Re: "Security site" address in my Hosts file
From: George (George_at_GreatWhiteNorth.ca)
Date: 11/02/04
- Next message: Jan: "Re: Looking for a Program to Password Protect Folders But can Read on Another PC"
- Previous message: Richard S. Westmoreland: "Re: "Security site" address in my Hosts file"
- In reply to: Vanguardx: "Re: "Security site" address in my Hosts file"
- Next in thread: David H. Lipman: "Re: "Security site" address in my Hosts file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 2 Nov 2004 12:00:07 -0500
> Presumably you meant the fields within the extra or questionable entry
> were the other way around (where the IP address is listed first and then
> followed by the IP name).
Yes, you are right.
> "nslookup www.dcsresearch.com" returns:
> Name: www.dcsresearch.com
> Address: 12.170.116.68
>
> "nslookup 64.91.255.87" returns:
> Name: diamondcs.com.au
> Address: 64.91.255.87
>
> So someone or something added an entry to your hosts file to redirect
> you from www.dcsresearch.com to diamondcs.com.au. You enter
> http://www.dcsresearch.com but end up at 64.91.255.87 (instead of
> 12.170.116.68). ARIN's WhoIs (http://ws.arin.net/cgi-bin/whois.pl)
> lists 12.170.116.68 as allocated to AT&T Worldnet, so
> www.dcsresearch.com is a customer of AT&T. ARIN's WhoIs lists
> 64.91.255.87 as allocated to LiquidWeb in Michigan, USA and yet the TLD
> (top-level domain) for the domain was ".au" which is Australia. If you
> run "tracert 64.91.255.87", you'll see it hit LiquidWeb.com and then
> diamondcs.com.au. Could be LiquidWeb is a webhost provider.
> http://whois.aunic.net/ lists the registrant for diamondcs.com.au
> Diamond Computer Systems Pty. Ltd. in Melbourne (AU). A domain lookup
> on dcsresearch.com says it is owned by Tri-State Computer Centre Ltd in
> Pennsylvania, USA (which was also found at
>
http://tri-state-computer-centre-limited.9900118303001.worldpages-ads.com/).
> So this hosts file entry would redirect you from Tri-State's
> www.dcsresearch.com domain by IP name to Diamond's web site by IP
> address that is webhosted by LiquidWeb.
>
> When did you last run a full scan using a recently updated virus
> program? Have you scanned for malware by using Ad-Aware and Spybot?
I found the Hosts entry while cleaning out my computer using Spybot. I use
Norton AV regularly and have it running in the background all the time, but
recently I was seeing a lot of popups and a run of Spybot found several
spyware programs.
>
> Isn't Diamond Computer Systems the makers of TDS-3, an anti-trojan
> program? I did a Google on TDS-3 and it brought back
> tds.diamondcs.com.au. I've seen lots of folks praise this anti-trojan
> hunter program. While malware might add an entry to a hosts file to
> keep you from getting to anti-virus/trojan/malware web sites, this entry
> directs you to such a site.
Strange. Someone's obviously gone to a lot of trouble to do this.
Thanks for your input.
George
>
> --
> _________________________________________________________________
> ******** Post replies to newsgroup - Share with others ********
> Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
> _________________________________________________________________
>
- Next message: Jan: "Re: Looking for a Program to Password Protect Folders But can Read on Another PC"
- Previous message: Richard S. Westmoreland: "Re: "Security site" address in my Hosts file"
- In reply to: Vanguardx: "Re: "Security site" address in my Hosts file"
- Next in thread: David H. Lipman: "Re: "Security site" address in my Hosts file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
