Computer Support Forum

Host file has strange characters. I can't add a host entry?

Question: Host file has strange characters. I can't add a host entry?

I was trying to enter a new host file on one of our remote user?s laptop and when I went to open the file it showed a bunch of Chinese symbols and wouldn?t let me do anything with it? I tried deleting it and then tried to build a new host file from scratch and the same thing happened??? I?ve never seen this before. Any suggestions?

More replies
Relevance 100%
Preferred Solution: Host file has strange characters. I can't add a host entry?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 118.03%

I was trying to enter a new host file on one of our remote user?s laptop and when I went to open the file it showed a bunch of Chinese symbols and wouldn?t let me do anything with it? I tried deleting it and then tried to build a new host file from scratch and the same thing happened??? I?ve never seen this before. Any suggestions?

More replies
Relevance 87%

Recently saw a peculiar entry in the hosts file:

::1
Any clue what that means?
 

Answer:strange host file entry

That's localhost (127.0.0.1) in IPv6 addressing

https://en.wikipedia.org/wiki/Localhost
 

2 more replies
Relevance 104.55%

Just when you think you've seen it all, recently all the Xerox Phasers we have on the network, are going offline. When looking deeper into it, we found that there are strange characters such as what looks like a cross or weird looking plus sign showing up in the field. Does anyone have any experience with this and why it's happening? We can remove the characters, but they randomly pop up again.

More replies
Relevance 104.55%

Just when you think you've seen it all, recently all the Xerox Phasers we have on the network, are going offline. When looking deeper into it, we found that there are strange characters such as what looks like a cross or weird looking plus sign showing up in the field. Does anyone have any experience with this and why it's happening? We can remove the characters, but they randomly pop up again.

More replies
Relevance 101.27%

So the title to this pretty much explains what i'm trying to do i'm running win7 and these are the names i'm trying to add:
127.0.0.1 www.novastor.com
127.0.0.1 services.novastor.com
127.0.0.1 webservice.novastor.com

This is probably easy but i haven't ventured into this stuff yet and tell me if this is the right section for this thread i was unsure when i posted it
 

Answer:Trying to add an entry to my Host file

You need to open the file as Administrator or uncheck the 'read only' properties on the file before saving. Re check the 'read only' setting afterwards.
 

6 more replies
Relevance 100.45%

Ad-Aware 2007 scan found a Host File Entry - IP Address: 127.0.0.1 Host Name: FASTCLICK.NET. Ad-Aware is unable to remove it - how should I proceed?

Thank you all!!
kermit2
 

More replies
Relevance 99.22%

Hello

Upon running Ad-aware i notice i have a issue that i cant get rid of? I have enlcosed a screen shot on this word document. It explains what i am seeing. No matter what i do within ad-aware it wont fix it.

I dont know what it is..


Meloneyx:confused
 

Answer:redirected host file entry virus

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

11 more replies
Relevance 97.17%

I recently moved back to my apartment after going home over the holidays. My internet connection was great at home, I was able to watch streaming videos from sites such as youtube and espn. Now that I am back to my apartment my internet has been very slow, all of my roommates connections are running fine though. Streaming videos are very slow to play and only videos from youtube.com have been able to play. Streaming videos from websites such as espn.com and break.com will not play, it just says the video is buffering. I have ran all sorts of virus scans and adware scans. Something recently came up while using ad-aware 2008. I have 9critical infections under the family name of Redirected host file entry. All of the infections are from the same IP address. Whenever I click remove or even quarantine a screen pops up for about 2 tenths of a second that looks like its states: deleting files. The screen disappears and the 9infections remain. Could these infections be the problem? Is there anything else I can do? Please help

Answer:very confused! Redirected host file entry adware detected

just to add:::: I received this error message when trying to play a video a friend of mine uploaded on facebook.com

Transport error (#1001) while retrieving data from endpoint `/ajax/location_refresh.php?_ecdc=false': A network error occurred. Check that you are connected to the internet.

I also can not connect to online gaming servers such as battle.net...it gives me an error message explaining that I am unable to log on because I may not be connected to the internet, it suggest I manually connect to the internet before attempting to log in...

2 more replies
Relevance 90.2%

I am using Windows XP home edition.

I posted this in the wrong forum, a few days ago: and was advised to post it here,
with a new hjt log. They did say that I had more serious problems than just my host file needing to be restored. They also said that there didn't seem to be a firewall. How can I find out if I'm using Window's firewall?

Arovax Shield popped up a message: "Warning: Your Windows host file was hijacked. It is recommended to restore host file."

1. Now I can't use my anti-virus program, because it stalls (freezes) before it finishes.

2. I can't use Panda or any other on-line scanner, because it too freezes before it can
finish.

3. I can't shutdown my computer - not even cold boot! I have to completely unplug it!

4. I can't do a system restore, to a previous date. (I've tried several previous dates).

I have no idea how to restore the host file, and I have no idea how it was hijacked.

Here is my new HJT log: (I hope it will be of some help)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:56 PM, on 12/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwi... Read more

Answer:Solved: "Your Windows host file was hijacked. It is recommended to restore host file."

8 more replies
Relevance 90.2%

 Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
# localhost name resolution is handled within DNS itself.
#       127.0.0.1       localhost
#       ::1             localhost

More replies
Relevance 89.79%

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 5:38:05 PM, on 27/06/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Dell 968 AIO Printer\memcard.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exeC:\Program Files (x86)\AVG\AVG9\avgtray.exeC:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Windows\Dell\PanelMgr\SSMMgr.exeC:\Windows\twain_32\Dell\DELL2145\Scan2Pc.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\SetPoint\x86\SetPoint32.exeC:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files (x86)\Lav... Read more

Answer:Computer hijacked - strange pop ups, host file access issues

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 88.56%

Thanks for your advice. I've transferred my problem to "Malware Removal & Hijack This Logs", as you suggested.

How do I delete this thread??
 

Answer:"Your Windows host file was hijacked. It is recommended to restore host file."

Try deleting or renaming the Hosts file.
It will be recreated, so no harm to try.
It's at:
C:\WINDOWS\system32\drivers\etc
It's named "HOSTS- no extension.
You can open this file with Notepad of you're curious enough to see what it says.
 

3 more replies
Relevance 84.87%

I have server 2003 with domain controller and 35 workstation with windows7 prof and windows XP prof
I want to change all workstation host entry with my above mentioned server are my workstation through in single command any bat file are any script.

please help me
 

More replies
Relevance 84.05%

we are using Cisco VPN for laptop users who travel along with Sprint Broadband wireless card.
The users are on Win XP sp2.
when users are on the road, they use sprint bb card to connect to internet, and then to cisco vpn. sometimes the sprint card loses the singal in rural areas, therefore, the cisco vpn connection fails. when the sprint card picks up a signal again, users try to authenticate to cisco vpn, but only to be asked to enter password again. no error message pops up.

after trying this for about 3times, the laptop itself shuts off and reboots. when laptop is rebooted and sprint bb card connects, in cisco vpn setting has blank host information. the only thing remain is the entry name.

has anyone seen this happened?

More replies
Relevance 84.05%

Spyware Doctor recently alerted me after a full system scan that my computer is infected with Spyware.Possible_Website_Hijack. It shows 1 threat - 2 infections, and both infections are listed as 'Bad Host Entry'. When I click the 'Fix Checked' button, Spyware Doctor just gives me a popup that says 'Some threats have not been cleaned successfully", and will not remove it. I did a full system scan with Malwarebytes as well but it did not detect the threat. It seems to only be detected by Spyware Doctors full system scan. I tried contacting PC Tools for instructions on how to remove this but, even after a few days now, I can't seem to get any response from them If anyone here can help me I would be so so grateful!!

