|
|
|
|
| Author |
Message |
Purple
Guest
|
 Posted: Sat Jul 03, 2004 10:04 pm Post subject: virus? |
 |
|
Everytime I click on the icon to open IE it opens up with a dark blue page
with the following in white writing
Detected SPYware! System error #384
__________________________________________________________________________
Your IP address is 62.254.0.36. Using this address a remote computer has
gained anaccess to your computer and probably is collecting the information
about the sites you've visited and the files contained in the folder
Temporary Internet Files. Attention! Ask for help or install the software
for deleting secret information about the sites you visited.
__________________________________________________________________________
Your computer is full of evidences!
ISP of transmission:NTLI
Your IP address:62.254.0.36
They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Your computer is:Windows XP
Risk status for further investigation:VERY HIGH RISK
To protect from the Spyware - click here
To prevent information transmission - click here
To delete the history of your activity, click here
The above three lines are links to
http://www.e-shredder.com/enter.phtml?wm=kamid
The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
called secure.html in the windows folder but everytime I open IE the same
blue page appears and the secure.html file reappears in my windows folder
Everytime I close the window a full page window pops up advertising *** and
I get a red alert from NAV saying Bloodhound.Exploit.10 has been detected in
my local settings and that NAV is unable to repair it
But when I do a full NAV system scan it says there are no viruses on my
computer. What else can be causing this?
Thanks in advance
Fran |
|
| Back to top |
|
 |
Fix your Windows Problems - FAST.
FREE Safe Scan Registry Check. Locate & Fix Errors in Minutes!
|
|
John McGaw
Guest
|
| Posted: Sat Jul 03, 2004 10:04 pm Post subject: Re: virus? |
|
|
"Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
| Quote: | Everytime I click on the icon to open IE it opens up with a dark blue page
with the following in white writing
Detected SPYware! System error #384
__________________________________________________________________________
Your IP address is 62.254.0.36. Using this address a remote computer has
gained anaccess to your computer and probably is collecting the
information
about the sites you've visited and the files contained in the folder
Temporary Internet Files. Attention! Ask for help or install the software
for deleting secret information about the sites you visited.
__________________________________________________________________________
Your computer is full of evidences!
ISP of transmission:NTLI
Your IP address:62.254.0.36
They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Your computer is:Windows XP
Risk status for further investigation:VERY HIGH RISK
To protect from the Spyware - click here
To prevent information transmission - click here
To delete the history of your activity, click here
The above three lines are links to
http://www.e-shredder.com/enter.phtml?wm=kamid
The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
called secure.html in the windows folder but everytime I open IE the same
blue page appears and the secure.html file reappears in my windows folder
Everytime I close the window a full page window pops up advertising ***
and
I get a red alert from NAV saying Bloodhound.Exploit.10 has been detected
in
my local settings and that NAV is unable to repair it
But when I do a full NAV system scan it says there are no viruses on my
computer. What else can be causing this?
Thanks in advance
Fran
Basically you installed, or allowed to be installed, spyware or adware on |
your computer and are now paying the price. Good first steps toward fixing
things are to: 1. download Spybot Search & Destroy and install it 2.
download Lavasoft's AdAware and install it 3. run each program after
downloading the most recent detection files and allow them to fix the
problems they discover 4. obtain a firewall program or at least turn on the
built-in firewall if you are running XP.
--
John McGaw
[Knoxville, TN, USA]
http://johnmcgaw.com |
|
| Back to top |
|
|
Purple
Guest
|
| Posted: Sat Jul 03, 2004 10:04 pm Post subject: Re: virus? |
|
|
"John McGaw" <nowhere@at.all> wrote in message
news:7yFFc.1424$285.465@bignews6.bellsouth.net...
| Quote: | "Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
|
<snip my previous post>
| Quote: |
Basically you installed, or allowed to be installed, spyware or adware on
your computer and are now paying the price. Good first steps toward fixing
things are to: 1. download Spybot Search & Destroy and install it 2.
download Lavasoft's AdAware and install it 3. run each program after
downloading the most recent detection files and allow them to fix the
problems they discover 4. obtain a firewall program or at least turn on
the
built-in firewall if you are running XP.
