Can't Access AV sites - renaming HSOTS doesn't work

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Since being infected by Sasser (now removed), I haven't been able to access any antivirus website. I looked in the HOSTS file, nothing there (just 127.0.0.1). I renamed it nonetheless to no avail. Haven't been able to update NAV either.
When pinging symantec or mcafee, IP adress displayed is 127.0.0.1, which seems wrong. Can't find anything related to any AV website in the registery. Can you help?
Thanks,
SF
 
I think you have some information wrong. Why would you remove 127.0.0.1?
Go here it explains Hosts Files and you can download an updated file.
http://mvps.org/winhelp2002/hosts.htm
See if after that you can access AV sites. You may need to reboot.


Sebfori said:
Since being infected by Sasser (now removed), I haven't been able to
Click to expand...
access any antivirus website. I looked in the HOSTS file, nothing there
(just 127.0.0.1). I renamed it nonetheless to no avail. Haven't been able to
update NAV either.
When pinging symantec or mcafee, IP adress displayed is 127.0.0.1, which
Click to expand...
seems wrong. Can't find anything related to any AV website in the registery.
Can you help?
 
Your Winsock may be damaged, download the correct program and run it.
http://www.cexx.org/lspfix.htm (Win 98. ME )

http://www.spychecker.com/program/winsockxpfix.html (for Win2k, XP)

--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===
Sebfori said:
Since being infected by Sasser (now removed), I haven't been able to
Click to expand...
access any antivirus website. I looked in the HOSTS file, nothing there
(just 127.0.0.1). I renamed it nonetheless to no avail. Haven't been able to
update NAV either.
When pinging symantec or mcafee, IP adress displayed is 127.0.0.1, which
Click to expand...
seems wrong. Can't find anything related to any AV website in the registery.
Can you help?
 
Sebfori said:
Since being infected by Sasser (now removed), I haven't been able
to access any antivirus website. I looked in the HOSTS file, nothing there
(just 127.0.0.1). I renamed it nonetheless to no avail.
Haven't been able to update NAV either.
When pinging symantec or mcafee, IP adress displayed is 127.0.0.1,
which seems wrong.
Click to expand...

If your OS is NTx try using nslookup on those names instead.

Assuming that your DNS is not resolving those names to 127.0.0.1
use telnet to test port 80 at the IP addresses nslookup returns. E.g.
telnet www.symantec.com 80
The screen will clear if there is an open port there.
Press Ctrl-[ and enter c and then q to close the connection
and the application.

If the domain names are still resolving to 127.0.0.1 you probably
haven't found the right HOSTS file or (less likely) your dnscache
is retaining that invalid lookup and causing the override. To check
on the latter case and repair it you could try the following two commands:

ipconfig /displaydns | find /i "127.0.0.1"
ipconfig /flushdns

BTW if another /displaydns gives you the same results *after* the
/flushdns it is another strong indication that a HOSTS file override
is still in effect.

There is a known Trojan called QHOSTS which might be responsible
for changing the location of the active HOSTS file. See Symantec's
article about it for more information:

< http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html >


HTH

Robert Aldwinckle
---
 
Back
Top