General discussion

Locked

Redirect/hijack problem

By pbtoms ·
A user in the office brought in his home laptop for help. He had several browser hijack/malware/spyware/adware things. AdAware cleaned most of them, but left one that was redirecting to search-dot.com. I found some directions to elimnate it manually, thought we got it. Now, though, he is having a similar, but different problem. It appears that his DNS is being hijacked somehow(I know I probably have terms wrong, sorry). When he puts www.msn.com in the browser, it goes to what looks like a file listing on a website. Pinging www.msn.com gets 66.98.142.143. This is not what I get from another machine. www.google.com gets the same IP. ebay and others work fine. Any idea what this is, or how to fix it? Thanks!

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jschein In reply to Redirect/hijack problem

he has a file on his pc called HOSTS... do a search for it and open it with notepad.

Anything with a # next to it is fine as that is information and not executed.

Below that should be this:


127.0.0.1 localhost

Anything else should be deleted.


For Example:

66.66.66.66 www.hotmail.com

If the above string was in there, the whenever a user typed www.hotmail.com, it would take them to the i.p. address of 66.66.66.66

If nothing else was there, then goto www.lavasoftusa.com and download their adaware. It is free... Install it, update it, and run it. Ensure you check all the boxes and select all of your hard drives. It will remove anything that was persistent.

Good luck

Collapse -

by pbtoms In reply to

This occurred to me on the way back from lunch. Don't know why I didn't think to check the hosts file. I did run AdAware, that was the first thing I did. It didn't actually catch this one, though. Had to remove it manually, but didn't realize it rewrote the hosts file. Deleted them, everything's good. Thanks!

Collapse -

by Antknee26 In reply to Redirect/hijack problem

If adaware did not pick up everything, use Spybot S&amp. It will cleanup the rest. If you can get adaware professional, it will check your running processes, and alert you to malicious processes such as HOST mentioned above. Winpatrol also does a great job of showing you all running tasks and processes, and can even sort out all microsoft processes from 3rd party apps. It can stop and remove them as well. Can be started as a service and monitor your pc, and alert you about any program, script, being installed without your consent.

Collapse -

by pbtoms In reply to

HOSTS isn't actually a malicious process, it's a shortcut around DNS. The malicious process just rewrote it. I got all the stuff cleaned, but since hosts is a normal system file, nothing removed it, so the effects were left, even though the cause was removed.

Collapse -

by pbtoms In reply to Redirect/hijack problem

This question was closed by the author

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums