Sign in with
Sign up | Sign in
Your question

virus?

Last response: in Systems
Share
July 4, 2004 2:16:23 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

Everytime I click on the icon to open IE it opens up with a dark blue page
with the following in white writing

Detected SPYware! System error #384
__________________________________________________________________________

Your IP address is 62.254.0.36. Using this address a remote computer has
gained anaccess to your computer and probably is collecting the information
about the sites you've visited and the files contained in the folder
Temporary Internet Files. Attention! Ask for help or install the software
for deleting secret information about the sites you visited.
__________________________________________________________________________
Your computer is full of evidences!

ISP of transmission:NTLI
Your IP address:62.254.0.36
They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Your computer is:Windows XP
Risk status for further investigation:VERY HIGH RISK




To protect from the Spyware - click here
To prevent information transmission - click here
To delete the history of your activity, click here

The above three lines are links to
http://www.e-shredder.com/enter.phtml?wm=kamid

The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
called secure.html in the windows folder but everytime I open IE the same
blue page appears and the secure.html file reappears in my windows folder

Everytime I close the window a full page window pops up advertising porn and
I get a red alert from NAV saying Bloodhound.Exploit.10 has been detected in
my local settings and that NAV is unable to repair it

But when I do a full NAV system scan it says there are no viruses on my
computer. What else can be causing this?

Thanks in advance

Fran

More about : virus

Anonymous
a b B Homebuilt system
July 4, 2004 2:16:24 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

"Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
> Everytime I click on the icon to open IE it opens up with a dark blue page
> with the following in white writing
>
> Detected SPYware! System error #384
> __________________________________________________________________________
>
> Your IP address is 62.254.0.36. Using this address a remote computer has
> gained anaccess to your computer and probably is collecting the
information
> about the sites you've visited and the files contained in the folder
> Temporary Internet Files. Attention! Ask for help or install the software
> for deleting secret information about the sites you visited.
> __________________________________________________________________________
> Your computer is full of evidences!
>
> ISP of transmission:NTLI
> Your IP address:62.254.0.36
> They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
> Your computer is:Windows XP
> Risk status for further investigation:VERY HIGH RISK
>
>
>
>
> To protect from the Spyware - click here
> To prevent information transmission - click here
> To delete the history of your activity, click here
>
> The above three lines are links to
> http://www.e-shredder.com/enter.phtml?wm=kamid
>
> The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
> called secure.html in the windows folder but everytime I open IE the same
> blue page appears and the secure.html file reappears in my windows folder
>
> Everytime I close the window a full page window pops up advertising porn
and
> I get a red alert from NAV saying Bloodhound.Exploit.10 has been detected
in
> my local settings and that NAV is unable to repair it
>
> But when I do a full NAV system scan it says there are no viruses on my
> computer. What else can be causing this?
>
> Thanks in advance
>
> Fran
>
Basically you installed, or allowed to be installed, spyware or adware on
your computer and are now paying the price. Good first steps toward fixing
things are to: 1. download Spybot Search & Destroy and install it 2.
download Lavasoft's AdAware and install it 3. run each program after
downloading the most recent detection files and allow them to fix the
problems they discover 4. obtain a firewall program or at least turn on the
built-in firewall if you are running XP.
--
John McGaw
[Knoxville, TN, USA]
http://johnmcgaw.com
Anonymous
a b B Homebuilt system
July 4, 2004 2:16:24 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

Purple wrote:

> Everytime I click on the icon to open IE

Mistake #1


> it opens up with a dark blue page
> with the following in white writing
>
> Detected SPYware! System error #384

Run both Ad-Aware and Spybot Search & Destroy to remove any nasties.
If you still have trouble after that, post your HijackThis log.


-WD
Related resources
July 4, 2004 2:35:23 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

"John McGaw" <nowhere@at.all> wrote in message
news:7yFFc.1424$285.465@bignews6.bellsouth.net...
> "Purple" <fparkus@spamtrapntlworld.com> wrote in message
> news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...

