A Digital Age Deserves A Digital Leader

Browser Hijacking

Browser Hijacking

Postby augie » Fri Sep 26, 2003 12:53 am

If you are having trouble accessing search engines like google, yahoo or altavista, you may have been hijacked. This particular and latest one uses the hosts file to redirect all traffic from these major search engines to the following IP: 64.191.95.139

Do a search for 'hosts' no extension and open it in Notepad (If you use a hosts file and want to remove the offending entries manually). Remove all the lines that contain this IP address (see example below)

64.191.95.139 www.google.com


QUOTE
Where is the hosts file located ?

Windows 95/98/Me c:\windows\hosts

Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts

Windows XP Home c:\windows\system32\drivers\etc\hosts

(you may need administrator access for Windows NT/2000/XP)

NOTE: Hosts is the name of the hosts file and not another directory name. It does not have an extension (extensions are the .exe, .txt, .doc, etc. endings to filenames) and so appears to be another directory in the example above.



If you do not use a hosts file, you can just delete the whole file using explorer as you would delete any other file.

Or you can get Hijack This and remove all of the lines that contain, again, this same IP as in this example:

O1 - Hosts: 64.191.95.139 www.google.com



More from Spyware info
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Postby kanaloa » Fri Sep 26, 2003 1:19 am

Does AdWare not get rid of these?

I've had this happen and usually it was a spybot that Adware could remove.
"Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice, and discipline." - Jim Collins
President
User avatar
Posts: 11795
Joined: Sun Mar 10, 2002 1:18 am
Location: Columbia, SC
Real Name: John Derrick

Postby augie » Fri Sep 26, 2003 1:24 am

This was just discovered by the Spybot people as we speak Well some 8 hrs. ago. Galadriel's post.
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Postby augie » Fri Sep 26, 2003 1:33 am

Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Postby Xstream » Fri Sep 26, 2003 2:13 am

I use winpatrol http://www.winpatrol.com

"Detect, Disable Un-Wanted Programs, Cookies & Tasks.
Safely monitors changes to your system without
slowing down other applications and more!"

and its free!
PROfessional Member
User avatar
Posts: 3477
Joined: Fri Mar 15, 2002 2:30 am
Location: USA

Postby augie » Fri Sep 26, 2003 2:23 am

Thanks Don, will try it out. It's all the unwashed that bother me.
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Postby kanaloa » Fri Sep 26, 2003 2:48 am

Don?
"Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice, and discipline." - Jim Collins
President
User avatar
Posts: 11795
Joined: Sun Mar 10, 2002 1:18 am
Location: Columbia, SC
Real Name: John Derrick

Postby SCgone » Fri Sep 26, 2003 3:15 am

Don?
PRO PLATINUM
Posts: 6879
Joined: Thu Mar 14, 2002 11:59 pm
Location: South Carolina, USA

Postby augie » Fri Sep 26, 2003 3:46 am

Corlione no? Didja watch the movie? :whistle
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Postby kanaloa » Fri Sep 26, 2003 3:52 am

Guueeesss not, lol.
"Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice, and discipline." - Jim Collins
President
User avatar
Posts: 11795
Joined: Sun Mar 10, 2002 1:18 am
Location: Columbia, SC
Real Name: John Derrick

Next

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 0 guests

cron
cron