From: "Glenn Meadows" 

Go to www.majorgeeks.com, and search their support forums for
"Inhoster", or Wareout.  You'll get links to several threads
detailing the types of problems, and the effective removal instructions.

They have a page of things to do first, before asking for help.  Tools to
download, reports to run before asking for specific help.  It moves the
help along much faster, and from threads I've read, they won't help, till
you've done the initial steps.

http://forums.majorgeeks.com/archive/index.pho/t-87814.html is one thread.


--

Glenn M.
"Gary Britt"  wrote in message
news:44a1614f{at}w3.nls.net...
> Got a link for the MajorGeek info you found?
>
> Gary
>
> "Glenn Meadows"  wrote in message
> news:44a050a3$1{at}w3.nls.net...
>> The local DHCP server normally sets them, but this exploit changes the
>> setting in TCPIP from "Automatic" to Manual, and plugs
in two dns servers
>> that when I did a trackdown on them, showed up as part of Inhoster in the
>> Ukraine.
>>
>> Then, we watched carefully, and when he clicked on a link in Google, he
>> was redirected to a different address in the same subnet.  That's when we
>> discovered that his DNS servers had change entries.
>>
>> Googled that whole browser hijack to that address, and got some threads
>> at MajorGeeks that pointed me to the way to detect/remove it.
>>
>> I'm impressed with what they have to offer at Majorgeeks.com, but then,
>> I'm easily amused...HAHAHAHAHA.
>> --
>>
>> Glenn M.
>> "Gary Britt"  wrote in message
>> news:44a04e58{at}w3.nls.net...
>>>I thought the router set the DNS servers to be used and not something on
>>>the local machine?
>>>
>>> Gary
>>>
>>> "Glenn Meadows"  wrote in message
>>> news:44a03ee4$1{at}w3.nls.net...
>>>> Found an attack that I've not been able to have any
virus/spyware scan
>>>> detect, Wareout.  It re-directs web searches through a set of dns
>>>> servers in the Ukraine.
>>>>
>>>> The boss's laptop was doing that, and also, it manually
changed his DNS
>>>> servers to 85.245.x.x, which started to restrict his access to some
>>>> other corporate B to B sites.
>>>>
>>>> Took some time to find the source of the problem, but the info at
>>>> Majorgeeks.com allowed me to clean the laptop in about 45 minutes.
>>>>
>>>> --
>>>>
>>>> Glenn M.
>>>>
>>>
>>>
>>
>>
>
>

--- BBBS/NT v4.01 Flag-5