--
John McGaw
[Knoxville, TN, USA]
http://johnmcgaw.com
|
Hi John
I already have AdAware and completed a scan, I have Norton Firewall which I
keep on permanently
I will download spybot now and see if that helps
Thankyou for your advice
Fran |
|
| Back to top |
|
|
Will Dormann
Guest
|
| Posted: Sat Jul 03, 2004 10:04 pm Post subject: Re: virus? |
|
|
Purple wrote:
| Quote: | Everytime I click on the icon to open IE
|
Mistake #1
| Quote: | it opens up with a dark blue page
with the following in white writing
Detected SPYware! System error #384
|
Run both Ad-Aware and Spybot Search & Destroy to remove any nasties.
If you still have trouble after that, post your HijackThis log.
-WD |
|
| Back to top |
|
|
Purple
Guest
|
| Posted: Sat Jul 03, 2004 10:04 pm Post subject: Re: virus? |
|
|
"Will Dormann" <wdormann@yahoo.com.invalid> wrote in message
news:aAFFc.182689$DG4.118631@fe2.columbus.rr.com...
| Quote: | Purple wrote:
Everytime I click on the icon to open IE
Mistake #1
it opens up with a dark blue page
with the following in white writing
Detected SPYware! System error #384
Run both Ad-Aware and Spybot Search & Destroy to remove any nasties.
If you still have trouble after that, post your HijackThis log.
-WD
|
Hi Will
How do I obtain the HijackThis log?
Thanks
Fran |
|
| Back to top |
|
|
Fix your Windows Problems - FAST.
FREE Safe Scan Registry Check. Locate & Fix Errors in Minutes!
|
|
Will Dormann
Guest
|
| Posted: Sat Jul 03, 2004 11:03 pm Post subject: Re: virus? |
|
|
Purple wrote:
| Quote: | Hi Will
How do I obtain the HijackThis log?
|
Run HijackThis.
Paste the log into a reply to this message.
If any of the above doesn't make sense, try google.
-WD |
|
| Back to top |
|
|
DaveW
Guest
|
| Posted: Sun Jul 04, 2004 12:04 am Post subject: Re: virus? |
|
|
Sounds like it may be spyware/ trojan horse software. If so, or if it's a
virus that NAV cannot resolve, you have little choice but to reformat your
harddrive and do a fresh install of the OS and then reinstall your
applications from your backup.
--
DaveW
"Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
| Quote: | Everytime I click on the icon to open IE it opens up with a dark blue page
with the following in white writing
Detected SPYware! System error #384
__________________________________________________________________________
Your IP address is 62.254.0.36. Using this address a remote computer has
gained anaccess to your computer and probably is collecting the
information
about the sites you've visited and the files contained in the folder
Temporary Internet Files. Attention! Ask for help or install the software
for deleting secret information about the sites you visited.
__________________________________________________________________________
Your computer is full of evidences!
ISP of transmission:NTLI
Your IP address:62.254.0.36
They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Your computer is:Windows XP
Risk status for further investigation:VERY HIGH RISK
To protect from the Spyware - click here
To prevent information transmission - click here
To delete the history of your activity, click here
The above three lines are links to
http://www.e-shredder.com/enter.phtml?wm=kamid
The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
called secure.html in the windows folder but everytime I open IE the same
blue page appears and the secure.html file reappears in my windows folder
Everytime I close the window a full page window pops up advertising ***
and
I get a red alert from NAV saying Bloodhound.Exploit.10 has been detected
in
my local settings and that NAV is unable to repair it
But when I do a full NAV system scan it says there are no viruses on my
computer. What else can be causing this?
Thanks in advance
Fran
|
|
|
| Back to top |
|
|
David Maynard
Guest
|
| Posted: Sun Jul 04, 2004 5:04 am Post subject: Re: virus? |
|
|
DaveW wrote:
| Quote: | Sounds like it may be spyware/ trojan horse software. If so, or if it's a
virus that NAV cannot resolve, you have little choice but to reformat your
harddrive and do a fresh install of the OS and then reinstall your
applications from your backup.
|
Actually, there are lot's of alternatives short of a fresh install.
http://www.spychecker.com/software/antispy.html |
|
| Back to top |
|
|
Spencer
Guest
|
| Posted: Sun Jul 04, 2004 1:35 pm Post subject: Re: virus? |
|
|
Great advice Dave!!