<snip my previous post>

> >
> Basically you installed, or allowed to be installed, spyware or adware on
> your computer and are now paying the price. Good first steps toward fixing
> things are to: 1. download Spybot Search & Destroy and install it 2.
> download Lavasoft's AdAware and install it 3. run each program after
> downloading the most recent detection files and allow them to fix the
> problems they discover 4. obtain a firewall program or at least turn on
the
> built-in firewall if you are running XP.
> --
> John McGaw
> [Knoxville, TN, USA]
> http://johnmcgaw.com
>
>

Hi John

I already have AdAware and completed a scan, I have Norton Firewall which I
keep on permanently

I will download spybot now and see if that helps

Thankyou for your advice

Fran
July 4, 2004 2:36:31 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

"Will Dormann" <wdormann@yahoo.com.invalid> wrote in message
news:aAFFc.182689$DG4.118631@fe2.columbus.rr.com...
> Purple wrote:
>
> > Everytime I click on the icon to open IE
>
> Mistake #1
>
>
> > it opens up with a dark blue page
> > with the following in white writing
> >
> > Detected SPYware! System error #384
>
> Run both Ad-Aware and Spybot Search & Destroy to remove any nasties.
> If you still have trouble after that, post your HijackThis log.
>
>
> -WD

Hi Will

How do I obtain the HijackThis log?

Thanks

Fran
Anonymous
a b B Homebuilt system
July 4, 2004 2:36:32 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

Purple wrote:

> Hi Will
>
> How do I obtain the HijackThis log?


Run HijackThis.
Paste the log into a reply to this message.


If any of the above doesn't make sense, try google.


-WD
Anonymous
a b B Homebuilt system
July 4, 2004 3:04:10 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

Sounds like it may be spyware/ trojan horse software. If so, or if it's a
virus that NAV cannot resolve, you have little choice but to reformat your
harddrive and do a fresh install of the OS and then reinstall your
applications from your backup.

--
DaveW



"Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
> Everytime I click on the icon to open IE it opens up with a dark blue page
> with the following in white writing
>
> Detected SPYware! System error #384
> __________________________________________________________________________
>
> Your IP address is 62.254.0.36. Using this address a remote computer has
> gained anaccess to your computer and probably is collecting the
information
> about the sites you've visited and the files contained in the folder
> Temporary Internet Files. Attention! Ask for help or install the software
> for deleting secret information about the sites you visited.
> __________________________________________________________________________
> Your computer is full of evidences!
>
> ISP of transmission:NTLI
> Your IP address:62.254.0.36
> They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
> Your computer is:Windows XP
> Risk status for further investigation:VERY HIGH RISK
>
>
>
>
> To protect from the Spyware - click here
> To prevent information transmission - click here
> To delete the history of your activity, click here
>
> The above three lines are links to
> http://www.e-shredder.com/enter.phtml?wm=kamid
>
> The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
> called secure.html in the windows folder but everytime I open IE the same
> blue page appears and the secure.html file reappears in my windows folder
>
> Everytime I close the window a full page window pops up advertising porn
and
> I get a red alert from NAV saying Bloodhound.Exploit.10 has been detected
in
> my local settings and that NAV is unable to repair it
>
> But when I do a full NAV system scan it says there are no viruses on my
> computer. What else can be causing this?
>
> Thanks in advance
>
> Fran
>
>
>
Anonymous
a b B Homebuilt system
July 4, 2004 3:43:15 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

DaveW wrote:

> Sounds like it may be spyware/ trojan horse software. If so, or if it's a
> virus that NAV cannot resolve, you have little choice but to reformat your
> harddrive and do a fresh install of the OS and then reinstall your
> applications from your backup.
>

Actually, there are lot's of alternatives short of a fresh install.

http://www.spychecker.com/software/antispy.html
July 4, 2004 5:35:48 PM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

Great advice Dave!!
Won't be asking you for any.

Go to www.trendmicro.com and then go to the personal tab at the top of the
page. Click on the housecall icon and follow the instructions. Never failed
me yet when norton can't remove a virus.

Hope you have broadband otherwise it may take some time.

