Has anyone had any trouble with this website coming up
when trying to access other legit websites? (example:
www.www.microsoft.com.org) I have tried cleaning this out
of every place I can think of. Any one have a fix for this

Thanks
Mike Olson

In news:16e5b01c448b8$56eef620$(E-Mail Removed),
Raiderole <(E-Mail Removed)> posted their thoughts, then
I offered mine
> Has anyone had any trouble with this website coming up
> when trying to access other legit websites? (example:
> www.www.microsoft.com.org) I have tried cleaning this out
> of every place I can think of. Any one have a fix for this
>
> Thanks
> Mike Olson


You can find who owns the domain name "com.org" by doing a 'whois' at
netsol.com.

Also, not exactly sure what you mean. Are you saying you type in"
www.microsoft.com
and it turns into:
www.www.microsoft.com.org ?

If this is the case, I would look into possible adware, BHOs and trojans. I
don't think this is a DNS issue, with the info you provided. Run Adaware 60
to insure at least that they are removed.

Here's some info on adware stuff from the IE newsgroups:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> The most frequent advise in those cases are:
>> How to Disable Third-Party Tool Bands and Browser Helper Objects
>> http://support.microsoft.com/?kbid=298931
>> Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
>> http://mvps.org/winhelp2002/unwanted.htm
>
> Mmmh, yes.
> This http://www.microsoft.com/italy/techn...rt/mvp/spy.asp is similar
> :-D
> But many, many users have the problem in this days, also in your IE NG and
> seems not solve.

Just like anti-virus applications, users of anti-spyware applications such
as Ad-Aware, Spybot, SpywareBlaster, CWShredder, and HijackThis must always
seek updates before each and every use, even the first time the app is run:

