RE: Mystery DNS Changes

["Dowling, Gabrielle" <dowlingg () sullcrom com>]

I haven't seen anything that indicates the hosts file and registry files have changed from those originally described.  
Aolfix will be gone when you look since it deletes itself after doing the other changed.

Some of the registry keys that were discussed on this list previously are guids for nics that would of course vary.  
Symantec has full info, and also a removal tool that will at least help with the registy entries.

This self removal aspect of qhostsis rather a nasty, and should be noted.  We had one av workstation detection today 
due to the temporary internet files haing an affected hta file, but given that we clear those on restart and that the 
exeutable deletes itself, av is probably of no help for already affectewd boxes, so we'll have to implement other 
things to check that.

G  

 -----Original Message-----
From:   Mike O'Connor
Sent:   Fri Oct 03 20:14:48 2003
To:     full-disclosure () lists netsys com
Subject:        RE: [Full-Disclosure] Mystery DNS Changes

I have the described behaviour when visiting google.com, but have
neither the aolfix.exe nor registry entries, on my XP box.  Where would
one find the registry entry for the current DNS(s)?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the 
intended recipient, please delete the e-mail and notify us 
immediately. 
***********************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html