Host file manipulation

M

Murali Krishna

My system runs on windows 2003 and since last week i
could not access any microsoft sites and anti virus
sites. I ran deep scan with anti spyware and
it showed that the system is ok.

But i have found that my "hosts" file has been
manipulated and all famous sites and anti virus sites
were defined as 127.0.0.1 in my hosts file.

This particular problem is not being detected by MS Anti
Spyware. If possible you can address this in future.
 
A

AndyManchesta

This is common with alot of viruses these days , trying
to restrict your access to security sites so its harder
for you to fix the problem

A good tool to use for this is hoster,You can view the
hosts file and if there is any entries under 127.0.0.1
localhost that you didnt add yourself you can
press 'Restore Original Hosts' which resets them to
Microsoft's default.


You can get hoster from here:

http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=2654.0;id=285



Regards Andy
 
M

Mikolaj

how do you find out if your host has been manipulated?
where can i see my host file?
Click to expand...

For example using hijackthis application - it's a good tool to check and
clean the system (hijackthis log can be checked on http://www.hijackthis.de
web page or send to Ron Kinner, who is kind enough to verify it).
Sending the log to Ron Kinner put Hijack in the subject so he'll know it's
not a spam (his email is (e-mail address removed) ).

And the hosts file usually can be found here:
C:\WINDOWS\system32\drivers\etc
(in case of windows 2000 it is C:\WINNT\system32\drivers\etc)
Usually it contains only the comment, example and one address line:
127.0.0.1 localhost
(however in a company environment it may contain additional information).
 
P

plun

Hi

Another way is to use MSAS for this, start MSAS
Advanced Tools - System Explorers - Windows hosts file.

My personal opinion is that let MSAS protect the hosts file and
delete all entries except 127.0.0.1 Localhost.

I think this this way is better for most users then to have long
blocklists with
127.0.0.1 loopbacks for malware sites.

--
plun



Mikolaj presented the following explanation :
 
B

Bill Sanderson

You've got a virus.

Microsoft Antispyware is not a substitute for using a good Antivirus
application.

Scan with a competent antivirus with current definitions ASAP.

You'll probably need to wipe out the rogue hosts file first, then use an
online scanner, perhaps:

http://housecall.trendmicro.com

for example.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Suspicious file problem 7
windows host file 22
Probable virus redirecting DNS queries 9
Hosts file scanned 5
ot: Hosts file Malware only? 4
NOD32 detects virus in MS AntiSpyware??? 1
spyware can't handle backup file sets 3
Bug: Host file change information erronous 1

Top