Member Avatar for Micko

Gereetings everybody,
I'm reading this article:
http://www.daniweb.com/blogs/entry1911.html
I must admit I cannot understand how this is possible? Is this problem affects only users computers or Google web site.
"acts by modifying the infected computers' Hosts file " Where is that hosts file? is it on my computer?
If my computer is clean, is it still possible to see hijacked google advertis. on some web pages?

  • 4 Contributors
  • 5 Replies
  • 149 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by DimaYasny

Recommended Answers

All 5 Replies

Member Avatar for DimaYasny

very simple. the virus puts a spoofed IP address in the hosts file, the basic internal DNS for every PC (c:\windows\system32\drivers\etc\hosts)
and when your browser is supposed to show a banner from googlesyndication.com it gets the wrong IP address because it is altered in the hosts file.

if you don't know what a hosts file is, of course you wouldn't understand the threat. it is very primitive, so no worries, just have a look into that hosts file and see if you have a record for googlesyndication.com in there

Member Avatar for crunchie

The Hosts file is on your pc. It has no file extension. Can be found (on XP) here; C:\WINDOWS\system32\drivers\etc\HOSTS

Member Avatar for Micko

I only have entry for localhost, so my computer is clean, I suppose.
Thank you for your help.

Member Avatar for The Dude

What if you LOCKED your host file and UNCHECKED "Archive",wouldnt this make it harder to alter that file?? (I have always wondered this)

Member Avatar for DimaYasny

not really. remove permissions - yeah, that's the way linux works

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.