Gereetings everybody,
I'm reading this article:
http://www.daniweb.com/blogs/entry1911.html
I must admit I cannot understand how this is possible? Is this problem affects only users computers or Google web site.
"acts by modifying the infected computers' Hosts file " Where is that hosts file? is it on my computer?
If my computer is clean, is it still possible to see hijacked google advertis. on some web pages?

Recommended Answers

All 5 Replies

very simple. the virus puts a spoofed IP address in the hosts file, the basic internal DNS for every PC (c:\windows\system32\drivers\etc\hosts)
and when your browser is supposed to show a banner from googlesyndication.com it gets the wrong IP address because it is altered in the hosts file.

if you don't know what a hosts file is, of course you wouldn't understand the threat. it is very primitive, so no worries, just have a look into that hosts file and see if you have a record for googlesyndication.com in there

The Hosts file is on your pc. It has no file extension. Can be found (on XP) here; C:\WINDOWS\system32\drivers\etc\HOSTS

I only have entry for localhost, so my computer is clean, I suppose.
Thank you for your help.

What if you LOCKED your host file and UNCHECKED "Archive",wouldnt this make it harder to alter that file?? (I have always wondered this)

not really. remove permissions - yeah, that's the way linux works

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.