Won't be asking you for any.
Go to www.trendmicro.com and then go to the personal tab at the top of the
page. Click on the housecall icon and follow the instructions. Never failed
me yet when norton can't remove a virus.
Hope you have broadband otherwise it may take some time.
Spencer
"David Maynard" <dNOTmayn@ev1.net> wrote in message
news:10ef2njc3t3um9c@corp.supernews.com...
| Quote: | DaveW wrote:
Sounds like it may be spyware/ trojan horse software. If so, or if it's
a
virus that NAV cannot resolve, you have little choice but to reformat
your
harddrive and do a fresh install of the OS and then reinstall your
applications from your backup.
Actually, there are lot's of alternatives short of a fresh install.
http://www.spychecker.com/software/antispy.html
|
|
|
| Back to top |
|
|
Purple
Guest
|
| Posted: Sun Jul 04, 2004 2:04 pm Post subject: Re: virus? |
|
|
"Will Dormann" <wdormann@yahoo.com.invalid> wrote in message
news:ycGFc.182703$DG4.37051@fe2.columbus.rr.com...
| Quote: | Purple wrote:
Hi Will
How do I obtain the HijackThis log?
Run HijackThis.
Paste the log into a reply to this message.
If any of the above doesn't make sense, try google.
-WD
|
After instally and running everybit of spyware software I could find I have
finally fixed the problem
Thanks all for your help
Fran |
|
| Back to top |
|
|
Fix your Windows Problems - FAST.
FREE Safe Scan Registry Check. Locate & Fix Errors in Minutes!
|
|
T Shadow
Guest
|
| Posted: Sun Jul 04, 2004 6:07 pm Post subject: Re: virus? |
|
|
"Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:LwGFc.604$hW3.292@newsfe5-win.ntli.net...
| Quote: |
"John McGaw" <nowhere@at.all> wrote in message
news:7yFFc.1424$285.465@bignews6.bellsouth.net...
"Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
snip my previous post
Basically you installed, or allowed to be installed, spyware or adware
on
your computer and are now paying the price. Good first steps toward
fixing
things are to: 1. download Spybot Search & Destroy and install it 2.
download Lavasoft's AdAware and install it 3. run each program after
downloading the most recent detection files and allow them to fix the
problems they discover 4. obtain a firewall program or at least turn on
the
built-in firewall if you are running XP.
--
John McGaw
[Knoxville, TN, USA]
http://johnmcgaw.com
Hi John
I already have AdAware and completed a scan, I have Norton Firewall which
I
keep on permanently
I will download spybot now and see if that helps
Thankyou for your advice
Fran
You may want to check out the news group alt.privacy.spyware. |
|
|
| Back to top |
|
|
Guest
|
| Posted: Sun Jul 04, 2004 11:04 pm Post subject: Re: virus? |
|
|
naturesgift@ns.sympatico.ca
"John McGaw" <nowhere@at.all> wrote in message
news:7yFFc.1424$285.465@bignews6.bellsouth.net...
| Quote: | "Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
Everytime I click on the icon to open IE it opens up with a dark blue
page
with the following in white writing
Detected SPYware! System error #384
__________________________________________________________________________
Your IP address is 62.254.0.36. Using this address a remote computer has
gained anaccess to your computer and probably is collecting the
information
about the sites you've visited and the files contained in the folder
Temporary Internet Files. Attention! Ask for help or install the
software
for deleting secret information about the sites you visited.
__________________________________________________________________________
Your computer is full of evidences!
ISP of transmission:NTLI
Your IP address:62.254.0.36
They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1)
Your computer is:Windows XP
Risk status for further investigation:VERY HIGH RISK
To protect from the Spyware - click here
To prevent information transmission - click here
To delete the history of your activity, click here
The above three lines are links to
http://www.e-shredder.com/enter.phtml?wm=kamid
The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
called secure.html in the windows folder but everytime I open IE the
same
blue page appears and the secure.html file reappears in my windows
folder
Everytime I close the window a full page window pops up advertising ***
and
I get a red alert from NAV saying Bloodhound.Exploit.10 has been
detected
in
my local settings and that NAV is unable to repair it
But when I do a full NAV system scan it says there are no viruses on my
computer. What else can be causing this?
