Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: bakedjake
All other pages work absolutely perfectly; no problems at all - The computer just won't load search engines. I've been using it all day to use other websites, download files etc but as soon as I go to use a major SE; nothing! Minor SE's are working fine.
They load up fine on the other machines, I've done a virus check and used SpyBot but nothing that could explain this behaviour.
Wondering if there's any nasty piece of spyware or something that anybody's encountered that wants me to use an alternative SE (aka Lop.com) but it isn't working properly. Throwing myself out on a limb somewhat with that assumption but I can't think of any other reason this one computer would be so selective.
Any ideas guys?
I have seen this before where an infected PC sent all type in search engine url's to a small ppc affiliate search engine.
But, you may want to keep the line
in your c:\WINDOWS\hosts file since some apps might need it.
127.0.0.1 is the "loopback interface". some apps might open a socket to ip address "127.0.0.1" expecting to connect to the host on which they are running (the "localhost").
everything else should be good to go.
... and yes, you are the victim of spyware. i had this same problem.
Do you like ad.doubleclick.net constantly feeding you popups?
Put it in your hosts file, pointed to your own system: a line like
will do nicely.
Build a little collection of people you don't ever want to hear from again. gator / AKA gain ... go ahead, indulge yourself. Think of it as a small boycott: "waste my time twice, jerk, and you're in the ethernet terminator!"
Here are instruction found on a newsgroup:
Read here for information:
Try the following:
1. Be sure that you install hotfix 828750 which fixes the exploit that this virus uses:
2. Update and run a complete Anti-Virus software check of your system. Most of the major AV companies have updated their latest signatures to detect this virus (for Network Associates (McAfee), be sure to get the EXTRADAT.exe update from the above page as well as your regular update).
3a. If running your AV doesn't clean it up, go to this page, read the directions CAREFULLY (particularly about the Restore option) and download and run the removal tool:
3b. An alternative that by report may work better than the Symantec tool is the Brown University Removal Tool, here:
If that still doesn't clean it up (and a number of people are reporting that it did not with the Symantec tool), then follow the Manual Removal instructions at the link in 3a.
The following is courtesy of Mike Burgess:
"Does a HOSTS file still exist in Windows\Help?
Trojan Qhosts hijacks the HOSTS file, however unlike normal redirectors, this one hides the HOSTS file in the "Windows\Help" folder. It then creates entries that redirects all major search engines to a website. Note: this website has now been removed, thus the DNS errors.
[mvps.org...] (bottom of page)
Run the beta version of HijackThis
If you need to report a problem:
Unzip, double-click "HijackThis.exe" and Press "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click: "Save Log" (generates: "hijackthis.log")
Next, go to the below location:
Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.
Just to follow up on this - there may be multiple different HOSTS files on your machine with the trojan's settings some of which cannot not be removed by the Removal Tools, and you'll need to do a search to find and just delete them all, or clean them per the manual directions at the Symantec site.
4. You probably will then need to restore your HOSTS file if you plan to use
it for DNS speedup and/or ad blocking. Download the Hosts File Reader:
To create a new Default version of HOSTS, run the program, click the "Read Hosts File" button, click the button labeled "Reset Defaults" and click "Save Changes." Note that this is NOT a recreation of your original HOSTS file, but a brand new "initialized" one. Now go to normal HOSTS file location (Windows XP\2000 Location: - C:\WINDOWS\SYSTEM32\DRIVERS\ETC or Windows 98\ME Location: - C:\WINDOWS) and rename the "hosts" file that it created to "HOSTS" (no quotes, all caps, no extension). If you've been using your HOSTS file for ad blocking (see [mvps.org...] Blocking Unwanted Ads with a Hosts File), then you'll need to reset the new default you've created up for that purpose. (Recommended, BTW - it also blocks a lot of "malware" as well as offensive advertising.)
I hope that will solve your problem ;-)