Both of these trojans will cause havoc with some search engines.
http://www.f-secure.com/v-descs/delude.shtml
NAME: Delude
ALIAS: Trojan.BAT.Startpage.a
Delude is a trojan that is available on a web page. The web page contains a
code that uses a vulnerability in the Internet Explorer (MS03-032) to
execute.
More information about the vulnerability, including a fix, is available from
Microsoft at:
http://www.microsoft.com/security/security_bulletins/ms03-032.asp
VARIANT: Delude.A
The HTA code available on a web page downloads a file "partyboy.exe" from an
ftp site and runs it. This file is is packed with UPX. It is a batch file
which was compiled to executable binary (".exe") using a BatToExe tool.
When executed, it changes the Internet Explorer start page to find-now.info.
It prevents access to the most major search engines such as Google, Yahoo,
Lycos, MSN and AltaVista.
====================
Qhosts virus/trojan, ALERT!.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://vil.nai.com/vil/content/v_100719.htm
http://www.sophos.com/virusinfo/analyses/trojqhosts1.html
Removal tools that have been used with success.
http://www.brown.edu/Facilities/CIS/Software_Services/virus/index.html
http://software.brown.edu/dist/w-cleanqhosts.html
Be sure that you install hotfix 828750 which fixes the exploit that this
virus uses:
http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp
The spyware removal have difficulties in keeping up with this parasite.
Try the removal tool.
CoolWebSearch - CWS
http://www.spywareinfo.com/articles/cws/
More: Where a removal program is available.
http://www.spywareinfo.com/~merijn/cwschronicles.html
Direct Download: If the site is not available.
http://216.180.252.218/~spywareinfo.com/downloads/tools/cwshredder.zip
If you want to check for new parasites.
Go to
http://www.spywareinfo.com/downloads.php#det
Download "Hijack This!" [freeware] or download direct (below):
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
If you get a 404 error or Access denied, try:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip
Unzip, double-click "HijackThis.exe" and Press "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates "hijackthis.log")
Next, HijackThis | Config [button] | Misc Tools [button]
Click: Generate StartupList log [button] (generates "startuplist.txt")
Next, go to the below location:
http://www.spywareinfo.com/forums/
Sign in, then copy and paste both files in your message.
HijackThis Quick Start Help
http://www.tomcoyote.org/hjt/
Google search for "502 bad gateway"
http://groups.google.ca/groups?hl=e...ring=d&q="502+Bad+Gateway"&btnG=Google+Search
Stephen Lo said:
Thank you!
I scanned my machine with Ad-aware v168 from Lavasoft and no spyware
was found. Also i don't have any toolbar from a 3rd party in ie.
Any other suggestion
--
**************************************************************************
Stephen Lo, Vancouver, BC., CA.
H said:
Some parasites will cause havoc if you do not include
http://www... Check it
out.
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm
Stephen Lo said:
I use ie 6 SP1 in Win98, I also have the following entery in the
registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\UrlTemplate]
"1"="
www.%s.com"
"2"="
www.%s.org"
"3"="
www.%s.net"
"4"="
www.%s.edu"
"5"="
www.%s.us"
But ie dose not accept partial address entered in the url address box.
When I enter a partial address such as
yahoo, msn, google... in the address bar ie dose not scan common domains
for a match and dispalys the webpage.
Instaed I get a "502 Bad Gateway" page saying:
Bad Gateway
The following error occurred:
Code:
The host name was not found during the DNS
lookup. Contact your system administrator if the problem is not found by
retrying the URL.
How could i solve this problem and make ie accepts the partial
addresses.
Thank you for your response!!
[/QUOTE][/QUOTE]
[/QUOTE]
