Re: Unknown Hosts file

[ePAc <epac () korigan net>]

Setting hosts to bogus/erroneous address is one way that anti add/popup
work. Some of these, when installed, also install a integration plugin to
allow a user to select an add and instruct the program to effectively
"blackhole" the given website. Does that user have such a program
installed ? (as a side note, most of those will leave their "custom host
file" in there, even after uninstall...)

---
Nothing is foolproof to a sufficiantly talented fool...
  oo
,(..)\
  ~~

On 2 Apr 2002, David Tan wrote:

> I have a client machine running Windows 2000
> Professional.  All of a sudden, one day, the user was
> unable to access several of the most popular
> websites (i.e. google, yahoo, cnn, etc.).  I noticed that
> the machine was attempting to access the wrong IP
> address for all the websites, in fact, it was attempting
> to access the SAME IP address for every website in
> the group.  After some research, I found there was a
> Hosts file with all the domains in question listed, and
> the erroneous IP address.  Has anyone ever come
> accross an incident where a virus or trojan would
> place a Hosts file onto a system.  I have thoroughly
> scanned the machine for viruses, open ports, etc.
> and found nothing.  Is there anything else I should be
> on the lookout for?
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com