btw... I own 3 spell checkers ..

really..lol

Have you checked the hosts file? It may be something as obvious as that...

encyclo.. Ok I amm reading tutoriaols on Host files now..

Should I do this first and see what is on his computers host files

c:\windows\system32\drivers\etc\hosts

and then edit out the "offending" site?

Hey thats great.I just ran it on mine and look what I found

216.93.168.167 sitefinder.verisign.com

!

sitefinder is verisigns attempt to hijack all typo entries ..it catchs all that traffic and profits from with simply ads..

so I can delete that in my own sytem and replace it with what I want?

sorry to get side tracked..just found that very interesting.

I'm going to call the nephew and have him take alook at his host files in the mean time..

You've got it. In fact, you only need one line in your basic hosts file:

127.0.0.1 localhost

Any others have been subsequently added - for example, if you have:

123.456.78.90 www.google.com

Any requests for www.google.com are sent to the IP address 123.456.78.90 - this would be the IP address of the server of the fake directory.

If you're not sure whether to delete an entry, you can simply add a # to the beginning of the line and it will be disabled. Don't forget to clear all Temporary Internet Files, etc. and restart IE as well (or even a reboot if you want to be sure).

perfect ..appreciate your help..I was just reading on using the # sign "edit the Hosts file and disable all lines that refer to the Web site Internet Protocol (IP) addresses you are unable to view. To do so, place a number sign (#) at the beginning of each line that contains the IP address of the Web site you are unable to view. "

His line is still busy.. but so if I am understanding this correctly.. that vrus or another changed his host files and into doing a redirect..

I'll let you know how it goes ..

appreciate your help..

Just been reading up on Qhost, and it does appear to add entries to the hosts file. Just tell him to open up the hosts file in Notepad and comment out or delete everything except the line for localhost.

Interesting.. I had him wipe everything out and just add the 127 local host..
then file and save... BUT ..it wont let him save ..says something to effect make sure directory is correct..

First I thought it was because we were making changes and for whatever reason it didnt like the changes .. so I had him back out.. come back in and all the address were still in .. so I had him to try and save making NO changes..and he is gettin the same message..

I'm going to head over to his home tommorrow after work.. any ideas I can tak ewith me to be able to save this.. saving as a another file? renaming the host file? that wont work will it?

May be he isnt logged in as admin.. but I dont beleive thats the problem..

I'll do a google and read a bit more tonight see if I can find that error message and a way around it..

Justb to clarify ..This is where we are ..

"Apply the changes, save the file as hosts without an extension by simply clicking FILE => SAVE and not SAVE AS. Reboot your system and your DNS should now resolve. If you do not have a hosts file in any of the above locations, you can create a hosts file by opening Notepad adding the required information then saving the file to the correct path for your system. Remember to save the file without an extension as described above."

The computer just isnt letting him save..

Thanks for all your help encyclo

I went over this afternoon and sure enough after you make changes tot eh host file , it wont let him save. Maybe an extra line the virus addedd?
Anyways..I did the next best thing and simply delted the host file..!

That took care of it ..he can search yahoo and google again..

I'll read up on creating a new host file... is it even necessay?