RE: Virus with XP
I've found a tool that helps with problems like this (Spyware, Adware, Browser hijackers, etc) and includes tools for prevention. Take a look at Spybot Search and Destroy at http://security.kolla.de/. I've been usgng it for a year and it works great (plus it's completely free.) Thanks...Ray Thought for the day: A good scientist is a person with original ideas. A good engineer is a person who makes a design that works with as few original ideas as possible. There are no prima donnas in engineering. --Freeman Dyson -Original Message- From: Tony Nguyen [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 8:21 AM To: Exchange Discussions Subject: RE: Virus with XP This work. Thank You everyone for your help. This is the best forum and the people are so helpful here. Thank You again Tony -Original Message- From: Randal, Phil [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 7:59 AM To: Exchange Discussions Subject: RE: Virus with XP This is reminiscent of the QHosts-1 trojan: http://vil.nai.com/vil/content/v_100719.htm The information in the link will give you a few clues as to what might have been changed. Cheers, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Tony Nguyen > Sent: 10 November 2003 15:52 > To: Exchange Discussions > Subject: RE: Virus with XP > > > What is the name of this file and where is it location? > > -Original Message- > From: David, Andy [mailto:[EMAIL PROTECTED] > Sent: Monday, November 10, 2003 7:46 AM > To: Exchange Discussions > Subject: RE: Virus with XP > > > Check to see if your local hosts file has a bunch of bogus entries. > > > -Original Message- > From: Tony Nguyen [mailto:[EMAIL PROTECTED] > Sent: Monday, November 10, 2003 10:29 AM > To: Exchange Discussions > Subject: Virus with XP > > > My home computer (window XP) was infected with virus and I > clean it. Now > when I open my browser and go to www.google.com it take me to another > website www.cpanel.net. Has anyone seen this before and I do > I fix this? > Thank > > Tony Nguyen ([EMAIL PROTECTED]) > System Administrator/DBA > Senior Aerospace Jet Products > www.jetproducts.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Virus with XP
Hi there This is a known virus - Symantec has a removal tool for this. Thanks Russell -Original Message- From: Tony Nguyen [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:29 AM To: Exchange Discussions Subject: Virus with XP My home computer (window XP) was infected with virus and I clean it. Now when I open my browser and go to www.google.com it take me to another website www.cpanel.net. Has anyone seen this before and I do I fix this? Thank Tony Nguyen ([EMAIL PROTECTED]) System Administrator/DBA Senior Aerospace Jet Products www.jetproducts.com _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Virus with XP
One of those hosts file viruses relocates the hosts file to c:\windows\help (or c:\winnt\help). It does not overwrite your existing hosts file, but puts a bogus one in the help directory and modifies the registry so windows looks there instead. -Original Message- From: Tony Nguyen [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:52 AM To: Exchange Discussions Subject: RE: Virus with XP What is the name of this file and where is it location? -Original Message- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 7:46 AM To: Exchange Discussions Subject: RE: Virus with XP Check to see if your local hosts file has a bunch of bogus entries. -Original Message- From: Tony Nguyen [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:29 AM To: Exchange Discussions Subject: Virus with XP My home computer (window XP) was infected with virus and I clean it. Now when I open my browser and go to www.google.com it take me to another website www.cpanel.net. Has anyone seen this before and I do I fix this? Thank Tony Nguyen ([EMAIL PROTECTED]) System Administrator/DBA Senior Aerospace Jet Products www.jetproducts.com _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Virus with XP
This work. Thank You everyone for your help. This is the best forum and the people are so helpful here. Thank You again Tony -Original Message- From: Randal, Phil [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 7:59 AM To: Exchange Discussions Subject: RE: Virus with XP This is reminiscent of the QHosts-1 trojan: http://vil.nai.com/vil/content/v_100719.htm The information in the link will give you a few clues as to what might have been changed. Cheers, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Tony Nguyen > Sent: 10 November 2003 15:52 > To: Exchange Discussions > Subject: RE: Virus with XP > > > What is the name of this file and where is it location? > > -Original Message- > From: David, Andy [mailto:[EMAIL PROTECTED] > Sent: Monday, November 10, 2003 7:46 AM > To: Exchange Discussions > Subject: RE: Virus with XP > > > Check to see if your local hosts file has a bunch of bogus entries. > > > -Original Message- > From: Tony Nguyen [mailto:[EMAIL PROTECTED] > Sent: Monday, November 10, 2003 10:29 AM > To: Exchange Discussions > Subject: Virus with XP > > > My home computer (window XP) was infected with virus and I > clean it. Now > when I open my browser and go to www.google.com it take me to another > website www.cpanel.net. Has anyone seen this before and I do > I fix this? > Thank > > Tony Nguyen ([EMAIL PROTECTED]) > System Administrator/DBA > Senior Aerospace Jet Products > www.jetproducts.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Virus with XP
