Setting hosts to bogus/erroneous address is one way that anti add/popup work. Some of these, when installed, also install a integration plugin to allow a user to select an add and instruct the program to effectively "blackhole" the given website. Does that user have such a program installed ? (as a side note, most of those will leave their "custom host file" in there, even after uninstall...) --- Nothing is foolproof to a sufficiantly talented fool... oo ,(..)\ ~~ On 2 Apr 2002, David Tan wrote: > > > I have a client machine running Windows 2000 > Professional. All of a sudden, one day, the user was > unable to access several of the most popular > websites (i.e. google, yahoo, cnn, etc.). I noticed that > the machine was attempting to access the wrong IP > address for all the websites, in fact, it was attempting > to access the SAME IP address for every website in > the group. After some research, I found there was a > Hosts file with all the domains in question listed, and > the erroneous IP address. Has anyone ever come > accross an incident where a virus or trojan would > place a Hosts file onto a system. I have thoroughly > scanned the machine for viruses, open ports, etc. > and found nothing. Is there anything else I should be > on the lookout for? > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Apr 02 2002 - 10:22:23 PST