I originally found this forum via Google... Not Google.com actually. But Google in the west indies - The British Territory of Montserrat. http://www.google.ms/ The search which homed me in on some of the solutions were "CPanel Google" I think I've narrowed down the whole Google / CPanel thing. As for the perps. I can't be sure so-far so I'm hoping others might be able to help narrow it down further if they so choose. I decided to do a search on my computer for the hosts file... And find out exactly what program did what on my PC at that time... I run WindowsME. I ofcourse searched for "hosts" Looking at the properties on it. It states it was modified at 10:08PM of October 1st. 2003. So I decided. This is kinda simple just look up what was Modified on my computer for that date of October the 1st @ 10:08pm.. As the next- search I did: *.* (e.g. anything and everything) Search Options For files "Modified On" Between date: 10/1/2003 - 10/1/2003. And once the search was complete, I right clicked the mouse- and told the window to show everything "By Date" So now everything is in-order by time... Next, simply look for files on my computer changed at or around 10:08PM... It ofcourse showed up a few bookmarks... Bookmarks and files I have for 10:08 (bookmark) FortuneCity.com (bookmark) Live365.com (file) C:\windows\hosts (file) C:\Windows\help\hosts (bookmark) "Banners2" FortuneCity.com (bookmark) AddynMix -- I tried http://www.addynamix.com/ and sure-enough it's a marketing company. -- Motto "Break The Limits." Also, here's exactly what my Hosts file reads... Luckally they forgot about Google in the Montserrat, West Indies... http://www.google.ms/ It's great to be a small forgotten region!!! :-) 88.88.88.88 elite 207.44.220.30 www.google.akadns.net 207.44.220.30 www.google.com 207.44.220.30 google.com 207.44.220.30 www.altavista.com 207.44.220.30 altavista.com 207.44.220.30 search.yahoo.com 207.44.220.30 uk.search.yahoo.com 207.44.220.30 ca.search.yahoo.com 207.44.220.30 jp.search.yahoo.com 207.44.220.30 au.search.yahoo.com 207.44.220.30 de.search.yahoo.com 207.44.220.30 search.yahoo.co.jp 207.44.220.30 www.lycos.de 207.44.220.30 www.lycos.ca 207.44.220.30 www.lycos.jp 207.44.220.30 www.lycos.co.jp 207.44.220.30 alltheweb.com 207.44.220.30 web.ask.com 207.44.220.30 ask.com 207.44.220.30 www.ask.com 207.44.220.30 www.teoma.com 207.44.220.30 search.aol.com 207.44.220.30 www.looksmart.com 207.44.220.30 auto.search.msn.com 207.44.220.30 search.msn.com 207.44.220.30 ca.search.msn.com 207.44.220.30 fr.ca.search.msn.com 207.44.220.30 search.fr.msn.be 207.44.220.30 search.fr.msn.ch 207.44.220.30 search.latam.yupimsn.com 207.44.220.30 search.msn.at 207.44.220.30 search.msn.be 207.44.220.30 search.msn.ch 207.44.220.30 search.msn.co.in 207.44.220.30 search.msn.co.jp 207.44.220.30 search.msn.co.kr 207.44.220.30 search.msn.com.br 207.44.220.30 search.msn.com.hk 207.44.220.30 search.msn.com.my 207.44.220.30 search.msn.com.sg 207.44.220.30 search.msn.com.tw 207.44.220.30 search.msn.co.za 207.44.220.30 search.msn.de 207.44.220.30 search.msn.dk 207.44.220.30 search.msn.es 207.44.220.30 search.msn.fi 207.44.220.30 search.msn.fr 207.44.220.30 search.msn.it 207.44.220.30 search.msn.nl 207.44.220.30 search.msn.no 207.44.220.30 search.msn.se 207.44.220.30 search.ninemsn.com.au 207.44.220.30 search.t1msn.com.mx 207.44.220.30 search.xtramsn.co.nz 207.44.220.30 search.yupimsn.com 207.44.220.30 uk.search.msn.com 207.44.220.30 search.lycos.com 207.44.220.30 www.lycos.com 207.44.220.30 www.google.ca 207.44.220.30 google.ca 207.44.220.30 www.google.uk 207.44.220.30 www.google.co.uk 207.44.220.30 www.google.com.au 207.44.220.30 www.google.co.jp 207.44.220.30 www.google.jp 207.44.220.30 www.google.at 207.44.220.30 www.google.be 207.44.220.30 www.google.ch 207.44.220.30 www.google.de 207.44.220.30 www.google.se 207.44.220.30 www.google.dk 207.44.220.30 www.google.fi 207.44.220.30 www.google.fr 207.44.220.30 www.google.com.gr 207.44.220.30 www.google.com.hk 207.44.220.30 www.google.ie 207.44.220.30 www.google.co.il 207.44.220.30 www.google.it 207.44.220.30 www.google.co.kr 207.44.220.30 www.google.com.mx 207.44.220.30 www.google.nl 207.44.220.30 www.google.co.nz 207.44.220.30 www.google.pl 207.44.220.30 www.google.pt 207.44.220.30 www.google.com.ru 207.44.220.30 www.google.com.sg 207.44.220.30 www.google.co.th 207.44.220.30 www.google.com.tr 207.44.220.30 www.google.com.tw 207.44.220.30 go.google.com 207.44.220.30 google.at 207.44.220.30 google.be 207.44.220.30 google.de 207.44.220.30 google.dk 207.44.220.30 google.fi 207.44.220.30 google.fr 207.44.220.30 google.com.hk 207.44.220.30 google.ie 207.44.220.30 google.co.il 207.44.220.30 google.it 207.44.220.30 google.co.kr 207.44.220.30 google.com.mx 207.44.220.30 google.nl 207.44.220.30 google.co.nz 207.44.220.30 google.pl 207.44.220.30 google.com.ru 207.44.220.30 google.com.sg 207.44.220.30 www.hotbot.com 207.44.220.30 hotbot.com I think I've got them nailed. Unless this virus or webpage exploit started at an earlier time and just did it's work @ 10:08pm?

If you set the Hosts to Read Only, it should hamper anything trying to change it in the future. BTW, greetings from "Mother", how's the weather out there? ;)

Thanks... I'll most certainly set it to read only... I needn't have this happen every month via new and different exploits. :-)) By "Mother" I'm assuming you're meaning the Britain?? I'm actually not from Montserrat actually. Haven't even been there. I'm from Barbados actually which is just a smidge further south. We're just next door. Barbados is nice... Prince Edward of Essex just came down here a couple of days ago. ,-) Perhaps he thought Tony Blair had one-up on him, since Blair stayed here for most of August. Just a little joke. But, when I heard Blair was coming I thought it could be another invasion. Brits. are taking over! ,-) *grin*

SO....what am i meant to do with the file-hosts? delete it? i set it to read only and i still cant access google.! this is a very annouying host!Thanks for your help so far but how to i finish it off!please help!lol

Ok, I personally hate when these things aren't finished off, so, even though everyone involved in this conversation probably already knows this: It's a virus called qhosts, Symantec has this link for information about it: http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html and that page also has a link to a handy little tool that gets rid of it.