Here is my current HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:12 PM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system... Read more

More replies
Relevance 83.23%

I am using a- squared antimalware and over the past week or so my family have been using the PC and that when a-squared came up with a warning of a potentially unsafe site they have been playing safe and clicked on ?deny?, - such that I now find that the ?Host Rules? of a-squared antimalware is full of websites and explains as to why I could not access sites that I could previously. I have removed the rules for sites that I know are OK. The question I would pose is:-Could I safely delete all of the sites contained in the ?Host Rules? safely and then expect a-squared to ask as to deny or not when attempting to access those same websites?

Answer:a squared - Host Rules - entry removals

I just deny them all when prompted so far i have not needed to go back and allow any.If you delete them all you will get more pop-ups when you go back to those sites.

4 more replies
Relevance 80.36%

For the past couple of days my laptop (ASUS X750JA with Intel Core i7 4700HQ @ 2.40 GHz + 6GB RAM, running 64-bit Windows 10) has been very sluggish, with newly opened windows often showing the 'Not Responding' message. On the Task Manager 'Performance' tab, I see my main hard drive (C partition with Windows 10 + program files; D partition with data) almost continually showing 98-100% active time - even though I'm doing little to nothing and only Google Chrome is running with a few open tabs.

On the 'Processes' tab, I see Dism Host Servicing Process and Modern Setup Host, which I don't normally see. When I manually end Modern Setup Host, hard disk activity immediately drops to, and stays at, the normal 'idling' level of 0-20%, and is mostly at 0%.

Why are these two processes running? I'm not installing anything. My laptop is effectively crippled when Modern Setup Host is doing whatever it's doing.

Please help to restore my laptop and its user to sanity. ;-)

More replies
Relevance 79.54%

IBM Connect Direct application used for Host to Host connectivity has been picked up as a Trojan Virus by some Microsoft Security Products including Defender, System Centre Endpoint Protection, System Centre Endpoint
Protection 2012 and Security Essentials.

The result is that Connect Direct is deleted by the security software.
Question: What will be the implication of excluding this from the security policy?

More replies
Relevance 77.9%

I have a local area network of four Windows 7 PCs. The PCs are named Term1, Term2, Term3 and Term4.

Term1 is the server PC.

When I map to Term1 from the other Terms(2,3 and 4) I always used the command:
Net use F: \\Term1\c /user:Admin 1234


This worked fine before; now it suddenly refuses to connect this way ? I have to replace Term1 with the actual IP address of Term1 for it to work.

I
have tried the following Admin CMD commands:


netsh
int ip reset
ipconfig
/flushdns

All of these commands make no difference; I just can't connect using the server name (Term1).

What I strangely noticed is that from any of the terminals connected to Term1 (using the IP address); if I use, for example, ping Term1,
I get an address return of 127.0.0.1.home;
this address of 127.0.0.1.home will
display if I ping to Term2, Term3 or Term4.

I cannot find any solution on the web for this strange problem.

More replies
Relevance 77.49%

I ran a small check with the "MiniToolBox," and this is what I found in the Hosts content:

54.204.28.26 imfpmncmbojnbdhnogcegojocabhpbnh. What is this, is it Ad-ware? I would appreciate it if someone could let me know. I can find it and delete it if necessary, I have no problem with that. But It just seems that it doesn't belong? I ran: Hitman Pro, Malwarebytes Pro, and Avast, but they never caught it.

MiniToolBox by Farbar Version: 18-12-2013
Ran by Dan (administrator) on 26-01-2014 at 23:34:06
Running from "C:\Users\Dan\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

54.204.28.26 imfpmncmbojnbdhnogcegojocabhpbnh
127.0.0.1 localhost
Thanks for your time.

dwdraw2

Answer:Strange looking Host found?

It seems like Adware to me. You can use SuperAntiSpyware to remove it.

9 more replies
Relevance 76.67%

My IE is freezing and I get "No Response" errors. Someone also managed to post a video on a social network site account that I never posted. It is painfully slow if it works at all. The computer is less than 3 months old. I question.....

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

AND

O1 - Hosts: ::1 localhost

I'm guessing the first one is part of my AVG program. The second one is new to me. But I also have a new PC. When I googled it I realized it could be bad, as well as the other? The whole log is below. I'm defragging and running ad aware as well which found a few items. Please let me know if I need to remove any of the below. Thanks as always!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:19 AM, on 9/26/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Cora\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Sys... Read more

Answer:New host files and strange PC behaviors?

When I try to run hijack again I got:
---------------------------
HijackThis
---------------------------
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.
---------------------------
OK
---------------------------
 

1 more replies
Relevance 75.03%

I need help, not 30 lashes with a wet noodle. I feel stupid enough already.

I think I have a failed uninstall of Norton Internet Securities 2004 and I may not have completely removed MSN 9.0 either. The machine was handed down to me from my fifteen year old daughter, who feels that it has "a bunch of Trojans".

It is a Presario S5000NX running WinXP SP2. It has two XP clients, one of which can access the internet and be seen (usually) by other machines. The 95 client can be seen by all machines but cannot see any of them. The samba (Mandrake 10.1) client can't be seen but can (usually) see the host, 95 client, and one XP client, and can access the internet. The other XP client cannot be seen or go online, but can (usually) access files from (some of) the other computers. The samba client double-boots in Win2000 and can then access the host, 95 client, and accessible XP client, but cannot be seen. The 95 client cannot access the internet.

This ethernet LAN connectivity is subject to change without notice or apparent reason.

It is currently running AVG free and Sygate free; whenever I try to install stronger security software, I lose network connectivity (which is hardly perfect in the first place) and have to run an XP system restore.

I can also scan across the network with NOD32 on a client computer. Neither it nor AVG nor Ad-Aware nor Spybot turn anything up.

Let's start with a hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 5:23:01 A... Read more

Answer:XP fileshare and ICS host with a host of problems

get the new HJT from here and repost the new log.

http://www.tomcoyote.org/hjt/
 

2 more replies
Relevance 75.03%

Whenever I start my PC, running XP, just as the desktop is loading, I get a message which tell me that new hardware has been found (I've not upgraded in any way) and that it needs the drivers for a USB Host to Host Bridge.I do have seeveral USB peripherals, however all of them are working and I have no clue as to what this is, or where I could find the drivers for it.I've look through many drivers sites like click here, however to no avail.Any ideas clever blokes and blokesses?Ta

Answer:USB Host to Host Bridge - What on EARTH is is?!

you definitely have a driver missing but why that has happened is anyones guess. I have made a change to my bios settings before and been asked to resupply many driver files.You dont say which XP you are running, but if you havnt already done so, I suggest installing the service pack because this has a lot of new drivers.

5 more replies
Relevance 75.03%

Hello,

I posted this in the Vista section as I didn't know what the problem was, but it appears it's an infection so I'm re-posting it here. I've recently been having a problem involving the Host Process on Vista Home periodically closing, the error message reading: "Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc000071b, fault offset 0x000888f5, process id 0x4c8, application start time 0x01cb470a75d7a5d5."

Also, Windows has been running notably slower since this has been occuring. I thought this might just be some wacky Windows malfunction but I also get strange pop-ups and redirections as if it were spyware or something. Hmm. Nothing comes up on a virus scan though.

Another problem tied with this is that Windows can't update or look for updates anymore. When I try to, it says "Windows could not search for new updates. Code 80072EFE". System Restore won't create new restore points either.

I did a HJT scan and a DDS scan and am posting the logs. However, I also did a GMER scan but it would crash every time it reached the "Device\HarddiskVolumeShadowCopy1" part of the scan and wouldn't finish, and even gave me a BSOD after the program closed.

HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:45:05 AM, on 8/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: In... Read more

Answer:Host process closes, strange pop-ups, Windows won't update

Bump, problem is still occuring.
 

2 more replies
Relevance 75.03%

I recently installed windows 7 x86 and when it was done I realised that my usb mouse and no other usb device would work, poking around I found out that disabling VIA USB Enhanced Host Controller in the device manager allowed USB devices to work. Also usb devices are detected as USB1.1 (USB2 options are enabled in BIOS).
Its probably a driver issue but its been hard to find the right one, maybe its just not fully supported in windows 7.

Now for the details, this motherboard I bought cheap online as a slight upgraded. It was advertised as a GA-K8 VM. Here is the CPU-Z info: http://i.imgur.com/M9jqmtX.png

Now getting this sorted out isn't that big of a issue but be nice being able to transfer thing to usb at decent speeds, and to get this issue out of my head some reason I feel like having the host controller disabled is bad.

Answer:Strange VIA USB Enhanced Host Controller problems win7

Hi Welcome to Seven Forums .. I think your Motherboard maybe to old and not supported .. But lets try finding the exact Model Number .. By doing the following at the Start type in start in the search box write in CMD right click on it and Run as Adim when the prompt open type the following ... wmic baseboard get product,Manufacturer,version

That will tell you the Manufacturer of your Motherboard and Model Number .. Then go to their webstie and download the Chipset Driver i think it will be for xp only though ...

2 more replies
Relevance 75.03%

Hello everyone,
I recently did a teamviewer session with a person. After that day, a teamviewer process would show up on my firewall as i started windows showing the name of a "macbook.XXX". I uninstalled Teamviewer but still this "MACBOOK" shows up in "windows host processes" when i start my computer. This person confirmed me he has a MacBook so I am pretty sure this is related to that teamviewer call. How do I fix this? And why does it make that connection when I start my laptop? Here is a screenshot of what happens.
 
http://imgur.com/a/lu8IE
 
 
The first in the list is the macbook i am referring to, the second in the list fully deleted is the name of my laptop.
 
what is happening?
thank you in advance for your help

More replies
Relevance 75.03%

here is the link to the Malware
hssp://malwaretips.com/threads/suspected-bundpil-worm.51185

 

Answer:Strange running hidden files on my host machine

Hello,
This looks good to me. Do you experience some issues or just wanted opinion about this?
 

3 more replies
Relevance 75.03%

Hello,

I've recently been having a problem involving the Host Process on Vista Home periodically closing, the error message reading: "Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc000071b, fault offset 0x000888f5, process id 0x4c8, application start time 0x01cb470a75d7a5d5."

Also, Windows has been running notably slower since this has been occuring. I thought this might just be some wacky Windows malfunction but I also get strange pop-ups and redirections as if it were spyware or something. Hmm. Nothing comes up on a virus scan though.

Another problem tied with this is that Windows can't update or look for updates anymore. When I try to, it says "Windows could not search for new updates. Code 80072EFE". System Restore won't create new restore points either.

I scanned and here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:45:05 AM, on 8/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.... Read more

Answer:Host process closes, strange pop-ups, Windows won't update

You need to fix:
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
for sure, I am not an expert on Hijackthis so there may be other things you need to fix, but you can try these first.
 

3 more replies
Relevance 75.03%

Hello everyone,
I recently did a teamviewer session with a person. After that day, a teamviewer process would show up on my firewall as i started windows showing the name of a "macbook.XXX". I uninstalled Teamviewer but still this "MACBOOK" shows up in "windows host processes" when i start my computer. This person confirmed me he has a MacBook so I am pretty sure this is related to that teamviewer call. How do I fix this? And why does it make that connection when I start my laptop? Here is a screenshot of what happens.
 
http://imgur.com/a/lu8IE
 
 
The first in the list is the macbook i am referring to, the second in the list fully deleted is the name of my laptop.
 
what is happening?
thank you in advance for your help

Answer:strange host service in Glassdoor firewall after TW session

I would suspect this shows as one of the exceptions added within the "Firewall" tab of Glasswire? If you never intend to use it again, you can click on the 'grey flame' icon on the left to block it, if it being there concerns you.

1 more replies
Relevance 74.62%

Multiple variations of this warning cause computer to lock up, as well as be inaccessible to Remote Desktopm

Answer:The protocol host process 1444 did not respond and is being forcibly terminated {filter host process 0}.

Can you try uninstalling the latest Windows Defender upgrade ?
Else you can try stopping the entire service itself.
 
See:
http://social.technet.microsoft.com/Forums/en-US/w7itproperf/thread/a5a10437-277a-45ec-b044-408aa37971b9 

Sumesh P - Microsoft Online Community Support

7 more replies
Relevance 74.21%

Hello,

I've recently been having a number of problems on my Vista Home laptop, especially involving the Host Process periodically closing, with the error message reading: "Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc000071b, fault offset 0x000888f5, process id 0x4c8, application start time 0x01cb470a75d7a5d5."

And at random times, svchost will use almost 100% of the CPU causing it to run very slow.

Also, Windows has been running notably slower since this has been occuring. At first I just thought this might just be some wacky Windows problem, but it's gotten much worse and I also get strange pop-ups and redirections, so I'm sure it's been infected. And Google Chrome won't even load webpages anymore.

Another problem tied with this is that Windows can't update or look for updates anymore. When I try to, it says "Windows could not search for new updates. Code 80072EFE". System Restore won't create new restore points either.

I'm posting the DDS and GMER scans, but the GMER scan would crash every time it reached the "Device\HarddiskVolumeShadowCopy1" part of the scan and wouldn't finish, and even gave me a blue screen after the program closed. So, the GMER log includes only Sections and C drive included.

Thanks for any help!
-------------------------------------------------------------------------------... Read more

Answer:Host process hogs CPU/closes, strange pop-ups, Windows won't update

Hi -

I'm not sure we'll be able to resolve all those issues, but we can take a look. Sometimes it's better to simply reinstall the Operating System. There are a couple of indicators in those logs which have me wanting to investigate a bit more. Please run this rootkit scanner.

Scan With RootKitUnHooker
Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

11 more replies
Relevance 71.75%
Question: host file

how do i get to my host file?
 

Answer:host file

%SystemRoot%\System32\Drivers\Etc\hosts

If you type:
%SystemRoot%\System32\Drivers\Etc
into your "Run" box, it will bring you right to the folder. Hosts is a hidden file, so you will need to unhide hidden files in Folder Options. Open hosts with Notepad.
 

3 more replies
Relevance 71.75%
Question: No Host File

I have no host file in C, Windows, System 32, Drivers, Etc. I have the folder set to show hidden files and folders but its still not there. Any help would be greatly appreciated. I'm using Vista.
 

Answer:No Host File

The standard hosts file only has these 2 entries (plus some comments):

127.0.0.1 localhost
::1 localhost

Create a file in Notepad or other plain text editor, and add that data into it. The IP addresses must be written all the way to the left, followed by space, then the name. Typically the space in between is a tab. Each entry must be on its own line. Name the file hosts (notice the spelling) and save it without an extension. Notepad adds the .txt extension, so remove that. Place it into the same subdirectory that you provided.

As I said above, the standard file also has comments. Would you like those as well?

The big question is: What happened to the original? Malware will often mess with it.
 

