host file emptied

  • Thread starter Thread starter philippe
  • Start date Start date
P

philippe

On two PCs under XP , from time to time, the hosts file is emptied.

Sometimes after a reboot, sometimes not.

both are communicating through checkpoint on a LAN.

Nothing appears (or I didn't notice it) in the event logs.

Could it be a virus ?


thank's
 
philippe said:
On two PCs under XP , from time to time, the hosts file is emptied.

Sometimes after a reboot, sometimes not.

both are communicating through checkpoint on a LAN.

Nothing appears (or I didn't notice it) in the event logs.

Could it be a virus ?


thank's

It's probably a script you're not aware of. Nail it down
by modifying its NTFS attributes so that everyone except
you has read-access only.
 
philippe said:
On two PCs under XP , from time to time, the hosts file is emptied.

Sometimes after a reboot, sometimes not.

both are communicating through checkpoint on a LAN.

The NTFS privileges of the directory %SystemRoot%\System32\Drivers\etc
and its files should allow for full access for Administrators and SYSTEM
only. If that file gets modified "by its own", someone else was logged on
with administrative privileges in that case (why?) and these privileges
apply to any software (malware) running under that account as well.
Could it be a virus ?

Why don't you try to find out using an updated anti-virus/anti-spyware.
Next, find out who has adminstrator privileges and who granted them.
If the privileges have not been set correctly on those machines, kick
the administrator.
 
Back
Top