Can't Search
Norm Bucklew
button on the tool bar, or even by searching from
the "Search the Web" line at MSN's web page, I
receive "this page cannot be displayed". Seem to get this
error no matter what search engine I use.
Any ides?
Norm
Ed Halverson
Go to this link, it should help you out:
http://securityresponse.symantec.com/avcenter/venc/data/tr
ojan.qhosts.removal.tool.html
Jim Byrd
here for information:
http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719
http://www3.ca.com/virusinfo/virus.aspx?ID=37191
Try the following:
1. Be sure that you install hotfix 828750 which fixes the exploit that this
virus uses:
http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp
2. Update and run a complete Anti-Virus software check of your system. Most
of the major AV companies have updated their latest signatures to detect
this virus (for Network Associates (McAfee), be sure to get the EXTRADAT.exe
update from the above page as well as your regular update).
3a. If running your AV doesn't clean it up, go to this page, read the
directions CAREFULLY (particularly about the Restore option) and download
and run the removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
3b. An alternative that by report may work better than the Symantec tool is
the Brown University Removal Tool, here:
http://software.brown.edu/dist/w-cleanqhosts.html
If that still doesn't clean it up (and a number of people are reporting that
it did not with the Symantec tool), then follow the Manual Removal
instructions at the link in 3a. The following is courtesy of Mike Burgess:
"Does a HOSTS file still exist in Windows\Help?
Trojan Qhosts hijacks the HOSTS file, however unlike normal redirectors,
this one hides the HOSTS file in the "Windows\Help" folder. It then
creates entries that redirects all major search engines to a website.
Note: this website has now been removed, thus the DNS errors.
[more info]
http://www.mvps.org/winhelp2002/hosts.htm (bottom of page)
Run the beta version of HijackThis
(http://www.spywareinfo.com/~merijn/files/beta/hijackthis.zip)
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-30-03]
Please post replies to this Newsgroup, email address is invalid"
Just to follow up on this - there may be multiple different HOSTS files on
your machine with the trojan's settings some of which cannot not be removed
by the Removal Tools, and you'll need to do a search to find and just delete
them all, or clean them per the manual directions at the Symantec site.
4. You probably will then need to restore your HOSTS file if you plan to use
it for DNS speedup and/or ad blocking. Download the Hosts File Reader:
http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe
To create a new Default version of HOSTS, run the program, click the "Read
Hosts File" button, click the button labeled "Reset Defaults" and click
"Save Changes." Note that this is NOT a recreation of your original HOSTS
file, but a brand new "initialized" one. Now go to normal HOSTS file
location (Windows XP\2000 Location: - C:\WINDOWS\SYSTEM32\DRIVERS\ETC or
Windows 98\ME Location: - C:\WINDOWS) and rename the "hosts" file that it
created to "HOSTS" (no quotes, all caps, no extension). If you've been using
your HOSTS file for ad blocking (see
http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted Ads with a Hosts
File), then you'll need to reset the new default you've created up for that
purpose. (Recommended, BTW - it also blocks a lot of "malware" as well as
offensive advertising.)
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:088201c38f68$90f2d530$a001...@phx.gbl,
Norm Bucklew <norm.b...@mindspring.com> typed:
Option^Explicit
trojan, but just as a simple reader for those new to dealing with files
without extensions,
I have however modified the program, with more functionality, to search for
hosts files in multiple locations, and manage them all from the desktop.
Screenshot http://members.shaw.ca/techcd/VB_Projects/HostFileReader(new).JPG
file http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.zip
"Jim Byrd" <jrb...@spamlesscomcast.net> wrote in message
news:eSPcZQ3j...@TK2MSFTNGP12.phx.gbl...
Jim Byrd
for Hosts I get a Run-time error '52': Bad file name or number and it then
shuts down.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:huOhb.68012$pl3.18846@pd7tw3no,
Option^Explicit <techsmail%@shaw.ca> typed:
Pat
patch did not correct.
I was able to download a patch from McAfee that corrects
the problem
>.
>
Option^Explicit
I did test on Win2ksp4 machine without incident.
Is it an instant error, or does it start the scan?
anyone else see this problem..?
"Jim Byrd" <jrb...@spamlesscomcast.net> wrote in message
news:OdTPkh9j...@TK2MSFTNGP12.phx.gbl...
Jim Byrd
partition, not on C: if that has any bearing.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:DBYhb.71055$6C4.54308@pd7tw1no,
Option^Explicit <techsmail%@shaw.ca> typed:
Kay Dove
with IE...Netscape still works, but I'd rather use IE.