Thanks in advance
Fran
Basically you installed, or allowed to be installed, spyware or adware on
your computer and are now paying the price. Good first steps toward fixing
things are to: 1. download Spybot Search & Destroy and install it 2.
download Lavasoft's AdAware and install it 3. run each program after
downloading the most recent detection files and allow them to fix the
problems they discover 4. obtain a firewall program or at least turn on
the
built-in firewall if you are running XP.
--
John McGaw
[Knoxville, TN, USA]
http://johnmcgaw.com
|
|
|
| Back to top |
|
|
jch
Guest
|
| Posted: Tue Jul 06, 2004 1:07 am Post subject: Re: virus? |
|
|
"John McGaw" <nowhere@at.all> wrote in message
news:7yFFc.1424$285.465@bignews6.bellsouth.net...
| Quote: | "Purple" <fparkus@spamtrapntlworld.com> wrote in message
news:XeGFc.597$hW3.444@newsfe5-win.ntli.net...
Everytime I click on the icon to open IE it opens up with a dark blue
page
with the following in white writing
Detected SPYware! System error #384
__________________________________________________________________________
Your IP address is 62.254.0.36. Using this address a remote computer has
gained anaccess to your computer and probably is collecting the
information
about the sites you've visited and the files contained in the folder
Temporary Internet Files. Attention! Ask for help or install the
software
for deleting secret information about the sites you visited.
__________________________________________________________________________
Your computer is full of evidences!
ISP of transmission:NTLI
Your IP address:62.254.0.36
They know you're using:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1)
Your computer is:Windows XP
Risk status for further investigation:VERY HIGH RISK
To protect from the Spyware - click here
To prevent information transmission - click here
To delete the history of your activity, click here
The above three lines are links to
http://www.e-shredder.com/enter.phtml?wm=kamid
The URL showing is C:\WINDOWS\secure.html. I keep deleting the HTML file
called secure.html in the windows folder but everytime I open IE the
same
blue page appears and the secure.html file reappears in my windows
folder
Everytime I close the window a full page window pops up advertising ***
and
I get a red alert from NAV saying Bloodhound.Exploit.10 has been
detected
in
my local settings and that NAV is unable to repair it
But when I do a full NAV system scan it says there are no viruses on my
computer. What else can be causing this?
Thanks in advance
Fran
Basically you installed, or allowed to be installed, spyware or adware on
your computer and are now paying the price. Good first steps toward fixing
things are to: 1. download Spybot Search & Destroy and install it 2.
download Lavasoft's AdAware and install it 3. run each program after
downloading the most recent detection files and allow them to fix the
problems they discover 4. obtain a firewall program or at least turn on
the
built-in firewall if you are running XP.
|
Don't advise to arbitrarily turn on the XP firewall (ICF). This firewall
was not meant for use in a networked environment. I don't know if the
original poster is running his PC as part of a network, but turning on ICF
in that situation would just create more problems. |
|
| Back to top |
|
|
vladimir
Member
Joined: 09 Jul 2004
Posts: 1
|
| Posted: Fri Jul 09, 2004 3:48 am Post subject: Re: virus? |
|
|
I had the same problem. Nothing seemed to work even system restore to an earlier date did not cure it. It seems, this program redirects all your searches to this web page. It blocks all search engines as well and will not let you go the google or yahoo or any other search engines. Look at this link, I will paste the text of it as well. It seems to work so far. It makes sense. Good luck. It is such a pain, those things
http://www.network54.com/Forum/message?forumid=10524&messageid=1065770556
THE PROBLEM WITH GOOGLE SOLVED!!!!
by !mpact
Well, after a long while I have solved the problem I had with Google.
It seems like it was a virus afterall, though not a virus that sends itself, but one that gets downloaded if one surfs into a webpage.
It's called Trojan.QHOSTS, and I suggest you go to symantec if you get the problem (latest update with windows internet explorer is a safetymeassurment towards this trojan aswell.)
They have a rmoval tool for the virus, but I had to do something manually aswell, which I will share with you people:
I searched my computer for a file called HOSTS (no extensions at all)
It was found in two places, under Windows, and under Windows/help.