Ad-Aware: new update today
Spybot: new update today
CWShredder: v1.53.0 is the current version
SpywareBlaster: database 29 Feb-04
HijackThis: v1.97.7 is current version
~~~~~~~~~~~~~~~~~~~~~~~~~

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

"Ace Fekay [MVP]" wrote in message
news:(E-Mail Removed)...
: In news:16e5b01c448b8$56eef620$(E-Mail Removed),
: Raiderole <(E-Mail Removed)> posted their thoughts,
then
: I offered mine
: > Has anyone had any trouble with this website coming up
: > when trying to access other legit websites? (example:
: > www.www.microsoft.com.org) I have tried cleaning this out
: > of every place I can think of. Any one have a fix for this
: >
: > Thanks
: > Mike Olson
:
:
: You can find who owns the domain name "com.org" by doing a 'whois' at
: netsol.com.
:
: Also, not exactly sure what you mean. Are you saying you type in"
: www.microsoft.com
: and it turns into:
: www.www.microsoft.com.org ?
:
: If this is the case, I would look into possible adware, BHOs and trojans.
I
: don't think this is a DNS issue, with the info you provided. Run Adaware
60
: to insure at least that they are removed.
:
: Here's some info on adware stuff from the IE newsgroups:
: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: >> The most frequent advise in those cases are:
: >> How to Disable Third-Party Tool Bands and Browser Helper Objects
: >> http://support.microsoft.com/?kbid=298931
: >> Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
: >> http://mvps.org/winhelp2002/unwanted.htm
: >
: > Mmmh, yes.
: > This http://www.microsoft.com/italy/techn...rt/mvp/spy.asp is
similar
: > :-D
: > But many, many users have the problem in this days, also in your IE NG
and
: > seems not solve.
:
: Just like anti-virus applications, users of anti-spyware applications such
: as Ad-Aware, Spybot, SpywareBlaster, CWShredder, and HijackThis must
always
: seek updates before each and every use, even the first time the app is
run:
:
: Ad-Aware: new update today
: Spybot: new update today
: CWShredder: v1.53.0 is the current version
: SpywareBlaster: database 29 Feb-04
: HijackThis: v1.97.7 is current version
: ~~~~~~~~~~~~~~~~~~~~~~~~~

Only 2 things come from Oklahoma...

Domain ID8295-LROR
Domain Name:COM.ORG
Created On:17-Aug-1995 04:00:00 UTC
Last Updated On:25-Feb-2004 20:13:36 UTC
Expiration Date:16-Aug-2011 04:00:00 UTC
Sponsoring Registrar:R11-LROR
Status:CLIENT DELETE PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:tuOw3q6d3eyCPCnX
Registrant Name:Scott Day
Registrant OrganizationigiMedia.com, L.P.
Registrant Street1:P.O. Box 279
Registrant Cityuncan
Registrant State/Province:OK
Registrant Postal Code:73534
Registrant Country:US
Registrant Phone:+1.5804759000
Registrant FAX:+1.5804759003
Registrant Email:(E-Mail Removed)
Admin ID:tuOw3q6d3eyCPCnX
Admin Name:Scott Day
Admin OrganizationigiMedia.com, L.P.
Admin Street1:P.O. Box 279
Admin Cityuncan
Admin State/Province:OK
Admin Postal Code:73534
Admin Country:US
Admin Phone:+1.5804759000
Admin Email:(E-Mail Removed)
Tech ID:tuOw3q6d3eyCPCnX
Tech Name:Scott Day
Tech OrganizationigiMedia.com, L.P.
Tech Street1:P.O. Box 279
Tech Cityuncan
Tech State/Province:OK
Tech Postal Code:73534
Tech Country:US
Tech Phone:+1.5804759000
Tech Email:(E-Mail Removed)
Name Server:NS.OKDIRECT.COM
Name Server:NS2.OKDIRECT.COM

http://www.google.com/search?sourcei...%2Ecom+spyware

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/service...p?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default...b;EN-US;308201
FAQ W2K/2K3 DNS:
http://support.microsoft.com/default...b;EN-US;291382

R> Has anyone had any trouble with this website coming up
R> when trying to access other legit websites?

Only those people who have either (a) badly configured the search paths of
their DNS Client libraries, to bring back the problem that RFC 1535 noted ten
years ago, or (b) badly configured the (separate and additional) search path
behaviour of their web browsers, will have. Given the addition of the extra
"www" label at the front of the domain name (in contrast to most DNS Client
libraries only appending labels), I suspect the latter in your case.

>-----Original Message-----
>"Ace Fekay [MVP]" wrote in message
>news:(E-Mail Removed)...
>: In news:16e5b01c448b8$56eef620$(E-Mail Removed),
>: Raiderole <(E-Mail Removed)> posted
their thoughts,
>then
>: I offered mine
>: > Has anyone had any trouble with this website coming up
>: > when trying to access other legit websites? (example:
>: > www.www.microsoft.com.org) I have tried cleaning this
out
>: > of every place I can think of. Any one have a fix for
this
>: >
>: > Thanks
>: > Mike Olson
>:
>:
>: You can find who owns the domain name "com.org" by
doing a 'whois' at
>: netsol.com.
>:
>: Also, not exactly sure what you mean. Are you saying
you type in"
>: www.microsoft.com
>: and it turns into:
>: www.www.microsoft.com.org ?
>:
>: If this is the case, I would look into possible adware,
BHOs and trojans.
>I
>: don't think this is a DNS issue, with the info you
provided. Run Adaware
>60
>: to insure at least that they are removed.
>:
>: Here's some info on adware stuff from the IE newsgroups:
>: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>: >> The most frequent advise in those cases are:
>: >> How to Disable Third-Party Tool Bands and Browser
Helper Objects
>: >> http://support.microsoft.com/?kbid=298931
>: >> Dealing with Unwanted Malware, Parasites, Toolbars
and Search Engines
>: >> http://mvps.org/winhelp2002/unwanted.htm
>: >
>: > Mmmh, yes.
>: > This
http://www.microsoft.com/italy/techn...rt/mvp/spy.asp
is
>similar
>: > :-D
>: > But many, many users have the problem in this days,
also in your IE NG
>and
>: > seems not solve.
>:
>: Just like anti-virus applications, users of anti-
spyware applications such
>: as Ad-Aware, Spybot, SpywareBlaster, CWShredder, and
HijackThis must
>always
>: seek updates before each and every use, even the first
time the app is
>run:
>:
>: Ad-Aware: new update today
>: Spybot: new update today
>: CWShredder: v1.53.0 is the current version
>: SpywareBlaster: database 29 Feb-04
>: HijackThis: v1.97.7 is current version
>: ~~~~~~~~~~~~~~~~~~~~~~~~~
>
>Only 2 things come from Oklahoma...
>
>Domain ID8295-LROR
>Domain Name:COM.ORG
>Created On:17-Aug-1995 04:00:00 UTC
>Last Updated On:25-Feb-2004 20:13:36 UTC
>Expiration Date:16-Aug-2011 04:00:00 UTC
>Sponsoring Registrar:R11-LROR
>Status:CLIENT DELETE PROHIBITED
>Status:CLIENT TRANSFER PROHIBITED
>Status:CLIENT UPDATE PROHIBITED
>Registrant ID:tuOw3q6d3eyCPCnX
>Registrant Name:Scott Day
>Registrant OrganizationigiMedia.com, L.P.
>Registrant Street1:P.O. Box 279
>Registrant Cityuncan
>Registrant State/Province:OK
>Registrant Postal Code:73534
>Registrant Country:US
>Registrant Phone:+1.5804759000
>Registrant FAX:+1.5804759003
>Registrant Email:(E-Mail Removed)
>Admin ID:tuOw3q6d3eyCPCnX
>Admin Name:Scott Day
>Admin OrganizationigiMedia.com, L.P.
>Admin Street1:P.O. Box 279
>Admin Cityuncan
>Admin State/Province:OK
>Admin Postal Code:73534
>Admin Country:US
>Admin Phone:+1.5804759000
>Admin Email:(E-Mail Removed)
>Tech ID:tuOw3q6d3eyCPCnX
>Tech Name:Scott Day
>Tech OrganizationigiMedia.com, L.P.
>Tech Street1:P.O. Box 279
>Tech Cityuncan
>Tech State/Province:OK
>Tech Postal Code:73534
>Tech Country:US
>Tech Phone:+1.5804759000
>Tech Email:(E-Mail Removed)
>Name Server:NS.OKDIRECT.COM
>Name Server:NS2.OKDIRECT.COM
>
>http://www.google.com/search?sourceid=navclient&ie=UTF-
8&oe=UTF-8&q=digimedia%2Ecom+spyware
>
>--
>Roland Hall
>/* This information is distributed in the hope that it
will be useful, but
>without any warranty; without even the implied warranty
of merchantability
>or fitness for a particular purpose. */
>Online Support for IT Professionals -
>http://support.microsoft.com/service...echnet/default.
asp?fr=0&sd=tech
>How-to: Windows 2000 DNS:
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;308201
>FAQ W2K/2K3 DNS:
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;291382
>
>
>
Fellas, you are correct..when I type www.microsoft.com it
will come up as www.www.microsoft.com.org. I have run ad-
aware. It comes up with nothing. I did do a whois and know
who is the culprit. I also read somewhere if you limit
your search on your url settings in IE this helps. Still
it is wierd.

Mike

>

In news:17f7901c44a47$612b7d30$(E-Mail Removed),
Mike <(E-Mail Removed)> posted their thoughts, then I
offered mine

> Fellas, you are correct..when I type www.microsoft.com it
> will come up as www.www.microsoft.com.org. I have run ad-
> aware. It comes up with nothing. I did do a whois and know
> who is the culprit. I also read somewhere if you limit
> your search on your url settings in IE this helps. Still
> it is wierd.
>
> Mike

You shouldn't need to limit anything in IE to stop this. Apparently there's
something installed doing it. Did you update Adaware before running it? You
should do this even if you just downloaded it. Run Spybot as well. You can
also run Hijack this and post the logs to their forum and those guys will
analyze it for you.

