[clue-tech] Firefox hijacked

[David Guntner]

David L. Willson wrote:
> I have a user (a Windows user, but his browser is Free, so I'm asking
> here) who, after a bout with Antivirus 2009,

That one sure seems to be making the rounds lately...

> can no longer reach certain web sites, like "www.virustotal.com" and
> "www.drudgereport.com".  The browser takes him to an ineffective
> portal page instead.
> 
> I don't even know where to start with Googling this...  The point is
> to return the browser to normal operation, of course.  Any ideas
> where to start looking?

Three places I can think of where he should look.  If he's using a
router that doesn't have an adminstrator password set to something
different than the default value for that router, check there to see if
the DNS settings have been changed.  In Windows, check the TCP/IP
properties (under network) to see if the DNS settings have been changed
there.  And lastly, search the system for a file named "hosts" (in XP
Pro, it would be under C:\windows\system32\drivers\etc) to see what
entries are there.  If you see listings for sites such as
www.virustotal.com and so on, you've found your hijack - take all those
extra entries out, since they're pointing you to the IP addresses where
the virus author wants you to go.

HTH, & good luck!

             --Dave


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://cluedenver.org/pipermail/clue-tech/attachments/20081124/fd9eff21/signature-0001.bin