Virus that alters hosts file?

[911paramedic]

My dad called earlier today after not being able to access google. It said something about that being blocked, blah, blah, blah...

I had him look at his hosts file and it was full of blocked IPs. (redirected him to some page that said he was not allowed to access google) He ran spybot and ad-aware which removed dozens of registry keys and entries, lol.

Is this a virus or some other problem? (windows xp btw)

Edit: LOL, I called it the localhost folder, what a noob. (it's late and I'm tired)

Thanks for pointing that out guyver

 

[rpc64]

My dad got this as well. I deleted the stuff out of the hosts file and used spybot to lock it down, but spybot and ad aware cound't find anything on the computer....

 

[Cal166]

Originally posted by: 911paramedic
My dad called earlier today after not being able to access google. It said something about that being blocked, blah, blah, blah...

I had him look at his localhost file and it was full of blocked IPs. (redirected him to some page that said he was not allowed to access google) He ran spybot and ad-aware which removed dozens of registry keys and entries, lol.

Is this a virus or some other problem? (windows xp btw)

I think you already answered the question.

 

[guyver01]

he probably installed Kazaa lite... it adds an IP blocker.


and it doesn't alter localhost... it changes the hosts file

 

[911paramedic]

Originally posted by: guyver01
he probably installed Kazaa lite... it adds an IP blocker.


and it doesn't alter localhost... it changes the hosts file

I seriously doubt my dad installed kazaa, lol.

We ran all the cleaners but he still has the problem, heck we even tried to restore it to a month ago with no luck. As you all know trying to figure out how to clean something like this over the phone is not easy.

 

[911paramedic]

Hmmm, looks like it might be the forten or fortnight virus after doing a bit more research.

We will see tomorrow after he installs Norton and does a scan of his system.