Booyah! Posted October 3, 2003 Share Posted October 3, 2003 (edited) This pest spreads through pop-up ads. Good reason to get a browser with "Do not open unrequested pop-ups" feature. Or do some hosts file blocking. Updated story here- Manual instructions at bottom of this page- http://vil.nai.com/vil/content/v_100719.htm Edited October 4, 2003 by Booyah! Link to comment Share on other sites More sharing options...
HellBender Posted October 3, 2003 Share Posted October 3, 2003 Or use firebird :D Link to comment Share on other sites More sharing options...
mlerner Posted October 3, 2003 Share Posted October 3, 2003 what's the ip of the originating trojan? I want to block it with my router. Link to comment Share on other sites More sharing options...
MxxCon Posted October 4, 2003 Share Posted October 4, 2003 Or use firebird :D hello? anybody home? your brain left on vacation and it's plane crashed? this is trojan alters your HOSTS files, which is system-wide change. it doesn't matter browser or internet application you are using. Link to comment Share on other sites More sharing options...
gosh Posted October 4, 2003 Share Posted October 4, 2003 It modifies your registry too smart ass. Only IE is vulnerable to this exploit. -gosh Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted October 5, 2003 MVC Share Posted October 5, 2003 (edited) Theres a removal tool out written by symantec on there website. Or i have added a link in this post 2 it for u all. Edited October 5, 2003 by Sawyer12 Link to comment Share on other sites More sharing options...
ericnmu Posted October 5, 2003 Share Posted October 5, 2003 ugh... this one is a pain in the butt. I work at a college helpdesk and each student is given a laptop. So thats 12,000 laptops with kazaa, and tons of other spyware. I've seen this stupid worm more times than anyone should have to... :wacko: Link to comment Share on other sites More sharing options...
Knight' Posted October 5, 2003 Share Posted October 5, 2003 hello? anybody home? your brain left on vacation and it's plane crashed?this is trojan alters your HOSTS files, which is system-wide change. it doesn't matter browser or internet application you are using. Hello any one there? Firebird blocks pop-ups. Therefore, no trojan. :p Link to comment Share on other sites More sharing options...
vincent Posted October 5, 2003 Share Posted October 5, 2003 Only IE is vulnerable to this exploit.-gosh Doesnt surprise me there, that is why ive switched to Firebird. Link to comment Share on other sites More sharing options...
Knight' Posted October 5, 2003 Share Posted October 5, 2003 what's the ip of the originating trojan? I want to block it with my router. 207.44.220.30 Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted October 5, 2003 MVC Share Posted October 5, 2003 How did u find that out ? is there a command for command prompt so i can flush my DNS cache ? Link to comment Share on other sites More sharing options...
Oblivion Posted October 5, 2003 Share Posted October 5, 2003 i guess if u have a totally updated antiviral application then we shouldnt face this problem right ?? Link to comment Share on other sites More sharing options...
Dessimat0r Posted October 5, 2003 Share Posted October 5, 2003 ipconfig /flushdns Link to comment Share on other sites More sharing options...
Knight' Posted October 5, 2003 Share Posted October 5, 2003 I just saw that IP on http://vil.nai.com/vil/content/v_100719.htm there's also some DNS changes... Link to comment Share on other sites More sharing options...
MxxCon Posted October 6, 2003 Share Posted October 6, 2003 hello? anybody home? your brain left on vacation and it's plane crashed?this is trojan alters your HOSTS files, which is system-wide change. it doesn't matter browser or internet application you are using. Hello any one there? Firebird blocks pop-ups. Therefore, no trojan. :p it doesn't matter if firebird has popup blocker. since people get infected not from popup. and if system is infected, those dns changes affect EVERYTHING on your computer that uses host lookup. Link to comment Share on other sites More sharing options...
oo420oo Posted October 7, 2003 Share Posted October 7, 2003 Hi all, I work for Comcast and I have seen so many people infected with this trojan. It sets your dns settings to a manual setting so you cannot connect to the internet. Click Start, Control panel, Network and Internet Connections, Network Connections, Right click the Local Area Connection you are using and select properties. In Local Area Connection Properties, Pull the General tab forward. Highlight Internet Protocol (TCP/IP) Click the Properties button On Internet Protocol (TCP/IP) Properties: Select Obtain an IP address automatically Select Obtain DNS server address automatically <<<this is what qhosts-1 alters on win xp and 2000 machines Now click ok, you should be able to access the net. Be sure to update your norton or mcafee asap. Hope this helps. Peace out. oo420oo Link to comment Share on other sites More sharing options...
killer2239 Posted October 7, 2003 Share Posted October 7, 2003 Waaaahhhhhoooooo im glad i came here when i did. I saw something about google in latest posts. Iv been so fustrated for the past 4 days cause of no google or any search engine. I thought my computer hated me. Thanks for your alls help. Btw, im new to the boards but not the site. Link to comment Share on other sites More sharing options...
FatCat Posted October 7, 2003 Share Posted October 7, 2003 hello? anybody home? your brain left on vacation and it's plane crashed?this is trojan alters your HOSTS files, which is system-wide change. it doesn't matter browser or internet application you are using. Hello any one there? Firebird blocks pop-ups. Therefore, no trojan. :p it doesn't matter if firebird has popup blocker. since people get infected not from popup. and if system is infected, those dns changes affect EVERYTHING on your computer that uses host lookup. Who do you work for dude, you know everything d@mn.. Link to comment Share on other sites More sharing options...
dewy Posted October 7, 2003 Share Posted October 7, 2003 Firebird is my saviour I hate IE and never use it so i don't even have to go to windows Update cause all the thins there r just IE exploits :p Link to comment Share on other sites More sharing options...
AshMan Posted October 7, 2003 Share Posted October 7, 2003 How can they do that? Is it via a VB script or JavaSctipt or something? I also have a mac, is that affected? Link to comment Share on other sites More sharing options...
MxxCon Posted October 7, 2003 Share Posted October 7, 2003 How can they do that? Is it via a VB script or JavaSctipt or something? I also have a mac, is that affected? Internet Explorer Object Data Remote Execution vulnerability this allows for the automatic execution of VBScript contained in an HTML file (x.hta) Microsoft has released a cumulative patch for this vulnerability, available at http://www.microsoft.com/technet/treeview/...in/MS03-040.asp MS03-032 patch does not protect against this attack vector. MS03-040 linked above is required. Link to comment Share on other sites More sharing options...
Recommended Posts