c:\windows\help\hosts

  • Thread starter Jennifer Charvet
  • Start date
J

Jennifer Charvet

To whom it may concern:

This is not actually a question but more for information
purposes.

Today (10/01/2003) While trying to browse to
www.google.com using IE Version 6.0.2800.1106 I recieved
the "Page cannot be displayed" error.

I noticed I was still able to browse other websites that
I tried to access just fine so at first I thought google
must be down. I then tried to go to www.altavista.com
and I recieved the "Page cannot be found" error again.
So then I tried www.yahoo.com and I was able to access
there home page but when I tried to do an actual search
and I got the "page cannot be displayed" error message
again. I tried MSN.com and was able to browse the home
page but when trying to do a search I got the same "page
cannot be displayed" error.

At this point I thought that maybe someone was trying to
attack the main search engines so I contacted some of my
friends with internet access and they were able to browse
just fine.

I also have a second computer networked to my main
computer that uses ICS to connect to the internet and
this computer was unable to access the same search
engines as well.

I did a search on my main computer for the hosts file and
I found the main one in C:\WINDOWS\system32\drivers\etc
and this file had the default "127.0.0.1 localhost"
so I knew this was not the problem.

I did however find another hosts file in
C:\WINDOWS\Help. I have never heard of a hosts file in
this folder before and when I opened it it read:



88.88.88.88 elite
207.44.194.56 www.google.akadns.net
207.44.194.56 www.google.com
207.44.194.56 google.com
207.44.194.56 www.altavista.com
207.44.194.56 altavista.com
207.44.194.56 search.yahoo.com
207.44.194.56 uk.search.yahoo.com
207.44.194.56 ca.search.yahoo.com
207.44.194.56 jp.search.yahoo.com
207.44.194.56 au.search.yahoo.com
207.44.194.56 de.search.yahoo.com
207.44.194.56 search.yahoo.co.jp
207.44.194.56 www.lycos.de
207.44.194.56 www.lycos.ca
207.44.194.56 www.lycos.jp
207.44.194.56 www.lycos.co.jp
207.44.194.56 alltheweb.com
207.44.194.56 web.ask.com
207.44.194.56 ask.com
207.44.194.56 www.ask.com
207.44.194.56 www.teoma.com
207.44.194.56 search.aol.com
207.44.194.56 www.looksmart.com
207.44.194.56 auto.search.msn.com
207.44.194.56 search.msn.com
207.44.194.56 ca.search.msn.com
207.44.194.56 fr.ca.search.msn.com
207.44.194.56 search.fr.msn.be
207.44.194.56 search.fr.msn.ch
207.44.194.56 search.latam.yupimsn.com
207.44.194.56 search.msn.at
207.44.194.56 search.msn.be
207.44.194.56 search.msn.ch
207.44.194.56 search.msn.co.in
207.44.194.56 search.msn.co.jp
207.44.194.56 search.msn.co.kr
207.44.194.56 search.msn.com.br
207.44.194.56 search.msn.com.hk
207.44.194.56 search.msn.com.my
207.44.194.56 search.msn.com.sg
207.44.194.56 search.msn.com.tw
207.44.194.56 search.msn.co.za
207.44.194.56 search.msn.de
207.44.194.56 search.msn.dk
207.44.194.56 search.msn.es
207.44.194.56 search.msn.fi
207.44.194.56 search.msn.fr
207.44.194.56 search.msn.it
207.44.194.56 search.msn.nl
207.44.194.56 search.msn.no
207.44.194.56 search.msn.se
207.44.194.56 search.ninemsn.com.au
207.44.194.56 search.t1msn.com.mx
207.44.194.56 search.xtramsn.co.nz
207.44.194.56 search.yupimsn.com
207.44.194.56 uk.search.msn.com
207.44.194.56 search.lycos.com
207.44.194.56 www.lycos.com
207.44.194.56 www.google.ca
207.44.194.56 google.ca
207.44.194.56 www.google.uk
207.44.194.56 www.google.co.uk
207.44.194.56 www.google.com.au
207.44.194.56 www.google.co.jp
207.44.194.56 www.google.jp
207.44.194.56 www.google.at
207.44.194.56 www.google.be
207.44.194.56 www.google.ch
207.44.194.56 www.google.de
207.44.194.56 www.google.se
207.44.194.56 www.google.dk
207.44.194.56 www.google.fi
207.44.194.56 www.google.fr
207.44.194.56 www.google.com.gr
207.44.194.56 www.google.com.hk
207.44.194.56 www.google.ie
207.44.194.56 www.google.co.il
207.44.194.56 www.google.it
207.44.194.56 www.google.co.kr
207.44.194.56 www.google.com.mx
207.44.194.56 www.google.nl
207.44.194.56 www.google.co.nz
207.44.194.56 www.google.pl
207.44.194.56 www.google.pt
207.44.194.56 www.google.com.ru
207.44.194.56 www.google.com.sg
207.44.194.56 www.google.co.th
207.44.194.56 www.google.com.tr
207.44.194.56 www.google.com.tw
207.44.194.56 go.google.com
207.44.194.56 google.at
207.44.194.56 google.be
207.44.194.56 google.de
207.44.194.56 google.dk
207.44.194.56 google.fi
207.44.194.56 google.fr
207.44.194.56 google.com.hk
207.44.194.56 google.ie
207.44.194.56 google.co.il
207.44.194.56 google.it
207.44.194.56 google.co.kr
207.44.194.56 google.com.mx
207.44.194.56 google.nl
207.44.194.56 google.co.nz
207.44.194.56 google.pl
207.44.194.56 google.com.ru
207.44.194.56 google.com.sg
207.44.194.56 www.hotbot.com
207.44.194.56 hotbot.com



