum/message?forumid=10524&messageid=1065770556
    >>
    >>
    >>THE PROBLEM WITH GOOGLE SOLVED!!!!
    >>by !mpact
    >>Well, after a long while I have solved the problem I had with Google.
    >>It seems like it was a virus afterall, though not a virus that sends
    >>itself, but one that gets downloaded if one surfs into a webpage.
    >>
    >>It's called Trojan.QHOSTS, and I suggest you go to symantec if you get
    >>the problem (latest update with windows internet explorer is a
    >>safetymeassurment towards this trojan aswell.)
    >>
    >>They have a rmoval tool for the virus, but I had to do something
    >>manually aswell, which I will share with you people:
    >>
    >>I searched my computer for a file called HOSTS (no extensions at all)
    >>It was found in two places, under Windows, and under Windows/help.
    >>I opened it with notepad (wordpad works aswell) and I saw that there
    >>was a long list of names for websites and in front of them one IP,
    >>the same for all of the webpages.
    >>
    >>I deleted it all, in both files i found, and saved the file empty,
    >>rebooted the comuter and it now works perfect.
    >>
    >>Thanks to KingSix, who helped me realize what the problem was (Dynamic
    >>Names Servers: DNS)I could easily figure out that the IP + different
    >>website adresses in the HOSTS file meant that something was masking
    >>the actual IP to all those sites.
    >>
    >>
    >>Spread the word about this, because I have seen increasingly reports
    >>(on microsoft helpforums for instance) about people who get this
    >>problem.
    >>
    >>NOTE: that I not only used the antivirustool and updated Windows IE6,
    >>I also had to manually change the files called HOSTS and reboot. I
    >>did not ERASE the files, because the files are put there by
    >>Microsoft, the virus just changes them.
    >>
    >>Also, when I did the antivirus checkup with the symantec tool, it did
    >>not find the virus, which leads me to believe that it actually got
    >>removed by my own antivirus program, but that it allready made the
    >>changes, but use the tool nevertheless, its better to be safe then
    >>sorry.
    >>
    >>==============
    >>Posted through www.HowToFixComputers.com/bb - free access to hardware
    >
    > troubleshooting newsgroups.
    >
    >
  16. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    On Fri, 09 Jul 2004 08:42:17 -0500, David Maynard
    <dNOTmayn@ev1.net> wrote:

    >jch wrote:
    >
    >> HOSTS is a valid name for legitimate files within Windows. This article
    >> would incorrectly lead one to believe that just because HOSTS appears in a
    >> search on their system that they are infected with some strange virus. Not
    >> the case. For example. c:\windows\system32\drivers\etc\HOSTS is a legitimate
    >> file at least on my XP Pro system. A search could turn up many other valid
    >> entries containing the name HOSTS. Do the proper research and avoid running
    >> off deleting files from your hard drive.
    >
    >Good advice but only if they misread what was written. The problem found,
    >as stated, is correct: a 'hijack' where a gaggle of websites are entered
    >into the HOSTS file, the same one you correctly point out is a standard
    >Windows file, with a single IP address for all of them thereby directing
    >the machine to go there for every site listed.
    >
    >And he corrected that particular problem by removing the bogus ENTRIES in
    >the hosts file and re-saving it.
    >
    >He should have, however, left
    >127.0.0.1 localhost
    >in it.

    It's not a bad idea to have a backup of the hosts file or at
    least be familar with it's location so it can be retrieved from a
    larger backup set... Don't know about what the typical user does
    (probably no editing of hosts file at all) but mine is large
    enough it could take days to edit it.
  17. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    kony wrote:

    > On Fri, 09 Jul 2004 08:42:17 -0500, David Maynard
    > <dNOTmayn@ev1.net> wrote:
    >
    >
    >>jch wrote:
    >>
    >>
    >>>HOSTS is a valid name for legitimate files within Windows. This article
    >>>would incorrectly lead one to believe that just because HOSTS appears in a
    >>>search on their system that they are infected with some strange virus. Not
    >>>the case. For example. c:\windows\system32\drivers\etc\HOSTS is a legitimate
    >>>file at least on my XP Pro system. A search could turn up many other valid
    >>>entries containing the name HOSTS. Do the proper research and avoid running
    >>>off deleting files from your hard drive.
    >>
    >>Good advice but only if they misread what was written. The problem found,
    >>as stated, is correct: a 'hijack' where a gaggle of websites are entered
    >>into the HOSTS file, the same one you correctly point out is a standard
    >>Windows file, with a single IP address for all of them thereby directing
    >>the machine to go there for every site listed.
    >>
    >>And he corrected that particular problem by removing the bogus ENTRIES in
    >>the hosts file and re-saving it.
    >>
    >>He should have, however, left
    >>127.0.0.1 localhost
    >>in it.
    >
    >
    > It's not a bad idea to have a backup of the hosts file or at
    > least be familar with it's location so it can be retrieved from a
    > larger backup set...

    Yeah. Just like any 'user data': back it up or run the risk of losing it.

    > Don't know about what the typical user does
    > (probably no editing of hosts file at all) but mine is large
    > enough it could take days to edit it.

    The typical user won't be manually editing ANY file of that kind, at least
    not under normal circumstances. They just expect things to 'work'.

    I'm curious, what all do you have in it and why?
  18. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    On Fri, 09 Jul 2004 18:55:31 -0500, David Maynard
    <dNOTmayn@ev1.net> wrote:


    >I'm curious, what all do you have in it and why?

    Tons of stuff, like routers and other remote systems, but mostly
    blocked 'site like SW Flash downloads, other ads, popup
    sources... I entered many myself but the majority are appended
    from several host lists I've come across sporadically.
  19. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    kony wrote:

    > On Fri, 09 Jul 2004 18:55:31 -0500, David Maynard
    > <dNOTmayn@ev1.net> wrote:
    >
    >
    >
    >>I'm curious, what all do you have in it and why?
    >
    >
    > Tons of stuff, like routers and other remote systems, but mostly
    > blocked 'site like SW Flash downloads, other ads, popup
    > sources... I entered many myself but the majority are appended
    > from several host lists I've come across sporadically.

    I see.
  20. Archived from groups: alt.comp.hardware.homebuilt (More info?)

    The problem w/ Spybot in dealing w/ E-shredder is that it does not
    pick up the 2 extra explorers that are now installed on your pc.
    This is from computer cops:
    1.Restart the computer in safe mode/safe mode command prompt.
    2.Go to the windows\system32 directory
    3.Find and delete explorer.exe & system32.dll (ONLY from the
    windows\system32 directory)
    4.Go to the windows\ directory & delete secure.html
    5.Restart the computer
    6.Search for files called "HOSTS" (with no file extention) &
    delete them (usually 2)
    7.Modify your homepage settings in IE to your favourite homepage.
    8.Restart your computer & run all your programs to check you have
    a sucessfull "erradication".

    I spent 3 hrs on a friend's computer running -multiple times- Spybot
    and Adware. I was able to erradicate everything except for eshredder
    (didn't have the above info at the time). It seems that this is THE
    solution. I just haven't had time to do it.
    Good luck to you.

    ==============
    Posted through www.HowToFixComputers.com/bb - free access to hardware troubleshooting newsgroups.
Ask a new question

Read More

Homebuilt Computer Systems Product