All worked fine until the other day. Whe I type in a URL
(i.e www.yahoo.com) I get a message saying it can't
display the page. If I type in the IP address for Yahoo I
get to the page. I ran a winsock2 recovery procedure in
case it was corrupted and also reset TCP/IP and no luck.
Does anyone have any other suggestion short of re-
installing XP?
>-----Original Message-----
>All worked fine until the other day. Whe I type in a
URL
>(i.e www.yahoo.com) I get a message saying it can't
>display the page. If I type in the IP address for Yahoo
I
>get to the page. I ran a winsock2 recovery procedure in
>case it was corrupted and also reset TCP/IP and no
luck.
>Does anyone have any other suggestion short of re-
>installing XP?
>
>Thanks
>.
Sounds like you may have a spyware browser hijacker that
has taken over DNS on the machine. Need to get something
such as Spybot that will scan for and clean the spyware
off of the machine.
>
On Fri, 28 May 2004 08:28:27 -0700, "Darryl"
<anonymous@discussions.microsoft.com> wrote:
>All worked fine until the other day. Whe I type in a URL
>(i.e www.yahoo.com) I get a message saying it can't
>display the page. If I type in the IP address for Yahoo I
>get to the page. I ran a winsock2 recovery procedure in
>case it was corrupted and also reset TCP/IP and no luck.
>Does anyone have any other suggestion short of re-
>installing XP?
>
>Thanks
Darryl,
If repairing your LSP (Winsock) doesn't help, then you have a browser or dns
hijack.
Search your entire system drive, including hidden and system folders, for file
"hosts". There is one legit copy, in C:\WINDOWS\system32\drivers\etc\. The
others are possibly bogus, and part (but just part) of the problem. Examine the
contents of each copy found, using Notepad. (HINT: Scroll to the end of each
Hosts file, by hitting Ctrl-End, then back up to the top, page by page, before
deciding that the file is empty. Look out for blank lines at the beginning and
end of the file, after localhost, placed there by an exploit!)
How current is your virus protection? Try these free online virus scans:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan/com/activescan_principal.htm>
<http://www.ravantivirus.com/scan/>
<http://security.symantec.com/ssc/home.asp>
<http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional carriers of infection.
Have you downloaded these programs before? Download them again, as many are
revised frequently, to keep up with the current level of malware being attempted
constantly - get the absolutely most current version of each product listed.
They're all free - and most pretty small, so they download quickly enough.
First, download CWShredder from <http://www.majorgeeks.com/download4086.html>.
Next, close all Internet Explorer and Outlook windows, then run CWShredder.
Have it fix all variants.
Now check for, and remove, spyware. Get HijackThis
<http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
<http://www.safer-networking.org/index.php?page=download>. Both free.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
HJT Log.
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it, or a link to your forum post, here):
<http://forums.net-integration.net/>
<http://forums.spywareinfo.com/>
<http://forums.tomcoyote.org/>
<http://www.wilderssecurity.com/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx again.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
>-----Original Message-----
>
>>-----Original Message-----
>>All worked fine until the other day. Whe I type in a
>URL
>>(i.e www.yahoo.com) I get a message saying it can't
>>display the page. If I type in the IP address for Yahoo
>I
>>get to the page. I ran a winsock2 recovery procedure in
>>case it was corrupted and also reset TCP/IP and no
>luck.
>>Does anyone have any other suggestion short of re-
>>installing XP?
>>
>>Thanks
>>.
>Sounds like you may have a spyware browser hijacker that
>has taken over DNS on the machine. Need to get something
>such as Spybot that will scan for and clean the spyware
>off of the machine.
>>
>.
>I did that...all clean.
>-----Original Message-----
>On Fri, 28 May 2004 08:28:27 -0700, "Darryl"
><anonymous@discussions.microsoft.com> wrote:
>
>>All worked fine until the other day. Whe I type in a
URL
>>(i.e www.yahoo.com) I get a message saying it can't
>>display the page. If I type in the IP address for Yahoo
I
>>get to the page. I ran a winsock2 recovery procedure in
>>case it was corrupted and also reset TCP/IP and no
luck.
>>Does anyone have any other suggestion short of re-
>>installing XP?
>>
>>Thanks
>
>Darryl,
>
>If repairing your LSP (Winsock) doesn't help, then you
have a browser or dns
>hijack.
>
>1) Ping www.yahoo.com.
>2) Ping 66.94.230.33.
>Report error messages.
>
>Search your entire system drive, including hidden and
system folders, for file
>"hosts". There is one legit copy, in C:\WINDOWS\system32
\drivers\etc\. The
>others are possibly bogus, and part (but just part) of
the problem. Examine the
>contents of each copy found, using Notepad. (HINT:
Scroll to the end of each
>Hosts file, by hitting Ctrl-End, then back up to the top,
page by page, before
>deciding that the file is empty. Look out for blank
lines at the beginning and
>end of the file, after localhost, placed there by an
exploit!)
>
>How current is your virus protection? Try these free
online virus scans:
><http://www.bitdefender.com/scan/license.php>
><http://www.pandasoftware.com/actives.../activescan_pr
incipal.htm>
><http://www.ravantivirus.com/scan/>
><http://security.symantec.com/ssc/home.asp>
><http://housecall.trendmicro.com/housecall/start_corp.asp>
>
>Now check for, and learn to defend against, additional
carriers of infection.
>Have you downloaded these programs before? Download them
again, as many are
>revised frequently, to keep up with the current level of
malware being attempted
>constantly - get the absolutely most current version of
each product listed.
>They're all free - and most pretty small, so they
download quickly enough.
>
>First, download CWShredder from
<http://www.majorgeeks.com/download4086.html>.
>
>Next, close all Internet Explorer and Outlook windows,
then run CWShredder.
>Have it fix all variants.
>
>Now check for, and remove, spyware. Get HijackThis
><http://www.majorgeeks.com/download.php?det=3155> and
Spybot S&D
><http://www.safer-networking.org/index.php?
page=download>. Both free.
>1) Install and run Spybot. First update it ("Search for
updates"), then run a
>scan ("Check for problems"). Trust Spybot, and make all
recommended deletions.
>2) Install and run HijackThis. Do NOT make any changes
immediately. Save the
>HJT Log.
>3) Have your HJT log interpreted by experts at one or
more of the following
>forums (and post it, or a link to your forum post, here):
><http://forums.net-integration.net/>
><http://forums.spywareinfo.com/>
><http://forums.tomcoyote.org/>
><http://www.wilderssecurity.com/>
>
>If removal of any spyware affects your ability to access
the internet (some
>spyware builds itself into the network software, and its
removal may damage your
>network), run LSP-Fix and / or WinsockXPFIx again.
>
>Cheers,
>Chuck
>Paranoia comes from experience - and is not necessarily a
bad thing.
>.
>Chuck,
Thanks for the info. The Ping www.yahoo come back with an
error...ping request could not find www.yahoo.com. The
ping of the IP address come back fine...4 replies, etc.
Searching for "Hosts" found the legit copy and others but
they are from earthlink, Sbybot, etc. I have spybot and
have run it before and since...no change. I have with
until I get home to download and run CWShredder & Hijack
this. I will let you know how it goes.
URL to IP Mapping not happening 
Linear Mode
