Highjackthis

[ROBERT MANN]

Well, I just heard that there is a variant to the
TrojanQhost virus that Symantec can't nail. I was told
that Hijackthis.exe would work. So I downloaded it and
did a scan. But I could not find Hosts file in the
list. What gives?

 

[Mike Burgess]

Robert,
Did you download the "beta" version of HijackThis?
http://www.spywareinfo.com/~merijn/files/beta/hijackthis.zip
That's the one needed to detect and reset your DNS, etc.
All this is outlined on my HOSTS page (see below)
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-30-03]
Please post replies to this Newsgroup, email address is invalid

 

[Jim Byrd]

Hi Robert - The new beta version of HijackThis will detect the use of a
Windows\Help based HOSTS file which is one of the characteristics of this
virus. You can get it here:
http://www.spywareinfo.com/~merijn/files/beta/hijackthis.zip Here are some
other considerations:

You've apparently gotten infected with the QHosts virus. Read here for
information:

http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719
http://www3.ca.com/virusinfo/virus.aspx?ID=37191

Try the following:


1. Be sure that you install hotfix 828750 which fixes the exploit that this
virus uses:

http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp

2. Update and run a complete Anti-Virus software check of your system. Most
of the major AV companies have updated their latest signatures to detect
this virus (for Network Associates, be sure to get the EXTRADAT.exe update
from the above page as well as your regular update).

3. If running your AV doesn't clean it up, go to this page, read the
directions CAREFULLY (particularly about the Restore option) and download
and run the removal tool:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
If that still doesn't clean it up (and a number of people are reporting that
it did not), then follow the Manual Removal instructions there.

4. You probably will then need to restore your HOSTS file. Download the
Hosts File Reader:

http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe

Run the program, click the "Read Hosts File" button, click the button
labeled "Reset Defaults" and click "Save Changes." If you've been using your
HOSTS file for ad blocking (see http://www.mvps.org/winhelp2002/hosts.htm
Blocking Unwanted Ads with a Hosts File), then you'll need to reset it up
for that purpose.


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[siljaline]

Robert,
Did you download the "beta" version of HijackThis?
http://www.spywareinfo.com/~merijn/files/beta/hijackthis.zip
That's the one needed to detect and reset your DNS, etc.
All this is outlined on my HOSTS page (see below)

Asked and replied to here:

--

siljaline MS MVP IE/OE

(Please reply to group, as reply address is invalid, so that we can all benefit)


"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_