2 more replies
Relevance 71.75%

I have been having problems with web site access HTTP error 404 etc. It has been cured by firstly # out the line in the Hosts File, and if sucessful deleting the line altogether.My question is what does the host file do?What would be the effect of deleting the file altogether and letting Windows re-create.Running Windows Me

Answer:Host File - What does it do?

click here

3 more replies
Relevance 71.75%
Question: Host file help

Can anyway advise me on how to get my host file back to default or on how to remove this I see

I ran a scan with HitmanPro and it found what you see below

Host C:\Windows\system32\drivers\etc\

Host file is compromised www.google.ae#bck9 is directed to an hardcoded IP 216.239.32.20 < that leads to K9 Web Protection

So if you know of a fix can you advise thanks

P.S. I have ran Microsoft's "Fix It" tool to restore your hosts file to default. after reboot I run HitmanPro and it still shows.

thanks for the help in advance

Nigel
 

Answer:Host file help

You can use this tool : http://www.tweaking.com/content/page/repair_hosts_file.html
 

8 more replies
Relevance 71.75%
Question: Host File

I have no ideas where to put this post, not sure if here is okay, please correct me if I misplace it. I have read about the tutorial page of the host file. There are a few site that have offered good host file in details, the question is, if the information is huge I mean, if its one or two line of IPs and domain name included, we could easily know if an extra line is been added, but how when it includes a large information of IPs and domain names? How do we know our host file remain the original and the IP is not modified?Mod edit: Since the hosts file is web browser related, I've put your topic into that forum. - Platypus

Answer:Host File

How do we know our host file remain the original and the IP is not modified?This depends on the type Hosts files programs you have included - My Hosts file includes - There are 15219 more lines starting with "127.0.0.1" -I have downloaded HostsXpert / hpHosts / and another Hosts file also that cover many programs not covered by basic Hosts files.Searching for answers on these forums quite often mean you like to block many sites and extras.I also use WOT advisory program while surfing / searching on the web -You can find others and I recomend you download MVP Hosts - Read This Blocking Unwanted Connections with a Hosts File -Thank You -

5 more replies
Relevance 71.75%

I've try to get rid of "127.0.0.1 ntkrnlpa.info" from the first line of my host file by using HijackThis host file editor, but every-time I restart my computer the file changes back. I don't know what this is but it might have something to do with this http://www.bleepingcomputer.com/forums/t/256831/cant-get-rid-of-this-pesky-virus/ ... any help would be appreciated.

Answer:Changes to my host file

I see you have a HJT topic here.. http://www.bleepingcomputer.com/forums/ind...p;#entry1421194Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.To avoid confusion, I am closing this t... Read more

1 more replies
Relevance 71.75%
Question: Host file

Hi, I am trying to add the following line to my host file:

127.0.0.1 ad.doubleclick.net

This will help block popup ads. My question is my host file ends in the extensionlike this HOSTS.SAM, Is .sam a valid extension in order for my entry to work?

TIA

Answer:Host file

Please close this thread.

1 more replies
Relevance 71.75%
Question: DNS - host file

Buenas noches (Good night):

en el DNS de windows tengo lo siguiente (Into the DNS windows file I have this line):

127.0.0.1 localhost
::1 localhost

Si aumentara (if I add this line):

127.0.0.1 miequipo
::1 miequipo
al hacer ping a miequipo, deber?a resolverlo y hacer un reply?? when I do this: ping miequipo, the system in going to respont with the ipadress?
Please explain me your answer.

More replies
Relevance 71.75%
Question: Host file

Where is the Host file located in Windows 7?


Clint

Answer:Host file

It would be located at C:\Windows\System32\drivers\etc
Jerry

7 more replies
Relevance 71.75%

i want to upload a file

i know that i can upload images to picture servers like theforumisdown.com, etc

but lets say i want to host not a picture, but a file such as a video... is there a place that i can upload it to?... or do i make a site to give to people and have them download it?

you know how when you are at a website and you click a video to download or right click and save as... and the downloading screen pops up?

how do i create a link on, lets say my xanga, and then when people click on it, they download a video or a file or something?
 

Answer:how do i host a file?

There are free web hosts all over the fucking place. For example, geocities, tripod, even your isp probably gives you 10 megs or something. Just sign up for an account and upload your files. Then it is there for you or someone else to download.
 

3 more replies
Relevance 71.75%
Question: Host File

I recently noticed my host file was gone. I was wondering if there is anyway of getting it back or making a new one. I really could use the help.

Answer:Host File

Quote:





Originally Posted by killerderk


I recently noticed my host file was gone. I was wondering if there is anyway of getting it back or making a new one. I really could use the help.




You can rebuild it manually or use a pre-made HOSTS file. Read my tutorial here (it also has links for a new file).

3 more replies
Relevance 71.75%
Question: host file

could anyone please tell me how i can replace my host file as it is missing since i had my computer looked at earlier today thanks leo

Answer:host file

this is a superb hosts file manager for effortlessly swapping hosts files according to what you are doing - click here

7 more replies
Relevance 71.75%
Question: Host file changes

HI, new to this so here goes!

I am in the process of trying to clean my PC up and will be requesting help with that. But I keep getting a message from Webroot Antivirus that r7ygv.exe is trying to change the Host file. My question is should I be blocking this or not. I appear to have 3 main virus/malware and have now lost normal internet access although I can use wireless?

Thanks

Airskelcher
 

Answer:Host file changes

Hello, airskelcher





airskelcher said:





... r7ygv.exe is trying to change the Host file. My question is should I be blocking this or not.Click to expand...

I've done quite a bit of searching - this is an unknown... so Yes! and work you way through the following:

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME ) onto another PC and burn to a CD. Then copy them... Read more

3 more replies
Relevance 71.75%
Question: Host File

I'm seeing more and more software for editing your host file? Can someone explain what this is all about in simple terms

Thanks
Cowboy
 

Answer:Host File

As in what a host file is, or what? Not sure what you are asking.
 

1 more replies
Relevance 71.75%

I've always been able to update my "Host" file from time to time. C:\WINDOWS\system32\drivers\etc\HOSTS

I add something to the file bur Win7 wouldn't let me save it in the "etc" folder becase of lack of permission.

How can I override that?

Answer:Can't add new Host file

save it to Desktop first then copy it to etc that way you will be asked for permission, punch in your admin PW and Bingo

-DG

6 more replies
Relevance 71.75%
Question: Host file

I am looking to block some inappropriate sites from computer by adding them to the hosts file. A while ago I was directed (on this website) to the location:

C:\Windows\system32\drivers\etc

Here I found the host file, opened it in Notebook and made the appropriate changes.

I went back to add a website and it is not there. Does anyone know where I can find this file? All I had to do in the past was type in an IP address in the form of 192.168.2.x, where "x" goes up each time, and after saving the browser wasn't able to load the page. I cannot find that file anymore and I'm slightly beyond frustrated at this point.

Any and all suggestions are welcome.

Thanks
 

Answer:Host file

This link and more from drop down at http://winhelp2002.mvps.org/hosts.htm will help you.

You Firewall or AV or Anti-Malware or even Windows may be protecting the hosts file so it gets restored.
Get a hosts file manager. I like HostsMan and it gets updated by more then one hosts file.
Then I have my own little hosts file list saved on my PC that I added to the HostsMan list so when I update it makes a all new list each time and mine get added back from my list.

You can not edit the hosts file from a limited user account either because you need Admin rights.
HostsMan loads at start up and has limited rights. But I can close it down and use the run-as to open it with Admin rights from a limited user account and that is what I do all the time to update and edit it or to just turn it off or disable it so I can get to a site.
 

1 more replies
Relevance 71.75%
Question: host file

Host file format do not allowed the slash / format. Many unwanted website cannot be blocked due to this. Any way to
circumvent this?
One more question pls. Is it possilble to password the host file to
prevent others from modifying or accessing to it.

Thks for any help
 

Answer:host file

7 more replies
Relevance 71.75%
Question: host file

hello where is the hosts file?

