Browser redirects to 127.0.0.1

[Rich]

I can not navigate to any web sites and get redirected
back to the computer's nic, 127.0.0.1, when ever I try to
access the internet. I am connected to a shared broadband
connection via a home network. I can ping the router, the
gateway and of course the computers nic and all have
returned OK. I have discovered and removed 3 viruses from
the machine and any virus scans are coming back clean. I
have read that my HOSTS file may have been changed by a
virus which would cause the above symtoms. Can I delete
the HOSTS file or replace it with one from another
computer?

 

[PA Bear]

First try renaming your hosts file to 'oldhosts'. If the redirect does not
persist, delete 'oldhosts' and reboot.

Now to find the hijacker which changed your old hosts file:

A. Trojans

1. Check in at Windows Update and install all critical updates & reboot.

2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

3. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow all Removal steps.

WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then Disk Cleanup > More options > Delete all but the most
recent Restore Point.

B. Hijackware

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder (fix all found)

2. Ad-Aware (fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Are You Ready for WinXP SP2?
http://www.microsoft.com/athome/security/protect/default.aspx

WinXP SP2 Release Notes
http://support.microsoft.com/default.aspx?scid=kb;en-us;835935

AumHa Forums
http://forum.aumha.org