Spencer


"David Maynard" <dNOTmayn@ev1.net> wrote in message
news:10ef2njc3t3um9c@corp.supernews.com...
> DaveW wrote:
>
> > Sounds like it may be spyware/ trojan horse software. If so, or if it's
a
> > virus that NAV cannot resolve, you have little choice but to reformat
your
> > harddrive and do a fresh install of the OS and then reinstall your
> > applications from your backup.
> >
>
> Actually, there are lot's of alternatives short of a fresh install.
>
> http://www.spychecker.com/software/antispy.html
>
July 4, 2004 6:42:33 PM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

"Will Dormann" <wdormann@yahoo.com.invalid> wrote in message
news:ycGFc.182703$DG4.37051@fe2.columbus.rr.com...
> Purple wrote:
>
> > Hi Will
> >
> > How do I obtain the HijackThis log?
>
>
> Run HijackThis.
> Paste the log into a reply to this message.
>
>
> If any of the above doesn't make sense, try google.
>
>
> -WD

After instally and running everybit of spyware software I could find I have
finally fixed the problem

Thanks all for your help

Fran
Anonymous
a b B Homebuilt system
July 4, 2004 9:06:27 PM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

"Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:LwGFc.604$hW3.292@newsfe5-win.ntli.net...
>
> "John McGaw" <nowhere@at.all> wrote in message
> news:7yFFc.1424$285.465@bignews6.bellsouth.net...
> > "Purple" <fparkus@spamtrapntlworld.com> wrote in message
> > news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
>
> <snip my previous post>
>
> > >
> > Basically you installed, or allowed to be installed, spyware or adware
on
> > your computer and are now paying the price. Good first steps toward
fixing
> > things are to: 1. download Spybot Search & Destroy and install it 2.
> > download Lavasoft's AdAware and install it 3. run each program after
> > downloading the most recent detection files and allow them to fix the
> > problems they discover 4. obtain a firewall program or at least turn on
> the
> > built-in firewall if you are running XP.
> > --
> > John McGaw
> > [Knoxville, TN, USA]
> > http://johnmcgaw.com
> >
> >
>
> Hi John
>
> I already have AdAware and completed a scan, I have Norton Firewall which
I
> keep on permanently
>
> I will download spybot now and see if that helps
>
> Thankyou for your advice
>
> Fran
>
You may want to check out the news group alt.privacy.spyware.
Anonymous
a b B Homebuilt system
July 4, 2004 11:50:00 PM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

naturesgift@ns.sympatico.ca

"John McGaw" <nowhere@at.all> wrote in message
news:7yFFc.1424$285.465@bignews6.bellsouth.net...
> "Purple" <fparkus@spamtrapntlworld.com> wrote in message
> news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
> > Everytime I click on the icon to open IE it opens up with a dark blue
page
> > with the following in white writing
> >
> > Detected SPYware! System error #384
> >
__________________________________________________________________________
> >
> > Your IP address is 62.254.0.36. Using this address a remote computer has
> > gained anaccess to your computer and probably is collecting the
> information
> > about the sites you've visited and the files contained in the folder
> > Temporary Internet Files. Attention! Ask for help or install the
software
> > for deleting secret information about the sites you visited.
> >
__________________________________________________________________________
> > Your computer is full of evidences!
> >
> > ISP of transmission:NTLI
> > Your IP address:62.254.0.36
> > They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1)
> > Your computer is:Windows XP
> > Risk status for further investigation:VERY HIGH RISK
> >
> >
> >
> >
> > To protect from the Spyware - click here
> > To prevent information transmission - click here
> > To delete the history of your activity, click here
> >
> > The above three lines are links to
> > http://www.e-shredder.com/enter.phtml?wm=kamid
> >
> > The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
> > called secure.html in the windows folder but everytime I open IE the
same
> > blue page appears and the secure.html file reappears in my windows
folder
> >
> > Everytime I close the window a full page window pops up advertising porn
> and
> > I get a red alert from NAV saying Bloodhound.Exploit.10 has been
detected
> in
> > my local settings and that NAV is unable to repair it
> >
> > But when I do a full NAV system scan it says there are no viruses on my
> > computer. What else can be causing this?
> >
> > Thanks in advance
> >
> > Fran
> >
> Basically you installed, or allowed to be installed, spyware or adware on
> your computer and are now paying the price. Good first steps toward fixing
> things are to: 1. download Spybot Search & Destroy and install it 2.
> download Lavasoft's AdAware and install it 3. run each program after
> downloading the most recent detection files and allow them to fix the
> problems they discover 4. obtain a firewall program or at least turn on
the
> built-in firewall if you are running XP.
> --
> John McGaw
> [Knoxville, TN, USA]
> http://johnmcgaw.com
>
>
Anonymous
a b B Homebuilt system
July 6, 2004 12:28:10 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

"John McGaw" <nowhere@at.all> wrote in message
news:7yFFc.1424$285.465@bignews6.bellsouth.net...
> "Purple" <fparkus@spamtrapntlworld.com> wrote in message
> news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
> > Everytime I click on the icon to open IE it opens up with a dark blue
page
> > with the following in white writing
> >
> > Detected SPYware! System error #384
> >
__________________________________________________________________________
> >
> > Your IP address is 62.254.0.36. Using this address a remote computer has
> > gained anaccess to your computer and probably is collecting the
> information
> > about the sites you've visited and the files contained in the folder
> > Temporary Internet Files. Attention! Ask for help or install the
software
> > for deleting secret information about the sites you visited.
> >
__________________________________________________________________________
> > Your computer is full of evidences!
> >
> > ISP of transmission:NTLI
> > Your IP address:62.254.0.36
> > They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1)
> > Your computer is:Windows XP
> > Risk status for further investigation:VERY HIGH RISK
> >
> >
> >
> >
> > To protect from the Spyware - click here
> > To prevent information transmission - click here
> > To delete the history of your activity, click here
> >
> > The above three lines are links to
> > http://www.e-shredder.com/enter.phtml?wm=kamid
> >
> > The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
> > called secure.html in the windows folder but everytime I open IE the
same
> > blue page appears and the secure.html file reappears in my windows
folder
> >
> > Everytime I close the window a full page window pops up advertising porn
> and
> > I get a red alert from NAV saying Bloodhound.Exploit.10 has been
detected
> in
> > my local settings and that NAV is unable to repair it
> >
> > But when I do a full NAV system scan it says there are no viruses on my
> > computer. What else can be causing this?
> >
> > Thanks in advance
> >
> > Fran
> >
> Basically you installed, or allowed to be installed, spyware or adware on
> your computer and are now paying the price. Good first steps toward fixing
> things are to: 1. download Spybot Search & Destroy and install it 2.
> download Lavasoft's AdAware and install it 3. run each program after
> downloading the most recent detection files and allow them to fix the
> problems they discover 4. obtain a firewall program or at least turn on
the
> built-in firewall if you are running XP.

Don't advise to arbitrarily turn on the XP firewall (ICF). This firewall
was not meant for use in a networked environment. I don't know if the
original poster is running his PC as part of a network, but turning on ICF
in that situation would just create more problems.
Anonymous
a b B Homebuilt system
July 9, 2004 4:10:22 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

I had the same problem. Nothing seemed to work even system restore to
an earlier date did not cure it. It seems, this program redirects all
your searches to this web page. It blocks all search engines as well
and will not let you go the google or yahoo or any other search
engines. Look at this link, I will paste the text of it as well. It
seems to work so far. It makes sense. Good luck. It is such a pain,
those things

http://www.network54.com/Forum/message?forumid=10524&me...


THE PROBLEM WITH GOOGLE SOLVED!!!!
by !mpact
Well, after a long while I have solved the problem I had with Google.
It seems like it was a virus afterall, though not a virus that sends
itself, but one that gets downloaded if one surfs into a webpage.

It's called Trojan.QHOSTS, and I suggest you go to symantec if you get
the problem (latest update with windows internet explorer is a
safetymeassurment towards this trojan aswell.)

They have a rmoval tool for the virus, but I had to do something
manually aswell, which I will share with you people:

I searched my computer for a file called HOSTS (no extensions at all)
It was found in two places, under Windows, and under Windows/help.
I opened it with notepad (wordpad works aswell) and I saw that there
was a long list of names for websites and in front of them one IP,
the same for all of the webpages.

I deleted it all, in both files i found, and saved the file empty,
rebooted the comuter and it now works perfect.

