- google redirecting to cpanel.net?
- Posted by Giles Harney on October 5th, 2003
Anybody else having this problem?
When I try to go to www.google.com i end up at www.cpanel.net that says;
"There is no website configured at this address. "
Also it seems that when this happens no other search engine (yahoo) will
work for me...
Strange!
- Posted by Helion on October 5th, 2003
Sounds like adware/spyware problem to me. Try
http://download.com.com/3000-2144-10...ml?tag=lst-0-2 to remove it.
By the way, no problem here getting to Google.
"Giles Harney" <gharney@comcast.net> wrote in message
news:aKadnQO_MNkLrx2iU-KYgw@comcast.com...
- Posted by David H. Lipman on October 5th, 2003
Giles:
It may very well be the "QHosts-1" Internet worm.
Please read the following URL. http://vil.nai.com/vil/content/v_100719.htm
If you have the directory: c:\bdtmp\tmp
You have the worm, follow the directions in the URL.
Dave
"Giles Harney" <gharney@comcast.net> wrote in message
news:aKadnQO_MNkLrx2iU-KYgw@comcast.com...
|
| Anybody else having this problem?
|
| When I try to go to www.google.com i end up at www.cpanel.net that says;
|
| "There is no website configured at this address. "
|
| Also it seems that when this happens no other search engine (yahoo) will
| work for me...
|
| Strange!
|
|
|
|
- Posted by Ron Hunter on October 5th, 2003
Giles Harney wrote:
that hijacks many common URLs with a phoney Hosts file.
- Posted by David H. Lipman on October 5th, 2003
Ron:
That's "QHosts-1" not "ghost" you naive person...
Dave
"Ron Hunter" <rphunter@charter.net> wrote in message
news:vo0grhnpbh2e25@corp.supernews.com...
| Giles Harney wrote:
| > Anybody else having this problem?
| >
| > When I try to go to www.google.com i end up at www.cpanel.net that says;
| >
| > "There is no website configured at this address. "
| >
| > Also it seems that when this happens no other search engine (yahoo) will
| > work for me...
| >
| > Strange!
| >
| >
| >
| >
| Google working fine here. Check that you haven't gotten the ghost virus
| that hijacks many common URLs with a phoney Hosts file.
|
- Posted by Warren on October 5th, 2003
Giles Harney wrote:
Sure does sound like the QHosts-1 virus.
http://us.mcafee.com/virusInfo/defau...virus_k=100719
http://www.microsoft.com/technet/tre...n/MS03-040.asp
It could also be adware that has added something to your hosts file to
redirect you. I'd search for a HOSTS file, which as the information on
the QHosts-1 virus tells us, doesn't have to be in the default location.
The Registry can be altered to point to a HOSTS file anywhere.
--
Warren H.
==========
Disclaimer: My views reflect those of myself, and not my
employer, my friends, nor (as she often tells me) my wife.
Any resemblance to the views of anybody living or dead is
coincidental. No animals were hurt in the writing of this
response -- unless you count my dog who desperately wants
to go outside now.
Blatant Plug: Adobe Collections now at Holzemville
http://www.holzemville.com/mall/adobestore.html
- Posted by Giles Harney on October 5th, 2003
"Giles Harney" <gharney@comcast.net> wrote in message
news:aKadnQO_MNkLrx2iU-KYgw@comcast.com...
Thanks to all who responded.
It was indeed the QHosts-1 virus.
Thanks again!
-Giles
- Posted by Tim Smith on October 6th, 2003
In article <sLqcnYqYKsrF_h2iU-KYiA@comcast.com>, Giles Harney wrote:
Well, that is strange. Why would anyone use that virus to send you to
cpanel.net? I'd have expected it to be sending people to porn sites or
Viagra sites or stuff like that.
--
Evidence Eliminator is worthless. See evidence-eliminator-sucks.com
--Tim Smith
- Posted by David H. Lipman on October 6th, 2003
Tim:
Virus plug-ins to increase the capabilities of the infector. Just like many go to UseNet
groups for plug-ins.
Dave
"Tim Smith" <reply_in_group@mouse-potato.com> wrote in message
news:Z52gb.3456$Qy2.2339@newsread4.news.pas.earthl ink.net...
| In article <sLqcnYqYKsrF_h2iU-KYiA@comcast.com>, Giles Harney wrote:
| > Thanks to all who responded. It was indeed the QHosts-1 virus.
|
| Well, that is strange. Why would anyone use that virus to send you to
| cpanel.net? I'd have expected it to be sending people to porn sites or
| Viagra sites or stuff like that.
|
| --
| Evidence Eliminator is worthless. See evidence-eliminator-sucks.com
| --Tim Smith
- Posted by Valentín Guillén on October 6th, 2003
Giles Harney wrote:
Giles,
It's crucial to remember here that what you were experiencing is merely
one of the more benign *symptoms* of what this virus starts out with.
The *symptom* was that it can hijack the method of DNS action on the
infected IE brower/winOS.
The way I see it is that the REAL problem here is that your system was
compromised via TROJAN. Once your system is 'owned' by someone, can you
be 100% certain that other other things haven't been done, like a
"keystroke logger" installed, etc. As far as I know, there is no
current "fix" for the exploit from m$. There is "detection" and
disabling of the exploit, but no fix. The real solution to this
particular vulnerability, as a temporary fix, is to not practice
"promiscuous browsing." That in part means turning off all
radioACTIVE-X componenting. NoONE should be on the public networks with
this technology enabled, EVER!
