• 0

"Google" Trojan


Question

Booyah!

This pest spreads through pop-up ads.

Good reason to get a browser with "Do not open unrequested pop-ups" feature.

Or do some hosts file blocking.

Updated story here-

Manual instructions at bottom of this page-

http://vil.nai.com/vil/content/v_100719.htm

Edited by Booyah!
Link to post
Share on other sites

20 answers to this question

Recommended Posts

  • 0
HellBender

Or use firebird :D

Link to post
Share on other sites
  • 0
mlerner

what's the ip of the originating trojan? I want to block it with my router.

Link to post
Share on other sites
  • 0
MxxCon
Or use firebird :D

hello? anybody home? your brain left on vacation and it's plane crashed?

this is trojan alters your HOSTS files, which is system-wide change. it doesn't matter browser or internet application you are using.

Link to post
Share on other sites
  • 0
gosh

It modifies your registry too smart ass. Only IE is vulnerable to this exploit.

-gosh

Link to post
Share on other sites
  • 0
+John Teacake

Theres a removal tool out written by symantec on there website. Or i have added a link in this post 2 it for u all.

Edited by Sawyer12
Link to post
Share on other sites
  • 0
ericnmu

ugh... this one is a pain in the butt.

I work at a college helpdesk and each student is given a laptop. So thats 12,000 laptops with kazaa, and tons of other spyware. I've seen this stupid worm more times than anyone should have to...

:wacko:

Link to post
Share on other sites
  • 0
Knight'
hello? anybody home? your brain left on vacation and it's plane crashed?

this is trojan alters your HOSTS files, which is system-wide change. it doesn't matter browser or internet application you are using.

Hello any one there?

Firebird blocks pop-ups. Therefore, no trojan. :p

Link to post
Share on other sites
  • 0
vincent
Only IE is vulnerable to this exploit.

-gosh

Doesnt surprise me there, that is why ive switched to Firebird.

Link to post
Share on other sites
  • 0
Knight'
what's the ip of the originating trojan? I want to block it with my router.

207.44.220.30

Link to post
Share on other sites
  • 0
+John Teacake

How did u find that out ? is there a command for command prompt so i can flush my DNS cache ?

Link to post
Share on other sites
  • 0
Oblivion

i guess if u have a totally updated antiviral application then we shouldnt face this problem right ??

Link to post
Share on other sites
  • 0
Dessimat0r

ipconfig /flushdns

Link to post
Share on other sites
  • 0
MxxCon
hello? anybody home? your brain left on vacation and it's plane crashed?

this is trojan alters your HOSTS files, which is system-wide change. it doesn't matter browser or internet application you are using.

Hello any one there?

Firebird blocks pop-ups. Therefore, no trojan. :p

it doesn't matter if firebird has popup blocker.

since people get infected not from popup.

and if system is infected, those dns changes affect EVERYTHING on your computer that uses host lookup.

Link to post
Share on other sites
  • 0
oo420oo

Hi all,

I work for Comcast and I have seen so many people infected with this trojan.

It sets your dns settings to a manual setting so you cannot connect to the internet.

Click Start, Control panel, Network and Internet Connections, Network Connections,

Right click the Local Area Connection you are using and select properties.

In Local Area Connection Properties,

Pull the General tab forward.

Highlight Internet Protocol (TCP/IP)

Click the Properties button

On Internet Protocol (TCP/IP) Properties:

Select Obtain an IP address automatically

Select Obtain DNS server address automatically <<<this is what qhosts-1 alters on win xp and 2000 machines

Now click ok, you should be able to access the net. Be sure to update your norton or mcafee asap.

Hope this helps.

Peace out.

oo420oo

Link to post
Share on other sites
  • 0
killer2239

Waaaahhhhhoooooo im glad i came here when i did. I saw something about google in latest posts. Iv been so fustrated for the past 4 days cause of no google or any search engine. I thought my computer hated me. Thanks for your alls help. Btw, im new to the boards but not the site.

Link to post
Share on other sites
  • 0
FatCat
hello? anybody home? your brain left on vacation and it's plane crashed?

this is trojan alters your HOSTS files, which is system-wide change. it doesn't matter browser or internet application you are using.

Hello any one there?

Firebird blocks pop-ups. Therefore, no trojan. :p

it doesn't matter if firebird has popup blocker.

since people get infected not from popup.

and if system is infected, those dns changes affect EVERYTHING on your computer that uses host lookup.

Who do you work for dude, you know everything d@mn..

Link to post
Share on other sites
  • 0
dewy

Firebird is my saviour I hate IE and never use it so i don't even have to go to windows Update cause all the thins there r just IE exploits :p

Link to post
Share on other sites
  • 0
AshMan

How can they do that? Is it via a VB script or JavaSctipt or something? I also have a mac, is that affected?

Link to post
Share on other sites
  • 0
MxxCon
How can they do that? Is it via a VB script or JavaSctipt or something? I also have a mac, is that affected?

Internet Explorer Object Data Remote Execution vulnerability

this allows for the automatic execution of VBScript contained in an HTML file (x.hta)

Microsoft has released a cumulative patch for this vulnerability, available at http://www.microsoft.com/technet/treeview/...in/MS03-040.asp

MS03-032 patch does not protect against this attack vector. MS03-040 linked above is required.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.