Friend needs help... Hacked?

[jch216]

This is what he wrote to me:

Quote:

This is what I got when I tried to go to google...

"If you see this page your hosts file has been hacked. Please use the instruction below to clean your
machine.

You cannot reach the site you where trying to reach without following this procedure! - Please
follow the steps provided in this document and make sure to download all patches for your computer
from the Windows Update Site which can be found here:
http://windowsupdate.microsoft.com"

1. Start regedit,
find HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All Users\Start Menu\Programs
Startup

3. Clear your 'hosts' file.
How to edit your hosts file: locate it first, either by browsing to the directory (as shown above)
or by hitting "Start - Search - select all files and folders - type in 'hosts' (without the
quotation marks) and hit search. When the file is found, click with your right mouse button on the
file and select 'Open With...' This will bring up a list of programs to edit the file with. Select
Notepad from that list and click OK. - Remove all lines from the file and type in: 127.0.0.1
localhost. Now close the file and save your changes.
For Windows 95/98/Millenium machines: Locate
the file hosts in your C:\Windows directory. Just delete it or edit it with a text editor like
notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows 2000 machines:
Locate the file hosts in your C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it
with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
For
Windows XP machines: Locate the file hosts in your C:\Windows\System32\Drivers\Etc directory. Just
delete it or edit it with a text editor like notepad and make sure there is only one line there:
127
0.0.1 localhost

Is this bogus or should he worry?

[muno]

The step 3 is only necessary step if your hosts file has been modified.

Don't do 1 and 2.

[Siliconjunkie]

Well, the going to Windowsupdate part at the top is a good idea too.

[consumertalks]

This happned to me.. AdAware and SpyBot couldn't find the problem. I don't know how you can see the page if you can't see it (yeah, read that again ) but it's weird. I followed the directions and it fixed it.

Very weird. Anyone know how this actually happens?