Setting hosts to bogus/erroneous address is one way that anti add/popup
work. Some of these, when installed, also install a integration plugin to
allow a user to select an add and instruct the program to effectively
"blackhole" the given website. Does that user have such a program
installed ? (as a side note, most of those will leave their "custom host
file" in there, even after uninstall...)
---
Nothing is foolproof to a sufficiantly talented fool...
oo
,(..)\
~~
On 2 Apr 2002, David Tan wrote:
>
>
> I have a client machine running Windows 2000
> Professional. All of a sudden, one day, the user was
> unable to access several of the most popular
> websites (i.e. google, yahoo, cnn, etc.). I noticed that
> the machine was attempting to access the wrong IP
> address for all the websites, in fact, it was attempting
> to access the SAME IP address for every website in
> the group. After some research, I found there was a
> Hosts file with all the domains in question listed, and
> the erroneous IP address. Has anyone ever come
> accross an incident where a virus or trojan would
> place a Hosts file onto a system. I have thoroughly
> scanned the machine for viruses, open ports, etc.
> and found nothing. Is there anything else I should be
> on the lookout for?
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Apr 02 2002
Intro