~~~~~~~~~~~~~
"HijackThis.exe" and Press "Scan". When the scan is finished, the "Scan"
button will change into a "Save Log" button.
Click: "Save Log" (generates: "hijackthis.log") HijackThis Tutorial
(recommended read)
Next, go to: http://www.spywareinfo.com/forums/ andpost the log.
~~~~~~~~~~~~~~~~~~

More info and specific instructions at that link I provided earlier:
http://mvps.org/winhelp2002/unwanted.htm

Also check your HOSTS file. Run an ipconfig /displaydns. You should only get
these results if you haven't ever altered it:

c:\>ipconfig /displaydns

Windows 2000 IP Configuration

localhost.
------------------------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . . : 31484920
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . :
127.0.0.1


1.0.0.127.in-addr.arpa.
------------------------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa
Record Type . . . . . : 12
Time To Live . . . . : 31484919
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . :
localhost

If youg get results that are so many that it causes the screen to scroll,
then you got your HOSTS file hijacked and adaware or Spybot will not catch
it. One virus that causes this is the QHOST virus, but there are many
ActiveX BHOs and such that will alter your HOSTS file as well causing you
grief and getting results as you're seeing.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

MF> You shouldn't need to limit anything in IE to stop this.

It's almost certainly Microsoft Internet Explorer, or a plug-in added to it,
that is doing this.

MF> Also check your HOSTS file.

That won't be the cause. The domain names used in URLs that he is typing in
are being transformed using the pattern "www.%s.org" before their IP addresses
are looked up. This is the type of internal
web-browser's-own-search-path-mechanism transformation that generally occurs
_before_ DNS becomes at all involved in the procedure.

Hint: Look at Microsoft Internet Explorer's "AutoComplete" function. Does
anything seem familiar ? (-:

RH> Domain Name:COM.ORG

That is almost certainly irrelevant. DigiMedia almost certainly has nothing
to do with this at all.

Try instead laying the blame at whoever instructed his web browser to
transform the domain names, in the URLs that he types in, using the pattern
"www.%s.org".