I can get to www.msn.com or www.yahoo.com, but any attempt
to search gets a result of "page cannot be displayed".
I've uninstalled IE6 and reinstalled and uninstalled and
reinstalled 5.5 and then IE 6. I've searched for Qhost
virus but none was found...any ideas?
Glenn Hanley
this problem!
I absolutely cannot figure this one out. It just started
about 2 weeks ago and I really need to be able to search.
If you get an answer and it works, please let me know via
email. If I get an answer, I'll contact you.
thanks,
Glenn Hanley
>.
>
Jim Byrd
here for information:
Try the following:
http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
http://software.brown.edu/dist/w-cleanqhosts.html
http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:2868401c3911f$0fa4ad10$a601...@phx.gbl,
Glenn Hanley <gha...@att.net> typed:
Jim Byrd
for information:
http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719
http://www3.ca.com/virusinfo/virus.aspx?ID=37191
Try the following:
1. Be sure that you install hotfix 828750 which fixes the exploit that this
virus uses:
http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp
2. Update and run a complete Anti-Virus software check of your system. Most
of the major AV companies have updated their latest signatures to detect
this virus (for Network Associates (McAfee), be sure to get the EXTRADAT.exe
update from the above page as well as your regular update).
3a. If running your AV doesn't clean it up, go to this page, read the
directions CAREFULLY (particularly about the Restore option) and download
and run the removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
3b. An alternative that by report may work better than the Symantec tool is
the Brown University Removal Tool, here:
http://software.brown.edu/dist/w-cleanqhosts.html THIS WOULD BE MY PRIMARY
RECOMMENDATION
http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe
In news:2867301c3911c$87469ed0$a601...@phx.gbl,
Kay Dove <kd...@cinci.rr.com> typed:
Option^Explicit
I was finally able to get an error on the search function, due to a locked
folder, on reboot the error was gone, and the scan resumed working.
So far I havent got any other reports of errors yet, but I will be modifying
this to list any "unaccessible" folders rather than skip them, at least to
alert the user where the problem was.
"Jim Byrd" <jrb...@spamlesscomcast.net> wrote in message
news:uBPbsyCk...@TK2MSFTNGP10.phx.gbl...
Jim Byrd
another go and see if that accounts for it. I'd like to be able to point
people to it, since this plague of qHosts appears to be expanding. Thanks
jrbyrd AT comcast.net.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:Mv2kb.116468$6C4.49419@pd7tw1no,
Option^Explicit <techsmail%@shaw.ca> typed:
Option^Explicit
http://members.shaw.ca/techcd/BetaTest/HostsFileReader-B.exe
Let me know if you still have the same problem
"Jim Byrd" <jrb...@spamlesscomcast.net> wrote in message
news:etyNZfTl...@tk2msftngp13.phx.gbl...
Jim Byrd
if you want to delete, it will only allow a single selection in the box, and
after deleting that, it clears the box (except for the legitimate \etc
entry) which then prevents other deletions without running a new scan (and
at first scared me because I thought it had deleted all of the other entries
as well, which after investigation of course I found that it had not.) You
might want to take a look at that sequence so that either you can select
multiple files to delete, or it returns you to an updated box for further
deletes. Other than this, a nice helpful program, fast and complete.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:SeIlb.152622$pl3.96934@pd7tw3no,
Option^Explicit <techsmail%@shaw.ca> typed:
Url
cleaned, has users still unable to use any search engine
I have resolved all of them so far.
the solution I have found with these users, who after goinf through
all the steps to clean the virus and then finding they still connot
use seasrch, is to do the following.
Go to C:\windows\help
there you should find a 4k Hosts file and inside it you will find
entires for every known search engine.
NOTE - Searching for HOSTS does not show the one in the Help
directory at least on the machines I worked on.
Delete or rename this file.
Now goto C:\i386 and copy the 1k (730 byte) HOSTS file
Or copy one from another PC
Now paste the 1k (730 byte)Hosts file over the
C:\windows\drivers\etc\hosts file. the Hosts file in that directory
will be 1k (734 bytes) and modified recently
After doing this, My users who had cleaned the qhost but still had
the search problems where all fixed... at least so far
Hope this helps some of you.
"Jim Byrd" <jrb...@spamlesscomcast.net> wrote in message news:<#hei0KTm...@TK2MSFTNGP11.phx.gbl>...
