Charlie3110 said:
Having posted this I Googled the problem and was directed to Kelly's Corner
where I found that if I right clicked on the desktop and chose Properties and
then chose Themes my theme was not set to XP. When I did that then all is
restored. I still have the problem with redirection and despite running
SpyBot and Malwarebyte and Spyware terminator and Adaware and even Microsoft
windows malicious software tool it remains. I would love some help on this
please? Thanks
When you type in a URL into the browser, the name is translated to an
IP address. So "
www.microsoft.com" is converted to numbers like 1.2.3.4,
which is the IP address. The IP address, is how the computer actually
does the communication.
DNS or Domain Name Service is one way to do that translation. Your
ISP has a DNS server, that performs that kind of translation on
request.
But there is also a file on the computer, the "hosts" file, and
it is used to override DNS. So a name can be translated locally.
This is the contents of my (uncompromised) hosts file. The file is
very short, and has only one entry. This file is what gets installed
with my WinXP SP3 install CD.
C:\WINDOWS\system32\drivers\etc\hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
*******
If you find extra entries, they can be there for good reasons, or
bad reasons. For example, this technique prevents communications
with doubleclick.net . Some people distribute hosts files, with the
intent of "disconnecting" sites like doubleclick.net . So they
can't track you and your viewing preferences.
127.0.0.1 doubleclick.net
But if you saw something like this, this could be a redirection
for some other purpose. If you attempted to reach microsoft.com
with your browser, you're going to that number instead (I just
made up a number). The browser would think it had reached Microsoft.
123.102.103.104 microsoft.com
The redirection could still be an active element on the computer,
either code or a browser helper object or whatever. There are
probably other ways to redirect a person, but I'm no "virus/malware"
guy.
HTH,
Paul