Answer:host file

Hi puma2004gu The hosts file is located in C:\Windows\system32\drivers\etc under the name hosts. To open it, launch your text editor (like Notepad), with Admin Rights, and open the file from within the application.

1 more replies
Relevance 71.75%
Question: host file

Hi .i have been trying without success to block certain websites with the host file .can you help me ?
i have win 7 sony intel i3 2.40Ghz 500 Gg hd 4 gRam ddr3. thank you

Answer:host file

http://winhelp2002.mvps.org/hosts.htm

4 more replies
Relevance 71.75%
Question: Host file changes.

Does anyone know if there is there any particular malware that would want to specifically alter these three domains out of a list of thousands in the hosts file away from 127.0.0.1?

127.0.p.1 easy.adpowerzone.com
127.0.0.q secure-asia.imrworldwide.com
127.0.0n1 www.munky.com
 

Answer:Host file changes.

I would just restore your host file. Info here: http://forums.majorgeeks.com/showthread.php?t=138700

If the host file is changed again, then I would post a Hijackthis log in the Malware removal forum.
 

2 more replies
Relevance 71.75%
Question: Help,ID Host file

I found this file in C:\Windows\System32\Drivers it is a host file. Inside it's in a note pad ,,,,,, 170.0.0.1 Local host ,that's it nothing else. What is this file and what is it used for.
 

Answer:Help,ID Host file

Check out this link it may be of assistence. http://www.mvps.org/winhelp2002/hosts.htm
 

3 more replies
Relevance 71.75%

After about a week I noticed that the only automatic virus/spyware/whatever protector AVG was no longer in auto mode. So I updated it and ran it. Since it takes forever to complete, I walked away. When I came back, on my screen was an message stating that a list of 14 file names would be added to my host file. And do I want to edit it. I said ok, of course, and deleted the files that they had listed, but there were over 400 file names, most did not look like any place I would go. (if that's even why the file names are there.) It would be handy to be able to look somewhere to see what a standard host file list is, and if it holds the names of the internet sites you have, or do visit, then mine should be a lot bigger and the names should be different. Anyway, the list of names that it showed in the message were www.80-music and 80-music, 82211.net, 8866.org, www.8ad.com, there were more with (numbers).com and one had numbers with searchbox.com following, the rest were, www.abestmanage.org, aaabesthomepage.com and the last was aaasexypics.com.My operating system is (slow beyond belief) Microsoft windows XP Professional with service pack 3 and the AuthenticAMD processor. It says on the tower that it is the media center TV PC, ya right! If it is, it does not work. And I have had the media center in a computer that was not an HP, and it worked great. So I know its not that I need better reception. I am convinced that HP is in the "how to make people buy a new compute... Read more

Answer:What Should Be On The Host File?

Suggested reading:http://www.bleepingcomputer.com/tutorials/hosts-files-explained/http://www.komando.com/tips/index.aspx?id=956http://www.logicaltips.com/LPMArticle.asp?ID=506Louis

1 more replies
Relevance 71.75%
Question: Host File

I need a hand here!
Host File Values 
If my question are in the wrong place, please move it where it's suppose to be, thanks!
I keep getting directed to none http sites on both my MSA and now on my Battle.net account.
Someone suggested I should - could clean up my host file.
So I need to know how my host file are suppose to be, and make sure the new values in it are correct.
Can you guys help me out here?
Atm I'm running  W10 17025.rs_perrelease.171020-1626.
Blizzard suggest this :

Will it work on my machine, current build?
Or do I need something else?
Regards

Windows 10 Home User

More replies
Relevance 71.75%
Question: Host file

Is it best to set the properties of the host file to read only so it can't be hi jacked?

Answer:Host file

bump

3 more replies
Relevance 71.75%
Question: Ie Host File

While I'm waiting for possible answers to my other thread another question arose. I installed IE Host File as suggested in the Security Thread by dvk01 but I am getting a message that Win32/Hostblock is a virus located in C:/Windows/system32/drivers/etc/. Is this just a false alarm because I downloaded the IE Host File?

I am also getting the message something is unable to access its data dirctory. It's either invalid, unreachable or another program is accessing.

I'm sorry to be such a bother trying to figure all this out.
 

More replies
Relevance 71.75%
Question: host file

is it correct that a full or filling host file can slow down spyware /antivirus up dates, my host file windows/system32/ drivers /ect after 127.0.0.1 local host as on the next line, #start of entries inserted by spybot. as far as my best guestimate there is 6600 entries followed by # end of entries inserted by spybot. on the same page as host file 260kb i have two more host files one says host.20081011-213432backup and the other says host.20081015-211605backup but when i open the backup hosts they seem to have the same begining and ending, so my question is, can i delete any of or all of the host file after 127.0.0.1 local host and any of or all of the two backup files or will this leave me with a load of adware to contend with, advice on hosts would be gratefully received

Answer:host file

You can delete them all and run spybot and the updates and it will recreate the host file.

2 more replies
Relevance 71.75%

Hey, I've done some heavy research today about this spyware bug. Seems many people are having trouble with it recently.

In my case, I have already removed everything I can think of, and followed things such as CWShredder and LSPFix to remove some bad stuff.

I still have some kind of program on here that automatically adds the 69.20.16.183 lines into the host file. It even turns off the read only attribute to get access to the file.

I also get many pop-ups. I have a feeling they are also caused by this malware junk.

I also have some other information that may help:
1) kalvvmj32.exe was set to run on the computer at start-up as a DLL! Therefore I was unable to end it in the task manager. I started in safe mode and deleted it.

2) I can find using the 'System Information' Tool in Windows to see what DLL are loaded into memory (Loaded Modules). I always find 2 newly (as in at boot time) and wierdly named DLLs with no version or manufacturer, and are located in the %system32% folder. If I delete them in safe mode, they are recreated with new names.

3) I had some tcpip protocols on here that I removed with the LSPFix. I forget thier name, but I know they were malware, I did research on them before I deleted them.

After doing the above, the frequency of the pop-ups has reduced.

However, no matter what I do here, I get pop-ups, all from same sites. There is SOME program running on here, but I can't find it. It also intercepts my web searches I think... Read more

Answer:69.20.16.183 in Host file!

Watching stinsonj, I've noticed we seem to be having much the same problem, sooo:

I'm going to go ahead and post and try many of the things he did, mabey with 2 cases of the same thing, we can hit the nail on the head for sure!

=============================================
VX2 Finder Log
------

Files Found---

Additional Files---
C:\WINDOWS\system32\spOrder.dll

Keys Under Notify---crypt32chain
Keys Under Notify---cryptnet
Keys Under Notify---cscdll
Keys Under Notify---igfxcui
Keys Under Notify---RunOnceEx
Keys Under Notify---ScCertProp
Keys Under Notify---Schedule
Keys Under Notify---sclgntfy
Keys Under Notify---SensLogn
Keys Under Notify---termsrv
Keys Under Notify---wlballoon


Guardian Key--- is called:

User Agent String---
{A758A469-B705-43BE-A4C0-CACB9E444687}


====================================
Notify Bach File Results
====================================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=d... Read more

8 more replies
Relevance 71.75%

I sent an email to rackspace.com, the ISP of that 69.20.16.183. This is the response I got back from them :

Recently you requested personal assistance from our on-line support
center. Below is a summary of your request and our response.

If we do not hear from you within 48 hours we will assume your issue
has been resolved.

Thank you for allowing us to be of service to you.


Subject
---------------------------------------------------------------
Spyware abuse from your ip block

Suggested Answer
---------------------------------------------------------------
Hello,

The adware was downloaded to your computer when someone there agreed to
receive it or other third party software. You can remove our customer?s
application by going to http://www.look2me.com/cgi-bin/UnInstaller.
Please keep in mind that this will only remove our customer?s software,
not anything from another party. Before you could have downloaded the
adware, you had to agree to the terms and agreement listed here:
http://www.look2me.com/eula.html. If you would like to get in contact
with the people at look2me.com, you can send an email to
[email protected] Please let us know if you have any further questions.

Thank you,

Phil Van Ingen
AUP Admin
Rackspace Managed Hosting
The Managed Hosting Specialist?

Question
---------------------------------------------------------------
There is some type of spyware on my wife's laptop that keeps adding
this ip address ... Read more

Answer:69.20.16.183 in Host file!

It's probably being retained in the system restore files, happens all the time. You need to use an app to get rid of it then turn off system restore, system restore will purge the stored files.

You do run firewalls, virus scan and malware scans right?

MD

2 more replies
Relevance 71.75%

What exactly is a host file and what does it do? I am still learning!! Thanks

Answer:wot is a Host file?

click here

1 more replies
Relevance 71.75%

I just aquired a MVP HOST file ...i have extrracted all of it and changed it to name MVP...It has updated and i don't know what i am suposed to do with it from this point on..

can someone please explain to me what it does and how to use it...

Thank you to whoever can help...
 

Answer:what to do with MVP HOST File ????

7 more replies
Relevance 71.75%
Question: Host file

Is it best to set the properties of the host file to read only so it can't be hi jacked?
 

Answer:Host file

6 more replies
Relevance 71.75%
Question: host file

how do i get to my host file?

Answer:host file

For XP, \WINDOWS\System32\Drivers\etc\HOSTS is the location.

For 2K, \WINNT\System32\Drivers\etc\HOSTS is the location.

I forget where it is in W9x, but a search for HOSTS will turn it up.

1 more replies
Relevance 71.75%
Question: Host file

Where and how do I configure the host file?
 

Answer:Host file

have alook in your C:\WINNT\system32\drivers\etc

you will find it there (win 2000)

open in notepad to edit and don't save with any extension
 

2 more replies
Relevance 71.75%

This is my first time with a 64 bit OS. I usually have to use the Hosts file to resolve my DNS on my XP machine. Do I use the hosts file in the same location that XP 32bit was for Win 7 64bit (windows\system32\drivers\etc\Hosts)? Or, is there another hosts file location that 64bit OS uses?

Answer:Which host file to use?

Same place...

1 more replies
Relevance 70.93%
Question: Editing host file

Sorry if this is in the wrong thread, feel free to move if needed

I am trying to edit the host file but keep getting access denied even though I am admin.
I did a search online and have tried everything that was suggested, I have tried opening notepad by right clicking and 'run as admin'. I have unchecked the read only box in the properties of the host file. I have now run out of ideas.

Has anyone else had any problems and may know how to fix it?

Thanks.

Answer:Editing host file

Drag the file to your desktop, edit it there then drag it back.

2 more replies
Relevance 70.93%

hi when i run spywareblaster and try to backup host file i get a message host file not detected can someone help Chippy

Answer:host file windows xp

I think it must be there, browse to C:\windows\system32\drivers\ect the hosts file should be there.

2 more replies
Relevance 70.93%
Question: Host File Problems

Windows xp SP3, IE7, Spyware Doctor.Not really a virus question, but more about the host file itself.Only just recently, when l run spyware doctor, it is picking up between 700-800 infections in the host file. I checked this file and made sure all entries had the 127.0.0.1 prefix, logged on to a very trusted website, and when l looked at the host file again, there were about a dozen new entries. I'll probably do this for some of my other bookmarked websites to try and find out the culprit.When it contains some "dodgy" entries like those picked up by the antivirus, are they in fact dangerous to have in there?Is the host file even an essential to have?Comments would be appreciated.Thanks

Answer:Host File Problems

Download HostsXpert ( http://www.majorgeeks.com/Hoster_d4626.html ) and then follow the steps below:    * Unzip HostsXpert.zip    * It will create a folder named HostsXpert in whatever folder you extract it to.    * Run HostsXpert.exe by double clicking on it.    * click Restore MS Hosts File and then click OK.    * Click the X to exit the programRestart computer.

6 more replies
Relevance 70.93%
Question: Host File Deleted

Hello Sir, Ma'am
Im Cyril Stanley, in my office system Host file in drivers folder got deleted automatically and host.idx file is changed to .txt format. I don't know how it happened. Now how can i put new host file in my system and also host.idx. Please help. When i tried to copy host file from another system and paste in my system it reads it as virus and not allowing it to process.

Thank You
Cyril *
 

Answer:Host File Deleted

replace it with
http://www.mvps.org/winhelp2002/hosts.htm
 

3 more replies
Relevance 70.93%

I just installed the new microsoft spyware tool

seems to be helping as adaware used to always find a few pests when I run it, I delete them and they would get placed back in pretty quick, microsoft tool seems to stop re infection.

question, looking at some of the tools, I found a section called host file redirections. hundreds of these guys there all look like ad servers and double clik is mentioned a ton. can I block them and speed up my computer, the delete options are grayed out on my version of the software

thanks for any information on host files and the new spyware tool

thanks

dave
 

Answer:host file questions

Do you know what those host files are? Do you know how to check there validity? Those are the important questions...doc
 

1 more replies
Relevance 70.93%

Hello,

I killed a virus but was left with a hijacked host file. I have been unable to create a new one. Tried the microsoft fix, changing admin options, OTL host reset. No luck so far, any suggestions?

Thanks, Dave

Answer:can't reset host file

I just tried replacing mine and discovered that my AV (Avira Free) was interfering with any replacement effort.http://www.bleepingcomputer.com/forums/topic123980.htmlSo I turned off real-time protection temporarily...went to http://winhelp2002.mvps.org/hosts.htm and downloaded the most recent hosts file to my desktop."Download: hosts.zip [right-click - Select: Save Target As] [Updated November-23-2011]"I then opened file with program for doing so (7-Zip, in my case) and double-clicked the .bat file...complied with extraction of all files...double-clicked new .bat file, complied with onscreen instructions.Louis

9 more replies
Relevance 70.93%

I wanted to stop going to certain websites as I kept getting distracted. So I blocked them using my host file and Cancelled the admin's access to the host file. Now I cant access it at all, but I need it to block ads.
 

More replies
Relevance 70.93%
Question: Host File Manager

Yes how would I use this. Do I have to edit them or will this get rid of them., and are these hosts already being blockedEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:Host File Manager

Take a look at this post for comprehensive HOSTS File information. http://www.bleepingcomputer.com/forums/t/123980/mvps-hosts-file-update/

1 more replies
Relevance 70.93%

So basically I followed the guide exactly (http://www.bleepingcomputer.com/virus-removal/remove-security-shield) but when I got to the place where it says to like download the HOST file it goes to the black box, but then says "Access is denied" how do I get past that? Because I really want to get rid of the stupid security shield thing.

Answer:Help, Host file not working.

Hello and Welcome -If your problem is to reinstall a default Hosts file only, please try this first >>Please Reset your host files back to default.http://support.microsoft.com/kb/972034 <<< Run the microsoft fix it in the link here. - If this has not solved your problem then see the directions below >>Please follow the instructions in ==>This Guide<== and follow Steps through to Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the Malware Removal team members.Thank You -

1 more replies
Relevance 70.93%
Question: Host file issues

So, I know there are numerous, dozens of hits around the web for this seemingly strange issue. I have long used the MVPS host file on Windows XP. I just recently upgraded to Windows 7 Ultimate, and as far as I can tell, my host file is simply being ignored. I believe it's being ignored because, when I go to pages, all the ads come up and if I examine the URL of their origin, I can verify in my hosts file that they should be redirecting to 127.0.0.1. I've tried numerous things and I'll do my best to enumerate them here, but I'm hoping to bounce ideas back and see if someone can't help me narrow this problem down.