Jim Byrd
you're in agreement:
"Just to follow up on this - there may be multiple different HOSTS files on
your machine with the trojan's settings some of which cannot not be removed
by the Removal Tools, and you'll need to do a search to find and just delete
them all, or clean them per the manual directions at the Symantec site. A
very useful tool for this purpose is HostFileReader, available here:
http://members.shaw.ca/techcd/BetaTest/HostsFileReader-B.exe This will
locate all of the HOSTS files on your designated partition and allow you to
remove them individually. It's still in development (being further
improved), and the latest version I tested required you to do a new scan
after each removal in order to select another one to remove; however, this
may have changed by the time you get it. Recommended especially for the
qHosts worm problem.
4. You probably will then need to restore your HOSTS file if you plan to use
it for DNS speedup and/or ad blocking. Download the Hosts File Reader as
above. Then:
To create a new Default version of HOSTS, run the program, click the "Read
Hosts File" button, click the button labeled "Reset Defaults" and click
"Save Changes." Note that this is NOT a recreation of your original HOSTS
file, but a brand new "initialized" one. Now go to normal HOSTS file
location (Windows XP\2000 Location: - C:\WINDOWS\SYSTEM32\DRIVERS\ETC or
Windows 98\ME Location: - C:\WINDOWS) and rename the "hosts" file that it
created to "HOSTS" (no quotes, all caps, no extension). If you've been using
your HOSTS file for ad blocking (see
http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted Ads with a Hosts
File), then you'll need to reset the new default you've created up for that
purpose. (Recommended, BTW - it also blocks a lot of "malware" as well as
offensive advertising.)"
That OK?
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:SeIlb.152622$pl3.96934@pd7tw3no,
Option^Explicit <techsmail%@shaw.ca> typed:
Option^Explicit
http://members.shaw.ca/techcd/BetaTest/HostsFileReader_ex.exe
-Multiple select items (confirmation on each, no mistakes)
-Updated file list after delete(will also confirm the file is gone, not just
removed from the list)
other ideas?
"Jim Byrd" <jrb...@spamlesscomcast.net> wrote in message
news:%23jzwgba...@TK2MSFTNGP10.phx.gbl...
Jim Byrd
I'm going to go ahead and include this new link in my qHosts post unless
you've some objection. Thanks very much for your good work on this.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:YX3mb.163862$pl3.142141@pd7tw3no,
Option^Explicit <techsmail%@shaw.ca> typed:
Jim Byrd
described anything incorrectly, please let me know.
"Just to follow up on this - there may be multiple different HOSTS files on
your machine with the trojan's settings some of which cannot not be removed
by the Removal Tools, and you'll need to do a search to find and just delete
them all, or clean them per the manual directions at the Symantec site. A
very useful tool for this purpose is HostFileReader, available here courtesy
of Option^Explicit:
http://members.shaw.ca/techcd/BetaTest/HostsFileReader_ex.exe This will
locate all of the HOSTS files on your designated partition and allow you to
remove them individually. Recommended, especially for the qHosts worm
problem.
4. You probably will then need to restore your HOSTS file if you plan to use
it for DNS speedup and/or ad blocking. Download the Hosts File Reader as
above. Then:
To create a new Default version of HOSTS, run the program, click the "Reset
Default" button. Note that this is NOT a recreation of your original HOSTS
file, but a brand new "initialized" one correctly named HOSTS in the
appropriate folder for your OS (Windows XP\2000 Location: -
C:\WINDOWS\SYSTEM32\DRIVERS\ETC or Windows 98\ME Location: - C:\WINDOWS).
If you've been using your HOSTS file for ad blocking (see
http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted Ads with a Hosts
File) and/or DNS speedup, then you'll need to reset the new default you've
created for that purpose. (Using this HOSTS file for Ad blockikng is
recommended, BTW, since it also blocks a lot of "malware" as well as
offensive advertising.)"
Thanks again.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:YX3mb.163862$pl3.142141@pd7tw3no,
Option^Explicit <techsmail%@shaw.ca> typed:
Option^Explicit
file instead. Downloading an .exe isn't always the first choice for people.
Also added a notepad feature, dunno why, just for looks....lol
http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.zip
Good until someone comes up with some more ideas..
Thanks for your input :)
"Jim Byrd" <jrb...@spamlesscomcast.net> wrote in message
news:uEGF$CgmDH...@TK2MSFTNGP09.phx.gbl...
Jim Byrd
appropriately.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In news:0WImb.182306$6C4.14549@pd7tw1no,
Option^Explicit <techsmail%@shaw.ca> typed: