Re: New Virus?

From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 10/21/03 

Date: Mon, 20 Oct 2003 21:22:09 -0400

And here's the patch which can prevent QHOSTS infections:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-040.asp

"Andrew Z Carpenter [now with added MVP!]" <azc@FILTERcirencester.ac.uk>
wrote in message news:%23wOt4Q0lDHA.2616@TK2MSFTNGP11.phx.gbl...
> > <anonymous@discussions.microsoft.com> wrote in message
> > news:010a01c3973f$6b333e00$a601280a@phx.gbl...
> >
> > Hi JB:
> >
> > Well,I downloaded both tools and cleared off a couple of
> > data miners, restarted and I'm still being re-directed to
> > the bogus Microsoft site! It actully blocks the link to
> > the Security patch dowload link on the MS Homepage too....
> >
> > My IT guys are baffled...they can't find anything either.
> > This is quite bizarre! This is the error message I get...
> >
> > Error: The website you are looking for does not appear to
> > be located on this server.
> >
> > It is our understanding that your computer may require one
> > of the new security patches from Microsoft.Com. Please
> > download it from the following address:
> > http://www.windowsupdate.com
> >
> > After you have updated your windows security at
> > Microsoft's Windows Update (The Link Above) the address
> > you have typed in should take you to where you expected to
> > go.
> >
> > Have you ever seen this before??
> >
> > Many thanks,
> > Donna
> > Thankyou.
>
>
>
> Again, my guess is infection by the QHosts Trojan.
>
> Scan your computer with updated antivirus software, or more
> specifically a QHosts removal tool, such as the one provided
> by Symantec.
>
> As for the link for WindowsUpdate, Microsoft did used to own
> that address but it was taken down due to automated attack
> by virus infected machines.
>
> The real Windows Update website address is as follows:
> http://windowsupdate.microsoft.com
>
> The Qhosts trojan can infect your computer if it is missing
> the latest cumulative patch for Internet Explorer (not the
> bogus one being emailed, but the real one you get from MS).
>
> Good luck!
>
> --
> AZC
> MVP
>
>
> ---
>
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.528 / Virus Database: 324 - Release Date: 16/10/2003
>
>

Relevant Pages

  • Re: Infected Microsoft Patch
    ... Microsoft Policies on Software Distribution ... claim to have the patch attached are bogus. ... the address book of someone infected with a worm, ... > I have scanned my computer for infections several times ...
    (microsoft.public.security.virus)
  • Re: unable to access specific web sites (Google, Yahoo)
    ... The hosts file is redirected by Qhosts away from that file you mention. ... patch addresses this exploit, so apply the patch or update at Windows ... You can fix the Qhosts bug manually if your AV tools don't do it. ...
    (microsoft.public.security.virus)
  • Infected Microsoft Patch
    ... I have scanned my computer for infections several times ... come regardless of which is used. ... Microsoft 2) Is the patch an authentic Microsoft Patch ...
    (microsoft.public.security.virus)
  • Re: Processor is at 100%
    ... I ran a virus check against the systems' C: ... drive and came up empty. ... patch is run would it be fixed when the patch does get applied? ... problem children of the world smart enough to protect their virus infections ...
    (microsoft.public.win2000.networking)