Re: unable to access specific web sites (Google, Yahoo)
From: Kent W. England [MVP] (kwe_at_mvps.org)
Date: 10/04/03
- Next message: Kent W. England [MVP]: "Re: Answers to frequently asked questions - 04OCT03"
- Previous message: Kent W. England [MVP]: "Re: Bulletin: MS03-040 Cumulative Patch for Internet Explorer (828750)"
- In reply to: Br0wnbear: "Re: unable to access specific web sites (Google, Yahoo)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 4 Oct 2003 10:34:55 -0700
The hosts file is redirected by Qhosts away from that file you mention.
Here are the details as best I can tell. Note that MS03-040 cumulative
patch addresses this exploit, so apply the patch or update at Windows
Update before you fix.
The new Qhosts bug exploits the unpatched residual vulnerability in
MS03-032. See http://vil.nai.com/vil/content/v_100719.htm and
http://www.symantec.com/avcenter/venc/data/trojan.qhosts.html for more
details.
You can fix the Qhosts bug manually if your AV tools don't do it.
Delete the following files:
%WinDir%\Help\hosts
%WinDir%\winlog
Delete the following directory:
c:\bdtmp\tmp
Reset the following registry key value to return to your original hosts
file:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"DataBasePath" = %SystemRoot%\System32\drivers\etc
Delete the following registry key value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\In
terfaces\windows
"r0x" = your s0x
Delete the following IP addresses from your DNS servers list, if
present:
69.57.146.14
69.57.147.175
and reconfigure your DNS server IP addresses, as required by your
service provider.
Qhosts sets all search values to google. Reconfigure your Internet
Explorer search settings as desired, if you don't want google.
To prevent this exploit, install the critical update described by
bulletin MS03-040 and KB828750. To test your browser vulnerability to
this exploit, see http://www.secunia.com/MS03-032/.
If you aren't comfortable editing the registry, post back and I can send
you a .reg file that will fix those keys.
-- Kent W. England, Microsoft MVP for Windows "Br0wnbear" <brownbearat@canadadotcom> wrote in message news:7mqtnvskooh75o3egpp7uhnguchmhsnfns@4ax.com... > On Sat, 4 Oct 2003 08:12:04 -0700, "Liz" <junkrolain@charter.net> > wrote: > > >Does anyone know about a problem where you are unable to > >access just a few web sites (Google, Yahoo, TV Guide) but > >can get to all other web sites fine? I have run Ad-aware > >6.0 and also Spybot, but can't figure out what is > >preventing me from getting onto these sites. Anyone hear > >of this problem? Thanks. -Liz > > > Liz > > This sounds like the Trojan Qhosts. > http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html > > Are you using Windows XP? > > If so check for hosts files. > They are located in c:\windows\system32\drivers\etc . > These files can be opened in Notepad. > Delete the offending entries in notepad and saved the result. > > This is just a quick fix for a proper cleanup the link above is in > more detail.
- Next message: Kent W. England [MVP]: "Re: Answers to frequently asked questions - 04OCT03"
- Previous message: Kent W. England [MVP]: "Re: Bulletin: MS03-040 Cumulative Patch for Internet Explorer (828750)"
- In reply to: Br0wnbear: "Re: unable to access specific web sites (Google, Yahoo)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
