Announcement

Collapse
No announcement yet.

OT: Trojan/virus blocking search engine access?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by TinCow
    I've read up on that and I even downloaded a symantec fix for it just in case, but it didn't find QHOSTS on my box.

    When I did a virus scan right after this problem occurred, I did find a trojan, but it was not QHosts. It was called Trojan.ByteVerify and it was successfully removed. However, the problems did not resolve themselves. I do not know whether this virus caused the problem or not.
    It won't be detected by a virus scan because the executable deletes itself after executing, leaving only the registry/host file changes as evidence.

    Comment


      #17
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

      that is suspicious in being that it is on your start up list.
      take it off and run this program:


      http://www.spywareinfo.com/~merijn/files/cwshredder.zip

      reboot. LMK if you still have problems.

      It would really help if you would tell us what the search engine that does pop up is. Or rather what ever the page is that does pops up.

      Comment


        #18
        Google redirects to Com.net, all the others simply fail to work and don't redirect anywhere.

        Comment


          #19
          please try cwshredder

          http://www.spywareinfo.com/~merijn/files/cwshredder.zip

          Comment


            #20
            Just did, it didnt find anything.

            Done!
            - 0 registry values were killed
            - Hostsfile was OK
            - Bootconf.exe was not present
            - Trusted Zone was OK
            - User stylesheet was OK
            - Oemsyspnp.inf was not present
            - Svchost32.exe was not present
            - Msspi.dll Winsock hook was not present
            - Msinfo.exe was not present
            - Winshow.dll BHO was not present
            - MadFinder BHO was not present
            - Ctfmon32.exe was not present

            Comment


              #21
              com.net?
              not familiar with that one. Give me some time.

              Comment


                #22
                Well, to be precise, it redirects first to auto.search.msn, that seems to fail, then it brings up com.net

                Comment


                  #23
                  browsing through the spyware forums i found this:
                  http://forums.spywareinfo.com/index....21&hl=com\.net

                  They point the solution to this link:

                  http://vil.nai.com/vil/content/v_100719.htm

                  good read...and it fits the profile of com.net

                  Comment


                    #24
                    I would give zacharypike solution a try if all that is left is just a block list in a file. Though you still shouldnt be redirected if a site is blocked.

                    Comment


                      #25
                      I did the manual removal from the Network Associates page and that fixed it. Thanks for the help.

                      Comment


                        #26
                        What is does is change one of your internet settings.

                        Go into your Internet Protocol(TCIP)Properties.
                        In the box at the bottom it will have added a phony DNS server adress.
                        Remove the adress and check obtain DNS server adress automatically.
                        And remove the trogan/virus.

                        Comment


                          #27
                          You have the Qhosts Trojan

                          Go here for description and removal instructions:

                          http://securityresponse.symantec.com...an.qhosts.html

                          We had a few of these happen at work and this Symantec article help us remove it completely. Also, search for a hosts file. It is usually in c:\windows\system32\drivers\etc folder but i found it in the c:\windows\help folder. The article lists which hosts entries to remove and which ones stay. This trojan also changes your DNS setting as well.

                          Steve...

                          Comment


                            #28
                            Originally posted by Kr4zed
                            I think people should learn not to click on 'Yes' every time the f***ing IE opens an ActiveX installation request dialog.
                            Damnit!!! I always wonder why microsoft didn't make "never ask to install this plug-in again" check box.

                            There are some sites i visit regulary that always ask this and every fricken single time i have to click no.

                            Comment


                              #29
                              This is the qhosts trojan you're all talking about.

                              I successfully removed it from a friends PC last week. All the major search engine urls are getting redirected to sites of the perp/victims choice. TweakXP.com were getting hit by loads of the redirected traffic and their forums cover the subject in some detail. See this post for a reliable cure:

                              http://www.tweakxp.com/forum/forum_p...?TID=4152&PN=1

                              Comment

                              Working...
                              X