From Kim Komando computer radio talk show.
www.komando.com
-------------------------------------------------------
Has Google disappeared?
Q. The strangest thing is happening to my computer. When
I try
to search with Google, I'm sent to an error page. It says
I've
downloaded a malicious program. I don't understand this.
What must
I do to correct this?
A. I wrote about this in the last big weekend edition of
our
newsletter. But I want to cover it again, because I've
gotten several
calls on the show and e-mails about it. There is a fix,
along with a
new patch from Microsoft, so all hope is not lost!
This problem is caused by a Trojan horse, which most
people call
Qhosts-1. It may also be called Delude. People apparently
were lured
into this situation by a spam e-mail. The spam sent them
to a
particular Web site, where a pop-up ad downloaded the
Trojan horse.
The download was accomplished through a flaw in Internet
Explorer.
The Trojan horse then downloaded a file called
Partyboy.exe. It
prevents access to search engines, including Google.
Instead, victims
initially were sent to a page that displayed pop-up ads.
The people
behind this probably were paid to run the ads. But that
page was taken
down by the Internet service provider hosting it, and
replaced with the
error message you saw.
Last weekend, Microsoft issued a patch that fixes the
flaw in Internet
Explorer. Everyone should download it. Open Internet
Explorer, and
click Tools>Windows Update. Let the site scan your
computer. You can
also learn more about it here:
http://www.microsoft.com/security/security_bulletins/ms03-
040.asp
If you have this problem on your computer, you have to
change your
hosts file. In Windows XP, it is located at:
C:\Windows\System32\drivers\etc\Hosts.
In Windows 2000, it's at:
C:Winnt\System32\drivers\etc\Hosts
If you are using Windows 98 or ME, try C:\Windows\Hosts.
I could
not find a Hosts file on my installations of 98 and ME,
but you may
have it.
Open the Hosts file with Notepad. Remove any references
to Google
or any other search engine, along with the IP address
64.191.95.139.
Save the file. If Notepad gives the Hosts file an
extension of .txt,
go into Windows Explorer and change it. There should be
no dot or
extension after the word Hosts.
You may still have the Trojan horse or other files on
your system.
Run an updated anti-virus program. Also, run Ad-Aware and
Spybot Search
and Destroy to find and delete them. Those two programs
are free and
can be found at, respectively:
http://www.lavasoftusa.com
http://www.safer-networking.org/