[augie]

If you are having trouble accessing search engines like google, yahoo or altavista, you may have been hijacked. This particular and latest one uses the hosts file to redirect all traffic from these major search engines to the following IP: 64.191.95.139

Do a search for 'hosts' no extension and open it in Notepad (If you use a hosts file and want to remove the offending entries manually). Remove all the lines that contain this IP address (see example below)

64.191.95.139 www.google.com


QUOTE
Where is the hosts file located ?

Windows 95/98/Me c:\windows\hosts

Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts

Windows XP Home c:\windows\system32\drivers\etc\hosts

(you may need administrator access for Windows NT/2000/XP)

NOTE: Hosts is the name of the hosts file and not another directory name. It does not have an extension (extensions are the .exe, .txt, .doc, etc. endings to filenames) and so appears to be another directory in the example above.



If you do not use a hosts file, you can just delete the whole file using explorer as you would delete any other file.

Or you can get Hijack This and remove all of the lines that contain, again, this same IP as in this example:

O1 - Hosts: 64.191.95.139 www.google.com



More from Spyware info

[kanaloa]

Does AdWare not get rid of these?

I've had this happen and usually it was a spybot that Adware could remove.

[augie]

This was just discovered by the Spybot people as we speak Well some 8 hrs. ago. Galadriel's post.

[augie]

Galadriel's post Sorry

[Xstream]

I use winpatrol http://www.winpatrol.com

"Detect, Disable Un-Wanted Programs, Cookies & Tasks.
Safely monitors changes to your system without
slowing down other applications and more!"

and its free!

[augie]

Thanks Don, will try it out. It's all the unwashed that bother me.

[kanaloa]

Don?

[SCgone]

Don?

[augie]

Corlione no? Didja watch the movie?

[kanaloa]

Guueeesss not, lol.