I opened it with notepad (wordpad works aswell) and I saw that there was a long list of names for websites and in front of them one IP, the same for all of the webpages.
I deleted it all, in both files i found, and saved the file empty, rebooted the comuter and it now works perfect.
Thanks to KingSix, who helped me realize what the problem was (Dynamic Names Servers: DNS)I could easily figure out that the IP + different website adresses in the HOSTS file meant that something was masking the actual IP to all those sites.
Spread the word about this, because I have seen increasingly reports (on microsoft helpforums for instance) about people who get this problem.
NOTE: that I not only used the antivirustool and updated Windows IE6, I also had to manually change the files called HOSTS and reboot. I did not ERASE the files, because the files are put there by Microsoft, the virus just changes them.
Also, when I did the antivirus checkup with the symantec tool, it did not find the virus, which leads me to believe that it actually got removed by my own antivirus program, but that it allready made the changes, but use the tool nevertheless, its better to be safe then sorry. |
|
| Back to top |
|
|
jch
Guest
|
| Posted: Fri Jul 09, 2004 1:05 pm Post subject: Re: virus? |
|
|
HOSTS is a valid name for legitimate files within Windows. This article
would incorrectly lead one to believe that just because HOSTS appears in a
search on their system that they are infected with some strange virus. Not
the case. For example. c:\windows\system32\drivers\etc\HOSTS is a legitimate
file at least on my XP Pro system. A search could turn up many other valid
entries containing the name HOSTS. Do the proper research and avoid running
off deleting files from your hard drive.
"vladimir" <vladimir@onecando-dot-com.no-spam.invalid> wrote in message
news:40ee1aae$1_3@news.athenanews.com...
| Quote: | I had the same problem. Nothing seemed to work even system restore to
an earlier date did not cure it. It seems, this program redirects all
your searches to this web page. It blocks all search engines as well
and will not let you go the google or yahoo or any other search
engines. Look at this link, I will paste the text of it as well. It
seems to work so far. It makes sense. Good luck. It is such a pain,
those things
http://www.network54.com/Forum/message?forumid=10524&messageid=1065770556
THE PROBLEM WITH GOOGLE SOLVED!!!!
by !mpact
Well, after a long while I have solved the problem I had with Google.
It seems like it was a virus afterall, though not a virus that sends
itself, but one that gets downloaded if one surfs into a webpage.
It's called Trojan.QHOSTS, and I suggest you go to symantec if you get
the problem (latest update with windows internet explorer is a
safetymeassurment towards this trojan aswell.)
They have a rmoval tool for the virus, but I had to do something
manually aswell, which I will share with you people:
I searched my computer for a file called HOSTS (no extensions at all)
It was found in two places, under Windows, and under Windows/help.
I opened it with notepad (wordpad works aswell) and I saw that there
was a long list of names for websites and in front of them one IP,
the same for all of the webpages.
I deleted it all, in both files i found, and saved the file empty,
rebooted the comuter and it now works perfect.
Thanks to KingSix, who helped me realize what the problem was (Dynamic
Names Servers: DNS)I could easily figure out that the IP + different
website adresses in the HOSTS file meant that something was masking
the actual IP to all those sites.
Spread the word about this, because I have seen increasingly reports
(on microsoft helpforums for instance) about people who get this
problem.
NOTE: that I not only used the antivirustool and updated Windows IE6,
I also had to manually change the files called HOSTS and reboot. I
did not ERASE the files, because the files are put there by
Microsoft, the virus just changes them.
Also, when I did the antivirus checkup with the symantec tool, it did
not find the virus, which leads me to believe that it actually got
removed by my own antivirus program, but that it allready made the
changes, but use the tool nevertheless, its better to be safe then
sorry.
==============
Posted through www.HowToFixComputers.com/bb - free access to hardware
troubleshooting newsgroups. |
|
|
| Back to top |
|
|
Fix your Windows Problems - FAST.
FREE Safe Scan Registry Check. Locate & Fix Errors in Minutes!
|
|
|
|
| |
Watched Topics
Search
Register
Log in to check your private messages
Profile
Log in
Memberlist
Usergroups