Virus or hoax??? "If you are seeing this page your host file has been hacked"

H

hal

I have a user who reported getting this popping up intermittently in
IE. Searches on the net are not turning up any references to this.


Thanks,

Hal


If you see this page your hosts file has been hacked. Please use the
instruction below to clean your machine.

You cannot reach the site you where trying to reach without following
this
procedure! - Please follow the steps provided in this document and
make sure
to download all patches for your computer from the Windows Update Site
which
can be found here:
http://windowsupdate.microsoft.com

1. Start regedit,
find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All
Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file.
How to edit your hosts file: locate it first, either by browsing to
the
directory (as shown above) or by hitting "Start - Search - select all
files
and folders - type in 'hosts' (without the quotation marks) and hit
search.
When the file is found, click with your right mouse button on the file
and
select 'Open With...' This will bring up a list of programs to edit
the file
with. Select Notepad from that list and click OK. - Remove all lines
from
the file and type in: 127.0.0.1 localhost. Now close the file and save
your
changes.
For Windows 95/98/Millenium machines: Locate the file hosts in your
C:\Windows directory. Just delete it or edit it with a text editor
like
notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows 2000 machines: Locate the file hosts in your
C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it
with a
text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows XP machines: Locate the file hosts in your
C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it
with a
text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
 
S

Stuart Gray

I have a user who reported getting this popping up intermittently in
IE. Searches on the net are not turning up any references to this.


Thanks,

Hal


If you see this page your hosts file has been hacked. Please use the
instruction below to clean your machine.

You cannot reach the site you where trying to reach without following
this
procedure! - Please follow the steps provided in this document and
make sure
to download all patches for your computer from the Windows Update Site
which
can be found here:
http://windowsupdate.microsoft.com

1. Start regedit,
find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All
Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file.
How to edit your hosts file: locate it first, either by browsing to
the
directory (as shown above) or by hitting "Start - Search - select all
files
and folders - type in 'hosts' (without the quotation marks) and hit
search.
When the file is found, click with your right mouse button on the file
and
select 'Open With...' This will bring up a list of programs to edit
the file
with. Select Notepad from that list and click OK. - Remove all lines
from
the file and type in: 127.0.0.1 localhost. Now close the file and save
your
changes.
For Windows 95/98/Millenium machines: Locate the file hosts in your
C:\Windows directory. Just delete it or edit it with a text editor
like
notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows 2000 machines: Locate the file hosts in your
C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it
with a
text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows XP machines: Locate the file hosts in your
C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it
with a
text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
Click to expand...
I had this once when going onto the google site. I checked my hosts file and
found redirects for every google site and yahoo. Still don't know what
caused it, but deleted all the entries I didn't put in there.
Have a look at his hosts file.

Stuart.
 
D

David W. Hodgins

If you see this page your hosts file has been hacked. Please use the
instruction below to clean your machine.
Click to expand...

The qhosts virus alters which dns server is used, as well as updating
the hosts file. Apparantly someone altered the page the altered dns
or hosts file takes you to, to include that message. It is legit.

You can also try
http://software.brown.edu/dist/w-cleanqhosts.html
to remove the virus.

Regards, Dave Hodgins
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

"...your hosts file has been hacked." 4
Hosts file has been hacked? 1
Host File Hacked Fix Needed 1
Host file Hacked - Browser blocked? 1
hacked 3
hosts file has been hacked 2
host file 1
Host Files Have Been Hacked 2

Top