Thanks to KingSix, who helped me realize what the problem was (Dynamic
Names Servers: DNS)I could easily figure out that the IP + different
website adresses in the HOSTS file meant that something was masking
the actual IP to all those sites.


Spread the word about this, because I have seen increasingly reports
(on microsoft helpforums for instance) about people who get this
problem.

NOTE: that I not only used the antivirustool and updated Windows IE6,
I also had to manually change the files called HOSTS and reboot. I
did not ERASE the files, because the files are put there by
Microsoft, the virus just changes them.

Also, when I did the antivirus checkup with the symantec tool, it did
not find the virus, which leads me to believe that it actually got
removed by my own antivirus program, but that it allready made the
changes, but use the tool nevertheless, its better to be safe then
sorry.

==============
Posted through www.HowToFixComputers.com/bb - free access to hardware troubleshooting newsgroups.
Anonymous
a b B Homebuilt system
July 9, 2004 1:00:42 PM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

HOSTS is a valid name for legitimate files within Windows. This article
would incorrectly lead one to believe that just because HOSTS appears in a
search on their system that they are infected with some strange virus. Not
the case. For example. c:\windows\system32\drivers\etc\HOSTS is a legitimate
file at least on my XP Pro system. A search could turn up many other valid
entries containing the name HOSTS. Do the proper research and avoid running
off deleting files from your hard drive.


"vladimir" <vladimir@onecando-dot-com.no-spam.invalid> wrote in message
news:40ee1aae$1_3@news.athenanews.com...
> I had the same problem. Nothing seemed to work even system restore to
> an earlier date did not cure it. It seems, this program redirects all
> your searches to this web page. It blocks all search engines as well
> and will not let you go the google or yahoo or any other search
> engines. Look at this link, I will paste the text of it as well. It
> seems to work so far. It makes sense. Good luck. It is such a pain,
> those things
>
> http://www.network54.com/Forum/message?forumid=10524&me...
>
>
> THE PROBLEM WITH GOOGLE SOLVED!!!!
> by !mpact
> Well, after a long while I have solved the problem I had with Google.
> It seems like it was a virus afterall, though not a virus that sends
> itself, but one that gets downloaded if one surfs into a webpage.
>
> It's called Trojan.QHOSTS, and I suggest you go to symantec if you get
> the problem (latest update with windows internet explorer is a
> safetymeassurment towards this trojan aswell.)
>
> They have a rmoval tool for the virus, but I had to do something
> manually aswell, which I will share with you people:
>
> I searched my computer for a file called HOSTS (no extensions at all)
> It was found in two places, under Windows, and under Windows/help.
> I opened it with notepad (wordpad works aswell) and I saw that there
> was a long list of names for websites and in front of them one IP,
> the same for all of the webpages.
>
> I deleted it all, in both files i found, and saved the file empty,
> rebooted the comuter and it now works perfect.
>
> Thanks to KingSix, who helped me realize what the problem was (Dynamic
> Names Servers: DNS)I could easily figure out that the IP + different
> website adresses in the HOSTS file meant that something was masking
> the actual IP to all those sites.
>
>
> Spread the word about this, because I have seen increasingly reports
> (on microsoft helpforums for instance) about people who get this
> problem.
>
> NOTE: that I not only used the antivirustool and updated Windows IE6,
> I also had to manually change the files called HOSTS and reboot. I
> did not ERASE the files, because the files are put there by
> Microsoft, the virus just changes them.
>
> Also, when I did the antivirus checkup with the symantec tool, it did
> not find the virus, which leads me to believe that it actually got
> removed by my own antivirus program, but that it allready made the
> changes, but use the tool nevertheless, its better to be safe then
> sorry.
>
> ==============
> Posted through www.HowToFixComputers.com/bb - free access to hardware
troubleshooting newsgroups.
Anonymous
a b B Homebuilt system
July 9, 2004 1:00:43 PM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

jch wrote:

> HOSTS is a valid name for legitimate files within Windows. This article
> would incorrectly lead one to believe that just because HOSTS appears in a
> search on their system that they are infected with some strange virus. Not
> the case. For example. c:\windows\system32\drivers\etc\HOSTS is a legitimate
> file at least on my XP Pro system. A search could turn up many other valid
> entries containing the name HOSTS. Do the proper research and avoid running
> off deleting files from your hard drive.

