IE 6.0 security patch 828750

[npm]

Hi,

I am running Internet Explorer 6.0.2800 SP1 on Windows
2000 SP4.

When I installed security patch 828750, access to 75% of
web sites, inc. www.google.com, www.bbc.co.uk,
www.yahoo.com was barred with error message HTTP 400 - Bad
Request. I could still access www.news.bbc.co.uk and
others.

Have backed out the patch, and normal service has resumed.

So what have I missed, and what action needs to be taken
to run with this patch ?

Many thanks,
NPM

 

[H Leboeuf]

You still need to clean your computer. The patch will only prevent a
reinstallation of the parasite.

Qhosts virus/trojan, aka delude.

http://www.f-secure.com/v-descs/delude.shtml

NAME: Delude
ALIAS: Trojan.BAT.Startpage.a
Delude is a trojan that is available on a web page. The web page contains a
code that uses a vulnerability in the Internet Explorer (MS03-032) to
execute.
More information about the vulnerability, including a fix, is available from
Microsoft at:
http://www.microsoft.com/security/security_bulletins/ms03-032.asp
VARIANT: Delude.A
The HTA code available on a web page downloads a file "partyboy.exe" from an
ftp site and runs it. This file is is packed with UPX. It is a batch file
which was compiled to executable binary (".exe") using a BatToExe tool.
When executed, it changes the Internet Explorer start page to find-now.info.
It prevents access to the most major search engines such as Google, Yahoo,
Lycos, MSN and AltaVista. To do this it replaces the following file:

More:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
http://vil.nai.com/vil/content/v_100719.htm
http://www.sophos.com/virusinfo/analyses/trojqhosts1.html

An other removal tool that has been used with success.
http://www.brown.edu/Facilities/CIS/Software_Services/virus/index.html