So what I'm telling you that you should be prudent here. You should
consider this a lucky lesson, and you should learn the lesson: The
lesson here is that once infected with an agent which gives someone else
ROOT access to your computer, the only prudent thing to do is to DELETE
your complete OS and begin from scratch.....it's simply too much work to
attempt to determine what other mechanisms the "root-access" dude may
have compromised your system with, along with the exploit, of which you
were able to see the symptoms.
http://news.com.com/2100-7349-5085861.html?tag=nl
--
Valentín Guillén
Earth - a subsidiary of Microsoft®
- Posted by Warren on October 7th, 2003
Valentín Guillén wrote:
Do you suggest amputation of legs when one discovers an infected
hangnail, too?
McAfee and Norton are leaders in doing just that. Combined with an
effort to make sure an OS has been updated with all the current patches,
plus use of sensible security settings, and taking reasonable in what
one accesses on the Internet, and what programs are launched will go far
further than simply reinstalling the same old unpatched OS, and not
making any effort to work more securely.
Giles,
I've known you to be a pretty savvy computer user, and I'm sure you're
trying to figure-out what went wrong. When you do, let us know.
Understanding how this trojan got by you is something that could be very
useful information.
--
Warren H.
==========
Disclaimer: My views reflect those of myself, and not my
employer, my friends, nor (as she often tells me) my wife.
Any resemblance to the views of anybody living or dead is
coincidental. No animals were hurt in the writing of this
response -- unless you count my dog who desperately wants
to go outside now.
Blatant Plug: Buy just about anything you want
at the Holzemville Mall's Amazon Store
http://www.holzemville.com/amazon
- Posted by Giles Harney on October 7th, 2003
"Warren" <wholzem@hotmail.com> wrote in message
news:Npogb.701057$uu5.115060@sccrnsc04...
Well thanks for that Warren!
I wish I could say how this one got by me. My only guess was the recent
avalanche of spam I received. This has been the first time that my pc has
become infected with a virus / trojan. I havent used any AV software for the
past 2 years. I may reconsider that. I also was behind on a patch. The fix /
cleanup was easy. No, I didnt reinstall my OS, or go *nix, but thanks anyway
Val. 
-Giles
- Posted by Valentín Guillén on October 7th, 2003
Warren wrote:
We all can and obviously will suit ourselves.......
I recommend that anyone who STILL thinks that they are somehow up to the
task of keeping their internet use safe simply by virtue of what they
think they know, and what has worked in the past for them, that person
out to go to Google and research what recently happened to the chief
"dude" over at Half Life 2 software company.
Here's a computer professional, who spends his work day, (his 'life')
coding, an obviously VERY knowlegable and capable guy who's computer
problems started a couple of months ago, seemingly in email. He wrote
off the problem as something he was merely irritated with, and didn't
take the needed precautions. In the end, his company has lost it's
"Crown Jewels", it's source code to the new game it has worked on for
the last five years.
It has been advertising for help in tracking down the culprits who
absconded with fruits of five years of work. All because he got too
familiar and complacent with the m$ problems, and thought he was somehow
immune. He was too busy to keep up with what the latest vulnerabilities
could expose him to.
And so you think that you and I and Giles are somehow superdudes who are
"hep" enough to the task, just because of what we all think we know?
Yea, Right!
http://www.igda.org/Forums/showthrea...0341#post40341
http://www.planethalflife.com/
http://www.tech-report.com/sendto_friend.x/5723/
http://www.geeklife.com/Article.aspx?ArticleId=1225
http://www.shacknews.com/onearticle.x/28619
--
Valentín Guillén
Earth - a subsidiary of Microsoft®
- Posted by Valentín Guillén on October 7th, 2003
Giles Harney wrote:
http://www.wired.com/news/games/0,2101,60701,00.html
.........:-)
--
Valentín Guillén
Earth - a subsidiary of Microsoft®
- Posted by Ron Hunter on October 7th, 2003
Giles Harney wrote:
virus with OE could result in infection.
I trust that all your patches are up to date now. You might also make
sure the OE is set for maximum security feasible, or stop using it.
- Posted by Valentín Guillén on October 7th, 2003
"Bill M." wrote:
It's true that there have been rumours about the existence of one or
both of these two things:
Beta *GAME* code which was stolen but is bootleg, and/or
Beta *GAME* code which was DERIVED from the stolen source code.
The Valve people are saying that no beta game code was stolen, only the
source code. And the rumours of game code DERIVED from the source code
have been publicly disavowed as false.
Gabe Newell has set up several email addresses seeking info from the
public regarding any sightings or postings of game source code, or any
other bootleg cheats or other game content which could be derived from
the stolen source code. They say that only the "engine" and other
related source was stolen, and not the music files nor artwork. In
other words, only the inner workings of the game.....:-)
--
Valentín Guillén
Earth - a subsidiary of Microsoft®
- Posted by Valentín Guillén on October 7th, 2003
http://news.com.com/2100-7349_3-5087...l?tag=nefd_top
- Posted by Valentín Guillén on October 7th, 2003
http://www.cnn.com/money/2003/10/07/...ex.htm?cnn=yes
- Posted by Valentín Guillén on October 7th, 2003
http://news.bbc.co.uk/2/hi/technology/3172282.stm
- Posted by Dan Blum on October 11th, 2003
Tim Smith <reply_in_group@mouse-potato.com> wrote in message news:<Z52gb.3456$Qy2.2339@newsread4.news.pas.earth link.net>...
I had the VIRUS and it is now removed !!!!
I called the Microsoft virus support line and they walked me through
procedures to remove QHOST from my machine. It started with running
a removal program from the Symantec sight. I couldnt tell if that
really did anything (long scan of my drive involved) and the the
removal of several files from my hard drive with a reboot between
each. Dan Blum