Good advice but only if they misread what was written. The problem found,
as stated, is correct: a 'hijack' where a gaggle of websites are entered
into the HOSTS file, the same one you correctly point out is a standard
Windows file, with a single IP address for all of them thereby directing
the machine to go there for every site listed.

And he corrected that particular problem by removing the bogus ENTRIES in
the hosts file and re-saving it.

He should have, however, left
127.0.0.1 localhost
in it.

>
> "vladimir" <vladimir@onecando-dot-com.no-spam.invalid> wrote in message
> news:40ee1aae$1_3@news.athenanews.com...
>
>>I had the same problem. Nothing seemed to work even system restore to
>>an earlier date did not cure it. It seems, this program redirects all
>>your searches to this web page. It blocks all search engines as well
>>and will not let you go the google or yahoo or any other search
>>engines. Look at this link, I will paste the text of it as well. It
>>seems to work so far. It makes sense. Good luck. It is such a pain,
>>those things
>>
>>http://www.network54.com/Forum/message?forumid=10524&me...
>>
>>
>>THE PROBLEM WITH GOOGLE SOLVED!!!!
>>by !mpact
>>Well, after a long while I have solved the problem I had with Google.
>>It seems like it was a virus afterall, though not a virus that sends
>>itself, but one that gets downloaded if one surfs into a webpage.
>>
>>It's called Trojan.QHOSTS, and I suggest you go to symantec if you get
>>the problem (latest update with windows internet explorer is a
>>safetymeassurment towards this trojan aswell.)
>>
>>They have a rmoval tool for the virus, but I had to do something
>>manually aswell, which I will share with you people:
>>
>>I searched my computer for a file called HOSTS (no extensions at all)
>>It was found in two places, under Windows, and under Windows/help.
>>I opened it with notepad (wordpad works aswell) and I saw that there
>>was a long list of names for websites and in front of them one IP,
>>the same for all of the webpages.
>>
>>I deleted it all, in both files i found, and saved the file empty,
>>rebooted the comuter and it now works perfect.
>>
>>Thanks to KingSix, who helped me realize what the problem was (Dynamic
>>Names Servers: DNS)I could easily figure out that the IP + different
>>website adresses in the HOSTS file meant that something was masking
>>the actual IP to all those sites.
>>
>>
>>Spread the word about this, because I have seen increasingly reports
>>(on microsoft helpforums for instance) about people who get this
>>problem.
>>
>>NOTE: that I not only used the antivirustool and updated Windows IE6,
>>I also had to manually change the files called HOSTS and reboot. I
>>did not ERASE the files, because the files are put there by
>>Microsoft, the virus just changes them.
>>
>>Also, when I did the antivirus checkup with the symantec tool, it did
>>not find the virus, which leads me to believe that it actually got
>>removed by my own antivirus program, but that it allready made the
>>changes, but use the tool nevertheless, its better to be safe then
>>sorry.
>>
>>==============
>>Posted through www.HowToFixComputers.com/bb - free access to hardware
>
> troubleshooting newsgroups.
>
>
Anonymous
a b B Homebuilt system
July 9, 2004 8:03:08 PM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

On Fri, 09 Jul 2004 08:42:17 -0500, David Maynard
<dNOTmayn@ev1.net> wrote:

>jch wrote:
>
>> HOSTS is a valid name for legitimate files within Windows. This article
>> would incorrectly lead one to believe that just because HOSTS appears in a
>> search on their system that they are infected with some strange virus. Not
>> the case. For example. c:\windows\system32\drivers\etc\HOSTS is a legitimate
>> file at least on my XP Pro system. A search could turn up many other valid
>> entries containing the name HOSTS. Do the proper research and avoid running
>> off deleting files from your hard drive.
>
>Good advice but only if they misread what was written. The problem found,
>as stated, is correct: a 'hijack' where a gaggle of websites are entered
>into the HOSTS file, the same one you correctly point out is a standard
>Windows file, with a single IP address for all of them thereby directing
>the machine to go there for every site listed.
>
>And he corrected that particular problem by removing the bogus ENTRIES in
>the hosts file and re-saving it.
>
>He should have, however, left
>127.0.0.1 localhost
>in it.

