Security Incidents mailing list archives
Unknown Hosts file
From: David Tan <dtan () chipscc com>
Date: 2 Apr 2002 00:31:28 -0000
I have a client machine running Windows 2000 Professional. All of a sudden, one day, the user was unable to access several of the most popular websites (i.e. google, yahoo, cnn, etc.). I noticed that the machine was attempting to access the wrong IP address for all the websites, in fact, it was attempting to access the SAME IP address for every website in the group. After some research, I found there was a Hosts file with all the domains in question listed, and the erroneous IP address. Has anyone ever come accross an incident where a virus or trojan would place a Hosts file onto a system. I have thoroughly scanned the machine for viruses, open ports, etc. and found nothing. Is there anything else I should be on the lookout for? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Unknown Hosts file David Tan (Apr 01)
- Re: Unknown Hosts file Michael ENGEL (Apr 02)
- Re: Unknown Hosts file H C (Apr 02)
- Re: Unknown Hosts file ePAc (Apr 02)
- Re: Unknown Hosts file <-delusion-> (Apr 02)
- <Possible follow-ups>
- RE: Unknown Hosts file BRAD GRIFFIN (Apr 02)
- RE: Unknown Hosts file Brenna Primrose (Apr 02)