I have tried editing the hosts file both by opening notepad from administrator access and also by opening cmd.exe as administrator and typing "notepad hosts" in the drivers\etc directory. I can open and edit hosts, and upon reboot it maintains the changes.

If I ping ibm.com I get the following
C:\Windows\System32\drivers\etc>ping ibm.com

Pinging ibm.com [129.42.38.1] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 129.42.38.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

If I then change the hosts file to read:

127.0.0.1 localhost
127.0.0.1 ibm.com

then flushdns and reboot, I ping ibm.com and get the same result.

I have read all the threads, I've tried creating a new file, I've tried flushing then restart... Read more

Answer:Host file issues

IE7 Pro works with IE8 http://www.ie7pro.com/ AD Blocker Blocks all forms of advertising, including Flash ads, rich media, fly-ins, slide-ins, pop-ups, pop-unders, spyware and adware ads, and messenger ads. Disable the annoying mini download manager.

9 more replies
Relevance 70.93%

I have an issue with my host fiole. In general, I cant search on Google or Yahoo. Bing searches are slow, but they work. I have tried to fix the host file but I am having no luck changing it.

I've run Malwarebytes, Spybot, smitfraud. Nothing can remove the virus.

Any ideas?

Thanks

Answer:Host File corrupted

What is your Operating system,XP,Vista???

7 more replies
Relevance 70.93%
Question: Host file issues

Hi Have a little problem wrt. my host file. Cant seem to block a site off even though the entry exists in my host file, I can still access that site. Is there a way I can block off the site.Using HostXpert to edit /add entries. Also tried both entries like http://www.XYZ.com/ and www.XYZ.com/also entered alternative access routes likehttp://forums.XYZ.com/Not the actual site just using XYZ as an example Posting my RSIT log just in case:Logfile of random's system information tool 1.04 (written by random/random)Run by Admin at 2008-11-30 15:21:11Microsoft Windows XP Professional Service Pack 2System drive C: has 4 GB (23%) free of 19 GBTotal RAM: 503 MB (28% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:21:28 PM, on 30-11-2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\ALWILS~... Read more

Answer:Host file issues

My mistake, shouldn't have put the'/' or http:// before or after it
Just in case some one makes the same mistake
sorry for the trouble, marking it as solved!

1 more replies
Relevance 70.93%
Question: Host File Hijack

kaspersky found nothing and i only had one text file come up after the deckards scan.

Answer:Host File Hijack

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the c... Read more

2 more replies
Relevance 70.93%
Question: Host file hijack

Hello!

Got a problem with some malware on a Dell Inspiron laptop running Windows XP. A friend called me over because their laptop wouldn't boot up, not even into safe mode. It would hang at isapnp.sys. I googled the problem and discovered a solution where the problem is caused by malware injecting a 0kb driver into the drivers folder, causing the system to crash. After finding the driver I deleted it and it now boots up fine. However, the malware that caused the problem is still on the machine and is causing problems when you connect to the internet. The machine seems to work fine when not online.

When connected to the internet google brings up a message saying "we're sorry but it appears your computer is sending automated requests." Then the ask jeeves page opens in a new tab. Then internet explorer opens (I was using Firefox) automatically and a message is displayed saying that something is trying to change the default search page. After that I disconnected from the internet (turned the wireless off).

I ran spybot and that picked up registery changes and redirected hosts file to IP 74.125.45.100. The IP points to websites with names like securitysoftwarepayments.com and privatesecuredpayments.com. When trying to repair the error spybot gets unexpected error "cannot create file c:\windows\system32\drivers\etc\hosts. Access is denied." I haven't tried deleting the hosts file myself as I figure that if spybot can&... Read more

Answer:Host file hijack

to bleepingcomputerAs I'm interested in malware removal myself I would appreciate it if you let me know what it is you look for in these logs. Only if you have time though because I know you are busy.This takes a while to learn. I would suggest you attend one of the free learning sources on the Internet. We have one here at Bleeping computer and there are also others.Looks as your friend has gotten pretty infected.Let's see if I can help you sort it out.I've run DDS and GMER and have included the logs. I noticed that DDS has picked up the same IP and webaddresses as spybot. Even though the logs are a couple of weeks old the laptop hasn't been switched on since I ran them.I need a set of fresh logs.Please run DDS and GMER again and post the logs.

51 more replies
Relevance 70.93%

Hi

I checked my mail and saw that a number of e-mails where sent to all my contacts without my permission. Then when I try to access certain web pages Im unable to. After researching I found out that it has to be because my host file was hijacked. I scanned my computer using SuperAntiSpyware Professional , Ad Aware and NOD32 but came up with nothing.

I used hijack this , here is the log - any help please?
 

Answer:Host file hijacked !

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.

TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide
If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to s... Read more

1 more replies
Relevance 70.93%

So I am chasing another problem down when I came across this and I wanted some advice. My systems are Windows 7 64-bit, Home and Pro. In the C:\Windows\System32\drivers\etc folder there is the file called "hosts". Now on all my other systems there is just the one file, but my system seems to have some extra ones. Here is what I have

hosts (last modified with today's date)
hosts_bak_360 (last modified with 11-25-2014)
hosts_bak_750 (last modified with 2-5-2015)

I am wondering if this is OK or if it OK to delete the 360 and 750 since those have older dates; leaving the most current one. I did open them using the Notepad, all look to have the same information and IP's. So just wondering. Thanks

Answer:A question about the host file

The "bak" files appear to be backups so they should be ok to delete. But why do you have them I wonder. Maybe you have some program installed that has modified the hosts file and created the bak files. If so, it would probably only create a backup when it actually modifies the original hosts file, so I would do a non-visual comparison first to verify if they're identical.

Start a command prompt(cmd.exe) and change the current directory with this command:
cd C:\Windows\System32\drivers\etc

Then do a FC(File Compare), example:
fc hosts hosts_bak_360

1 more replies
Relevance 70.93%

Hi, appologies if this is an old chestnut, but my Kaspersky anti-virus recently started to ping up a warning about my host file being modified. Have been through the whole ad-aware/spybot/stinger routine, but am drawing a blank as to what this is. HiJackThis dump as attached (particularly interested in the "O1 - Hosts: 76.23.177.12 paypal.com" modifications). I'd be extremely grateful if anyone can help me out here.

Answer:Host File Modification

Hello boblob, Welcome to the BleepingComputer Forums. Thank you for your patience. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.(particularly interested in the "O1 - Hosts: 76.23.177.12 paypal.com" modifications).I did a whois on 76.23.177.12 and found it is Comcast Cable Communications in Mt Laurel, NJ. (Asked whois.arin.net:43 about +76.23.177.12) OrgName: Comcast Cable Communications Inc. OrgID: CMCS Address: 1800 Bishops Gate Blvd City: Mt Laurel StateProv: NJ PostalCode: 08054 Country: US NetRange: 76.16.0.0 - 76.31.255.255 So everytime you enter www.palpay.com it is redirected to Comcast Cable Communications in Mt Laurel, NJ. The same with these:my.screenname.aol.com webmail.aol.com yahoo.com www.yahoo.com mail.yahoo.com www.gmail.com gmail.com They are all being redirected to Comcast Cable Communications in Mt Laurel, NJ. Is Comcast Cable Communications in Mt Laurel, NJ your Internet Provider?If Comcast Cable Communications in Mt Laurel, NJ is NOT your Internet Provider then download the HostsXpert Here http://www.funkytoad.com/download/HostsXpert.zip Unzip HostsXpert to your desktop Open up the HostsXpert program. * Make sure that the "make hosts writable?" button in the upper left corner is enabled. * Click... Read more

3 more replies
Relevance 70.93%

Dear Experts,

This notebooks is not able to use Google or Bing searches, not a redirect problem, it simply times out. Scanned with McAfee VirusScan 8.7, Malewarebytes, SuperAntiSpyware, & McAfee Stinger.

Malewarebytes - Files Infected:
C:\I386\NDP20-KB946927-X86.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Dell\DBRM\osmedia\DOTNETFX\NDPSP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

SuperAntiSpyware - Files Infected:
Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\[%user%]\COOKIES\[%user%]@MICROSOFTWINDOWS.112.2O7[1].TXT

Trojan.Agent/Gen-Cryptor[Egun]
C:\WINDOWS\INSTALLER\MSI157.TMP

Host file hack:
#::1 localhost
74.55.76.230 www.google-analytics.com.
74.55.76.230 ad-emea.doubleclick.net.
74.55.76.230 www.statcounter.com.

After cleaning the system I noticed the host file was hacked, there were a few additional bogus entires way at the bottom of the file, plus the file attributes had changed. The host file has been recreated and is OK now. But we still have problems with Google and Bing searches in both IE and Firefox, so I don't thinkg it's a browser issue.

I'm also not able do to a nslookup on www.google.com or www.bing.com, it times out. Other website are fine, and from my notebook I'm able to nslookup to google and bing.

One possible fix to this problem is installing SP3 for WinXP Pro. SP3 is already ins... Read more

Answer:Possible DNS - Host File Hijack

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:Step # 1 Download and run DDSDownload DDS and save it to your desktop from here or here or hereDisable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Step # 2: Download and Run GmerPlease download gmer.zip from Gmer and save it to your desktop.***Please close any open programs ***Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan. Cli... Read more

12 more replies
Relevance 70.93%
Question: Host file problem

Hi - We have Squid Proxy in our environment and all the client machines are Win XP proffosional. Few users have some modification on their host file and when they to browse host file does not resolve when proxy settings are enabled on Internet Explorer. If they by pass the proxy, host file is resolved. Can anyone help in providing solution for this. Thanks.

Answer:Host file problem

Here is a neat little program created by bleepingcomputer's on and only raw (hes a Global Moderator).It is called hostsfix, it sets your host file back to windows xp defaultheres the linkhttp://frozenwebhost.com/raw/HOSTFix.exeAll credit goes to raw.....none to me.

1 more replies
Relevance 70.93%
Question: Host File Hijacked

Recently, I started noticing ads which poppped up in the bottom right corner of my screen while browsing the internet. It was an annoyance and I didn't know what had caused those ads to appear but I thought I would be able to remove them. I had been noticing these ads for several weeks prior to now. Subsequently, on another evening my PC began giving me messages which indicated that the HDD was failing and that I should scan the the drive and restart the machine to prevent data loss. At that moment, I knew that my machine was infected and I began corrective actions. I ran Avira and it identified a trojan called Crypt.ZPACK.Gen8. I removed this. Then I ran MBAM and it identified two other malware/trojan items and removed them. OK. So now it appears that the trojans have been removed, but the ads still appear. Checking further, I found a forum item on this site about the same issue entitled "Recommended for You" and using that information determined that my hosts file had been hijacked. My problem now is that I cannot gain access to the hosts file to delete the file and fix it. I tried the advanced settings found in the TOOLS>FOLDER OPTIONS>VIEW in Explorer to make the hosts file visible by showing hidden files and the other for unhiding system files. This process makes the other icons in the c:Windows\System 32\Drivers\ETC folder visible. The other icons in that folder are full color while the hosts icon is still shaded. I can open the sample... Read more

Answer:Host File Hijacked

Can you please post the logs which show the detections of the malware.

9 more replies
Relevance 70.93%
Question: Host file infected

My host files, I believe, are infected. I cannot use any search engines. I've ran combofix but can't figure out how to post it because it keeps saying my post is too long. Can someone please help me?

thank you!

Answer:Host file infected

Since you ran Combofix.....Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 70.93%

have tried editing and deleting host file but the redirected file keeps returning any help would be very much appreciated....hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:25:45 AM, on 3/16/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\LANDesk\Shared Files\residentagent.exeC:\Program Files\LANDesk\LDClient\LocalSch.EXEC:\WINDOWS\system32\CBA\pds.exeC:\Program Files\LANDesk\LDClient\LDIScn32.EXEC:\Program Files\LANDesk\LDClient\tmcsvc.exeC:\... Read more

Answer:Host file being redirected

Hi there,If you already have a copy of ComboFix, please delete it.Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.Link 1 Link 2 Link 3 IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on Combo-Fix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it s... Read more

20 more replies
Relevance 70.93%

PC running XP Service Pack 3. Running Norton.

Hijackthis was throwing up a load of redirection O1s (50-60 no).

I've ran malwarebytes and combofix and avira and neither worked.
I've actually went and deleted the hosts file in windows/system32/drivers/etc but they were still there in Hijackthis.

I Went to the hosts directory (see above) through the recovery console.
Using the cacls command, it showed the hosts file as still being there but with a permission of
"NT authority authorised user - special access."

The bottom line to this is that you it doesn't show up in windows directory listings (hidden file or not).
As well as that, you can't delete it or edit it, in recovery mode, command line, safe mode - any mode.
Combofix nor any about any other of about 6 other antispyware/rootkit programs can do anything with the invisible hosts file.

I moved hard drive to second pc (secondary drive) at this stage. After trawling the internet I found a program called gmer which is a rootkit killer, but has a utility for deleting files. This is the only thing I found which would delete it.

Programs that tried and failed to delete/edit the hosts file....
Avira Free version.
Malwarebytes
Combofix
SuperAntispyware.
WinPatrol
Spybot

Include HostsXpert in that list. It was able to read the "invisible" hosts file but not edit or delete it.

Anybody come across this before?

Answer:invisible host file

Strange that this is being ignored as I believe it to be a very dangerous development, not only in terms of the "hosts" file, but the possibility that any file can be hidden (or at least made read-only) using this "special access" protection.

2 more replies
Relevance 70.93%

I have a satellite ISP with 1M download. However, even at these speeds; Citysearch.com takes well over 1minute to completely load. Its supposed to take around 20sec max. I have noticed I never have any cached addresses in my HOST file. Is there a reason for this? I am running XP Home SP3.
 

Answer:There are no addresses in my HOST file

Hi marklantis

Download HostMan http://www.box.net/shared/mnzfmikqgh
Unzip, install, allow it to turn off DNS Cache. Click update select all 3 host files. Have it replace not merge your host file.

This will install a huge blocklist of known confirmed Malware/Virus and Spam sites.

Do you not have other issues? This is usually an indicator that Malware has been at work!

I reccomend that you do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html
ASAP!

Attach logs back to this post!

Mike
 

2 more replies
Relevance 70.93%

Trying to add some items to the host file. I have Norton Security, cant see any item on Norton that is running since I have turned features off. Yet when I edit the hosts file, it will not let me save, etc. Gives an error " permission denied", I am running notepad in Administator option, and still get DENIED message. How to successfully edit a host file???

Answer:Editing a host file

Click on the Start orb , then All Programs, Accessories.
 
Right click Notepad and select Run as administrator.
 
Click Continue on the "Windows needs your permission" UAC window.
 
When Notepad opens click on File, then Open.
 
In the filename field type: C:\Windows\System32\Drivers\etc\hosts
 
Click on Open.
 
Make the necessary changes to the hosts file.
 
Click on File, then Save to save your changes.

3 more replies