Hi Art - See if these directions help:
You've apparently gotten infected with the QHosts virus. Read here for
information:
http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719
http://www3.ca.com/virusinfo/virus.aspx?ID=37191
Try the following:
1. Be sure that you install hotfix 828750 which fixes the exploit that this
virus uses:
http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp
2. Update and run a complete Anti-Virus software check of your system. Most
of the major AV companies have updated their latest signatures to detect
this virus (for Network Associates, be sure to get the EXTRADAT.exe update
from the above page as well as your regular update).
3. If running your AV doesn't clean it up, go to this page, read the
directions CAREFULLY (particularly about the Restore option) and download
and run the removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
If that still doesn't clean it up (and a number of people are reporting that
it did not), then follow the Manual Removal instructions there. The
following is courtesy of Mike Burgess:
"Does a HOSTS file still exist in Windows\Help?
Trojan Qhosts hijacks the HOSTS file, however unlike normal redirectors,
this one hides the HOSTS file in the "Windows\Help" folder. It then
creates entries that redirects all major search engines to a website.
Note: this website has now been removed, thus the DNS errors.
[more info]
http://www.mvps.org/winhelp2002/hosts.htm (bottom of page)
Run the beta version of HijackThis (link on Hosts page)
_______________________________________
Mike Burgess
http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-30-03]
Please post replies to this Newsgroup, email address is invalid"
Just to follow up on this - there may be multiple different HOSTS files on
your machine with the trojan's settings, and you'll need to find and delete
them all, per the manual directions at the Symantec site.
4. You probably will then need to restore your HOSTS file if you plan to use
it for DNS speedup and/or ad blocking. Download the Hosts File Reader:
http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe
To create a new Default version of HOSTS, run the program, click the "Read
Hosts File" button, click the button labeled "Reset Defaults" and click
"Save Changes." Now go to normal HOSTS file location (Windows XP\2000
Location: - C:\WINDOWS\SYSTEM32\DRIVERS\ETC or Windows 98\ME Location: -
C:\WINDOWS) and rename the "hosts" that it created to "HOSTS" (no quotes,
all caps, no extension). If you've been using your HOSTS file for ad
blocking (see
http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted
Ads with a Hosts File), then you'll need to reset the new default you've
created up for that purpose.
See if this helps.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In
