RE: [Full-Disclosure] Mystery DNS Changes

["Dowling, Gabrielle" <dowlingg@sullcrom.com>]

I haven't seen anything that indicates the hosts file and registry files have 
changed from those originally described.  Aolfix will be gone when you look 
since it deletes itself after doing the other changed.

Some of the registry keys that were discussed on this list previously are guids 
for nics that would of course vary.  Symantec has full info, and also a removal 
tool that will at least help with the registy entries.

This self removal aspect of qhostsis rather a nasty, and should be noted.  We 
had one av workstation detection today due to the temporary internet files 
haing an affected hta file, but given that we clear those on restart and that 
the exeutable deletes itself, av is probably of no help for already affectewd 
boxes, so we'll have to implement other things to check that.

G  

 -----Original Message-----
From:   Mike O'Connor
Sent:   Fri Oct 03 20:14:48 2003
To:     full-disclosure@lists.netsys.com
Subject:        RE: [Full-Disclosure] Mystery DNS Changes

I have the described behaviour when visiting google.com, but have
neither the aolfix.exe nor registry entries, on my XP box.  Where would
one find the registry entry for the current DNS(s)?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the 
intended recipient, please delete the e-mail and notify us 
immediately. 
***********************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html