hosts file has been hacked

[Guest]

I am connected to the Internet via RoadRunner via a wireless Dlink router and have Zone Alarm installed. Recently, I have been doing a number of google searches on molecular biology and have experienced no problems. However, I returned from lunch to resume and when I entered www.google.com I was greeted by the message below. Since there is no author to the message, I am hesitant to follow the instructions. However, I have not been able to find anything on the topic using other search engines. Any suggestions? Oh, the hosts file displayed that it was last modified on 12/9/2003

Thank you, Cur

If you see this page your hosts file has been hacked. Please use the instruction below to clean your machine.

You cannot reach the site you where trying to reach without following this procedure! - Please follow the steps provided in this document and make sure to download all patches for your computer from the Windows Update Site which can be found here
http://windowsupdate.microsoft.com

1. Start regedit
find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
delete starting of svchost.exe file
reboot your computer
delete file svchost.exe in windows directory

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting)
delete file winlogon.exe in directory: C:\Documents and Settings\All Users\Start Menu\Programs\Startu

3. Clear your 'hosts' file
How to edit your hosts file: locate it first, either by browsing to the directory (as shown above) or by hitting "Start - Search - select all files and folders - type in 'hosts' (without the quotation marks) and hit search. When the file is found, click with your right mouse button on the file and select 'Open With...' This will bring up a list of programs to edit the file with. Select Notepad from that list and click OK. - Remove all lines from the file and type in: 127.0.0.1 localhost. Now close the file and save your changes
For Windows 95/98/Millenium machines: Locate the file hosts in your C:\Windows directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhos
For Windows 2000 machines: Locate the file hosts in your C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there
127.0.0.1 localhos
For Windows XP machines: Locate the file hosts in your C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there
127.0.0.1 localhos

 

[Ray at]

svchost.exe should exist in %windir%\SYSTEM32 and %windir%\system32\dllcache
only. If you have one in your %windir%, believe and perform steps 1 and 2.

For step 3, open a command prompt (cmd.exe) and enter this:

echo 127.0.0.1 localhost>%windir%\system32\drivers\etc\hosts

That will wipe out your hacked HOSTS file and create a new one with default
contents of only your local loopback IP address.

Ray at work

I am connected to the Internet via RoadRunner via a wireless Dlink router

and have Zone Alarm installed. Recently, I have been doing a number of
google searches on molecular biology and have experienced no problems.
However, I returned from lunch to resume and when I entered www.google.com I
was greeted by the message below. Since there is no author to the message, I
am hesitant to follow the instructions. However, I have not been able to
find anything on the topic using other search engines. Any suggestions? Oh,
the hosts file displayed that it was last modified on 12/9/2003.

Thank you, Curt


If you see this page your hosts file has been hacked. Please use the

instruction below to clean your machine.

You cannot reach the site you where trying to reach without following this

procedure! - Please follow the steps provided in this document and make sure
to download all patches for your computer from the Windows Update Site which
can be found here:

http://windowsupdate.microsoft.com

1. Start regedit,
find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All

Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file.
How to edit your hosts file: locate it first, either by browsing to the

directory (as shown above) or by hitting "Start - Search - select all files
and folders - type in 'hosts' (without the quotation marks) and hit search.
When the file is found, click with your right mouse button on the file and
select 'Open With...' This will bring up a list of programs to edit the file
with. Select Notepad from that list and click OK. - Remove all lines from
the file and type in: 127.0.0.1 localhost. Now close the file and save your
changes.

For Windows 95/98/Millenium machines: Locate the file hosts in your

C:\Windows directory. Just delete it or edit it with a text editor like
notepad and make sure there is only one line there:

127.0.0.1 localhost
For Windows 2000 machines: Locate the file hosts in your

C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it with a
text editor like notepad and make sure there is only one line there:

127.0.0.1 localhost
For Windows XP machines: Locate the file hosts in your

C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it with a
text editor like notepad and make sure there is only one line there:

 

[tristan]

I had the exact problem - don't follow the message.

Find your hosts file by using search hosts*.*

You should find that there are two files, just delete the larger one
and you should be fine. Look at it in edit to make sure, it will have
all the addresses that you are having problems seeing, just delete it.

The correct file will just have the 127.0.0.1 localhost