It's not a bad idea to have a backup of the hosts file or at
least be familar with it's location so it can be retrieved from a
larger backup set... Don't know about what the typical user does
(probably no editing of hosts file at all) but mine is large
enough it could take days to edit it.
Anonymous
a b B Homebuilt system
July 9, 2004 10:55:31 PM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

kony wrote:

> On Fri, 09 Jul 2004 08:42:17 -0500, David Maynard
> <dNOTmayn@ev1.net> wrote:
>
>
>>jch wrote:
>>
>>
>>>HOSTS is a valid name for legitimate files within Windows. This article
>>>would incorrectly lead one to believe that just because HOSTS appears in a
>>>search on their system that they are infected with some strange virus. Not
>>>the case. For example. c:\windows\system32\drivers\etc\HOSTS is a legitimate
>>>file at least on my XP Pro system. A search could turn up many other valid
>>>entries containing the name HOSTS. Do the proper research and avoid running
>>>off deleting files from your hard drive.
>>
>>Good advice but only if they misread what was written. The problem found,
>>as stated, is correct: a 'hijack' where a gaggle of websites are entered
>>into the HOSTS file, the same one you correctly point out is a standard
>>Windows file, with a single IP address for all of them thereby directing
>>the machine to go there for every site listed.
>>
>>And he corrected that particular problem by removing the bogus ENTRIES in
>>the hosts file and re-saving it.
>>
>>He should have, however, left
>>127.0.0.1 localhost
>>in it.
>
>
> It's not a bad idea to have a backup of the hosts file or at
> least be familar with it's location so it can be retrieved from a
> larger backup set...

Yeah. Just like any 'user data': back it up or run the risk of losing it.

> Don't know about what the typical user does
> (probably no editing of hosts file at all) but mine is large
> enough it could take days to edit it.

The typical user won't be manually editing ANY file of that kind, at least
not under normal circumstances. They just expect things to 'work'.

I'm curious, what all do you have in it and why?
Anonymous
a b B Homebuilt system
July 10, 2004 8:04:46 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

On Fri, 09 Jul 2004 18:55:31 -0500, David Maynard
<dNOTmayn@ev1.net> wrote:


>I'm curious, what all do you have in it and why?

Tons of stuff, like routers and other remote systems, but mostly
blocked 'site like SW Flash downloads, other ads, popup
sources... I entered many myself but the majority are appended
from several host lists I've come across sporadically.
Anonymous
a b B Homebuilt system
July 10, 2004 8:04:47 AM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

kony wrote:

> On Fri, 09 Jul 2004 18:55:31 -0500, David Maynard
> <dNOTmayn@ev1.net> wrote:
>
>
>
>>I'm curious, what all do you have in it and why?
>
>
> Tons of stuff, like routers and other remote systems, but mostly
> blocked 'site like SW Flash downloads, other ads, popup
> sources... I entered many myself but the majority are appended
> from several host lists I've come across sporadically.

I see.
Anonymous
a b B Homebuilt system
August 9, 2004 3:15:10 PM

Archived from groups: alt.comp.hardware.homebuilt (More info?)

The problem w/ Spybot in dealing w/ E-shredder is that it does not
pick up the 2 extra explorers that are now installed on your pc.
This is from computer cops:
1.Restart the computer in safe mode/safe mode command prompt.
2.Go to the windows\system32 directory
3.Find and delete explorer.exe & system32.dll (ONLY from the
windows\system32 directory)
4.Go to the windows\ directory & delete secure.html
5.Restart the computer
6.Search for files called "HOSTS" (with no file extention) &
delete them (usually 2)
7.Modify your homepage settings in IE to your favourite homepage.
8.Restart your computer & run all your programs to check you have
a sucessfull "erradication".

I spent 3 hrs on a friend's computer running -multiple times- Spybot
and Adware. I was able to erradicate everything except for eshredder
(didn't have the above info at the time). It seems that this is THE
solution. I just haven't had time to do it.
Good luck to you.

==============
Posted through www.HowToFixComputers.com/bb - free access to hardware troubleshooting newsgroups.
!