This is reminiscent of the QHosts-1 trojan: http://vil.nai.com/vil/content/v_100719.htm The information in the link will give you a few clues as to what might have been changed. Cheers, Phil - Phil Randal Network Engineer Herefordshire Council Hereford, UK > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Tony Nguyen > Sent: 10 November 2003 15:52 > To: Exchange Discussions > Subject: RE: Virus with XP > > > What is the name of this file and where is it location? > > -Original Message- > From: David, Andy [mailto:[EMAIL PROTECTED] > Sent: Monday, November 10, 2003 7:46 AM > To: Exchange Discussions > Subject: RE: Virus with XP > > > Check to see if your local hosts file has a bunch of bogus entries. > > > -Original Message- > From: Tony Nguyen [mailto:[EMAIL PROTECTED] > Sent: Monday, November 10, 2003 10:29 AM > To: Exchange Discussions > Subject: Virus with XP > > > My home computer (window XP) was infected with virus and I > clean it. Now > when I open my browser and go to www.google.com it take me to another > website www.cpanel.net. Has anyone seen this before and I do > I fix this? > Thank > > Tony Nguyen ([EMAIL PROTECTED]) > System Administrator/DBA > Senior Aerospace Jet Products > www.jetproducts.com > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Virus with XP
C:\WINDOWS\system32\drivers\etc -Original Message- From: Tony Nguyen [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 7:52 AM To: Exchange Discussions Subject: RE: Virus with XP What is the name of this file and where is it location? -Original Message- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 7:46 AM To: Exchange Discussions Subject: RE: Virus with XP Check to see if your local hosts file has a bunch of bogus entries. -Original Message- From: Tony Nguyen [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:29 AM To: Exchange Discussions Subject: Virus with XP My home computer (window XP) was infected with virus and I clean it. Now when I open my browser and go to www.google.com it take me to another website www.cpanel.net. Has anyone seen this before and I do I fix this? Thank Tony Nguyen ([EMAIL PROTECTED]) System Administrator/DBA Senior Aerospace Jet Products www.jetproducts.com _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Virus with XP
What is the name of this file and where is it location? -Original Message- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 7:46 AM To: Exchange Discussions Subject: RE: Virus with XP Check to see if your local hosts file has a bunch of bogus entries. -Original Message- From: Tony Nguyen [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:29 AM To: Exchange Discussions Subject: Virus with XP My home computer (window XP) was infected with virus and I clean it. Now when I open my browser and go to www.google.com it take me to another website www.cpanel.net. Has anyone seen this before and I do I fix this? Thank Tony Nguyen ([EMAIL PROTECTED]) System Administrator/DBA Senior Aerospace Jet Products www.jetproducts.com _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Virus with XP
Check to see if your local hosts file has a bunch of bogus entries. -Original Message- From: Tony Nguyen [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:29 AM To: Exchange Discussions Subject: Virus with XP My home computer (window XP) was infected with virus and I clean it. Now when I open my browser and go to www.google.com it take me to another website www.cpanel.net. Has anyone seen this before and I do I fix this? Thank Tony Nguyen ([EMAIL PROTECTED]) System Administrator/DBA Senior Aerospace Jet Products www.jetproducts.com _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Virus with XP
Do an scan at http://housecall.trendmicro.com/ Then download Spybot Search & Destroy and run that (don't forget to run the update before scanning) -Original Message- From: Tony Nguyen [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 7:29 AM To: Exchange Discussions Subject: Virus with XP My home computer (window XP) was infected with virus and I clean it. Now when I open my browser and go to www.google.com it take me to another website www.cpanel.net. Has anyone seen this before and I do I fix this? Thank Tony Nguyen ([EMAIL PROTECTED]) System Administrator/DBA Senior Aerospace Jet Products www.jetproducts.com _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Virus with XP
Install and run free program called AdAware by Lavasoft. Available at downloads.com. Afterwards, install and run free program called SpywareBlaster, also available at downloads.com --- Tony Nguyen <[EMAIL PROTECTED]> wrote: > My home computer (window XP) was infected with virus > and I clean it. Now > when I open my browser and go to www.google.com it > take me to another > website www.cpanel.net. Has anyone seen this before > and I do I fix this? > Thank > > Tony Nguyen ([EMAIL PROTECTED]) > System Administrator/DBA > Senior Aerospace Jet Products > www.jetproducts.com > > > _ > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english > To unsubscribe: > mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
