Re: New Entries in my Host File

From: Frode (news_at_mascot.REMOVETOREPLY.dyndns.org)
Date: 09/25/03


Date: Thu, 25 Sep 2003 11:53:27 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RM wrote:
> I have a Windows XP System running behind a PIX 501 firewall. I went to
> go to google to look up some information and came to a page advertising
> some type of security software. It said to go to my host file and remove
> the entries. I went to my host file and found the entries below had been
> added. Has anyone else seen this? Where does it originate from?

AFAIK it's done via an IE hole. Apparently a very limited hole in this case
since all it seems to enable is the editing of the hostfile to hijack a ton
of search engines and redirect you to a crappy search site instead. Spybot
S&D's solution is to just make the hosts file read-only I believe.

- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP3K7BuXlGBWTt1afEQIFxQCfR+tVQeX8zRiCU6UmaPRevgBHD00An0G6
d1+1Ie7R90ppJR9Br2lH8mNs
=EEsu
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: New Entries in my Host File
    ... I went to my host file and found the entries below had been ... Apparently a very limited hole in this case ... of search engines and redirect you to a crappy search site instead. ...
    (alt.computer.security)
  • Re: Strangeness.......PLEASE HELP!
    ... I tried safe mode scanning as well. ... The entries were not beinbg made in the ... Checked the restricted sites and there were A TON of them ... >> the HOST file for some of the critical sites and then it started working ...
    (microsoft.public.win2000.networking)
  • Re: New Entries in my Host File
    ... I went to my host file and found the entries below had ... Apparently a very limited hole in this ... Proud Member of the Exclusive "I have been plonked by Davee because he ...
    (alt.computer.security)
  • Re: HOSTS file somewhat fubar after SP2 update
    ... This has nothing to do with SP2. ... Those entries in your host file were made by one of your anti-spyware/ad ...
    (microsoft.public.windowsxp.security_admin)