windows hosts files problem

[Guest]

after a detection of a virus ie trojan horse psw.generic3 ehx that my
antivirus security {ava} seamed to deal with, however it looks like some
damage has been done to my windows hosts file ? i decided to change antivirus
security to {norton} but still having problems, ie not able to use links ,
help and support, live updates from norton ?? fault message pops up lu1862
live update was unable to remove the hosts entries from the hosts files, as
there is a malicious entry in the hosts files. can anyone give me some help
to sort out the problem ? thanks

 

[Nikhil]

You can look for c:\WINDOWS\system32\drivers\etc\hosts file.
Open this file in notepad.
Delete any line from it which points to a not known website or just
keep those lines which have trusted site address e.g. yahoo.com .
Please take backup of the file before making any changes.
You can also delete all lines from the file. it will just slow down
internet acces little bit.

____________________
Nikhil

 

[Rock]

after a detection of a virus ie trojan horse psw.generic3 ehx that my
antivirus security {ava} seamed to deal with, however it looks like some
damage has been done to my windows hosts file ? i decided to change
antivirus
security to {norton} but still having problems, ie not able to use links ,
help and support, live updates from norton ?? fault message pops up lu1862
live update was unable to remove the hosts entries from the hosts files,
as
there is a malicious entry in the hosts files. can anyone give me some
help
to sort out the problem ? thanks

The hosts file is located here:
\WINDOWS\system32\drivers\etc
named: hosts

All that needs to be in it is one entry: 127.0.0.1 localhost

Normally there are some remarks at the beginning of the file, denoted by the
# character in first position. The complete contents are below. Just
create a new file with notepad, copy this text, and replace the original
file.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

----
Don't include the line above here.

Here are some links for dealing with malware.

Malware Removal
http://www.elephantboycomputers.com/page2.html#Removing_Malware

THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm

Richard Harper’s Guide to Cleaning Pests
http://rgharper.mvps.org/cleanit.htm

 

[Guest]

thanks , but when i checked the hosts file it was as you described, and there
were no other entries there ??
the problem is when i use the norton live update ect, a warning message
reads lu1860 live update has detected a potential security compromise on your
computer : one or more entries for symantic live update servers exist in your
windows hosts files , a malicious entry in your hosts files could prevent (
and does ) live update from retrieving updates for your products. also says
generaly symantic updates server entries should not appear in the windows
hosts files ?? it offers to remove them, but when i perfom the action it
fails , ip address = 1.1.1.1 ???

 

[Rock]

thanks , but when i checked the hosts file it was as you described, and
there
were no other entries there ??
the problem is when i use the norton live update ect, a warning message
reads lu1860 live update has detected a potential security compromise on
your
computer : one or more entries for symantic live update servers exist in
your
windows hosts files , a malicious entry in your hosts files could prevent
(
and does ) live update from retrieving updates for your products. also
says
generaly symantic updates server entries should not appear in the windows
hosts files ?? it offers to remove them, but when i perfom the action it
fails , ip address = 1.1.1.1 ???

I suggest you check with Symantec tech support. Personally I think you are
better off without any of the Symantec/Norton home products.

 

[Guest]

I suggest you check with Symantec tech support. Personally I think you are
better off without any of the Symantec/Norton home products.

 

[Rock]

You're welcome. Post back with the resolution if you can.