My father called me today desperate for help on his dell laptop. He’s running windows xp home and has been complaining that when he clicks on links in his browser they take him to random sites. He deleted firefox thinking it was just that application that was affected, and that he could get to the site and redownload firefox in ie, but the download button was not there. he can’t download any anitvirus, anti-malware, hijack cleaners, and he can’t defrag! when he talked to the troubleshooters on the phone at shaw and dell today, they had him delete all of his software before they realized he couldn’t reacquire it. now he has no antivirus/spyware stuff, can’t download it, and it actually won’t read off of a disk when i burned it on my computer and tried to install it that way on his.
sounds like a file redirector
can he look in his HOSTS file and see if there are a lot or redirects there
create a new hosts file
he can rename his hosts file to hosts.bak
easiest way is to saveas hosts.bak then remove all entries from the hosts file
incidentally it is just plain hosts no hosts.txt or hosts.doc
create it with notepad if you have to use another editor you have to RENAME from Hosts.watever to just plain Hosts
include only this line of txt in the new hosts file
127.0.0.1 localhost
another thing you can do is download (on another computer)
DrWEBCUREIT
and
A-Squared - find the usb version on their website
to a usb pen drive
and run from there
let’s not get into what a hosts file is
you can read up on it later but it comes with all os
you can SEARCH for it and open it with notepad
if it is too big to open with notepad then save as a txt file then RENAME without the .txt after you save
it is in different places with various operating systems
the string I posted last time identifies the local host and the 127 is YOUR COMPUTER
so when something looks for localhost it goes to YOUR COMPUTER
now if we put a baddie in the host file
say
127.0.0 COOLWEBSEARCH
if someone was to try and go on the internet to Coolwebsearch host would say IT’s on YOUR COMPUTER
and of course IT’s NOT so you would get a SITE NOT FOUND Message and would not get a bunch of crap from COOLWEBSEARCH
conversly if some bad stuff were to insert
127.0.0 www,avast.com you would get an error going to avast
and/or
if they put in
123.007.776 www.avast.com
then avast would Be REDIRECTED to that address - which could be a look alike site
I think you can see the problem if your bank were redirected to a pishing site etc
there are other things that could cause dad’s problem but this is the most common and the others are even worse
when doing the search see if something has made a backup of dad’s hosts file
like hosts.bak or whatever
look at it
if it looks ok rename his hosts to hosts.bad and rename the backup to just plain hosts
Damn
could you PM DavidR and have him look at this thread
just click on his name from one of his posts
Incidentally you are doing all the right things and we will say nice things to your Dad
when the fire is out we’ll get you protected to minimize the chance of this happening again
so stay tuned
David (and other users) don’t answer by PM what should be addressed in forums.
Alerting won’t make me giving priority… we give the help we could, when we could, in the sequence we think is appropriate… but we do the best we can, don’t you think?
You have obviously crossed that barrier and found the HOSTS file/s (there should only be one though, this is the one that should be in use C:\WINDOWS\system32\drivers\etc\hosts here is some more information about it. http://en.wikipedia.org/wiki/Hosts_file
Copy and Paste the HOSTS file contents into a post.
TECH
I think you are correct
the answer should be in the post
I did not think that you and DavidR were following this post and the area mentioned is something I am not familiar with and I think DavidR just delt wit it in another thread
so I just asked to take a peek at it
thanks