From: "Gary Britt" 

Got a link for the MajorGeek info you found?

Gary

"Glenn Meadows"  wrote in message
news:44a050a3$1{at}w3.nls.net...
> The local DHCP server normally sets them, but this exploit changes the
> setting in TCPIP from "Automatic" to Manual, and plugs in
two dns servers
> that when I did a trackdown on them, showed up as part of Inhoster in the
> Ukraine.
>
> Then, we watched carefully, and when he clicked on a link in Google, he
> was redirected to a different address in the same subnet.  That's when we
> discovered that his DNS servers had change entries.
>
> Googled that whole browser hijack to that address, and got some threads at
> MajorGeeks that pointed me to the way to detect/remove it.
>
> I'm impressed with what they have to offer at Majorgeeks.com, but then,
> I'm easily amused...HAHAHAHAHA.
> --
>
> Glenn M.
> "Gary Britt"  wrote in message
news:44a04e58{at}w3.nls.net...
>>I thought the router set the DNS servers to be used and not something on
>>the local machine?
>>
>> Gary
>>
>> "Glenn Meadows"  wrote in message
>> news:44a03ee4$1{at}w3.nls.net...
>>> Found an attack that I've not been able to have any virus/spyware scan
>>> detect, Wareout.  It re-directs web searches through a set of dns
>>> servers in the Ukraine.
>>>
>>> The boss's laptop was doing that, and also, it manually changed his DNS
>>> servers to 85.245.x.x, which started to restrict his access to some
>>> other corporate B to B sites.
>>>
>>> Took some time to find the source of the problem, but the info at
>>> Majorgeeks.com allowed me to clean the laptop in about 45 minutes.
>>>
>>> --
>>>
>>> Glenn M.
>>>
>>
>>
>
>

--- BBBS/NT v4.01 Flag-5