I renamed and moved this file to a new location and
restarted my computer and I was able to browse the search
engines just fine.

I did an IP whois on ws.arin.net and found the ip address
belonged to a block of IP addresses owned by (I assume an
ISP) called Everyones Internet, Inc. located in Houston,
TX

I am also going to try to contact this ISP to let them
know that they may have a customer who is abusing their
internet privleges even though nothing will probably ever
come of it.

I am not sure if I have been infected with a virus or if
I installed a program that caused this issue. After I
fixed the issue I tried doing a search to see how common
it was and did not find anything.

I am running Windows XP Pro with IE6 with the latest
microsoft updates.

I just wanted others to know about this in case anyone
else has any similar issues.

-Jennifer
 
W

Will

It's a new virus, dubbed "Trojan.Qhosts".

Discussed here:
CERT:
http://www.cert.org/incident_notes/IN-2003-04.html
Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
Network Associates:
http://vil.nai.com/vil/content/v_100719.htm

It infects your system, changes your DNS.

It's because of a Windows IE problem whereby clever code in a webpage
can trigger a problem with the Microsoft Html application handler and
execute code on your comptuer.

Symantec has as of yet no fix in norton antivirus for it. I
downloaded the "Live update" for 10/1/2003, and it didn't find it. I
then downloaded the "intelligent update"
(http://securityresponse.symantec.com/avcenter/download/pages/US-SAVCE.html)
which you have to do manually, and so far, the scan has found nothing.
Luckilly, the page on symantec's response says that a fix will be
comming out in next week's live update.

Also posting this to:
microsoft.public.win2000.security
microsoft.public.security.virus
microsoft.public.windowsxp.security_admin
alt.internet.search-engines
microsoft.public.windowsnt.protocol.tcpip

Will Dunn
Systems Administrator
Netmar Web Services
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

strange dns problem 4
DNS hacked/hijacked 7
Very strange problems accessing search engines 1
DNS Problem 7
Strange problem accessing search engines 12
Hosts file 6
HOSTS Query 5
Where does the HOSTS file go in XP/2K 13

Top