HOSTS file infected with spyware, cannot remove entries

[Guest]

I have a LOT of entries in the HOSTS file that will not go away, even with MS
Spyware removal, I can delete the entries and they keep coming back. The
list that keeps popping up are:

code.ignphrases.com
clear-search.com
r1.clrsch.com
sds.clrsch.com
status.clrsch.com
www.clrsch.com
clr-sch.com
sds-qckads.com
status.qckads.com (about 8 of these)
www.igetnet.com

They all point to the local machine, 127.0.0.1. Need to figure out what is
putting them in there and how to stop it. Thanks.

 

[Steve N.]

I have a LOT of entries in the HOSTS file that will not go away, even with MS
Spyware removal, I can delete the entries and they keep coming back. The
list that keeps popping up are:

code.ignphrases.com
clear-search.com
r1.clrsch.com
sds.clrsch.com
status.clrsch.com
www.clrsch.com
clr-sch.com
sds-qckads.com
status.qckads.com (about 8 of these)
www.igetnet.com

They all point to the local machine, 127.0.0.1. Need to figure out what is
putting them in there and how to stop it. Thanks.

They are probably put there as a result of running antispyware and
blocking bad sites, pointing a hostname to the local loopback address
(127.0.0.1) is one method of preventing visits to those sites; they've
effectively been blocked as a result.

Steve

 

[David H. Lipman]

| I have a LOT of entries in the HOSTS file that will not go away, even with MS
| Spyware removal, I can delete the entries and they keep coming back. The
| list that keeps popping up are:
|
| code.ignphrases.com
| clear-search.com
| r1.clrsch.com
| sds.clrsch.com
| status.clrsch.com
| www.clrsch.com
| clr-sch.com
| sds-qckads.com
| status.qckads.com (about 8 of these)
| www.igetnet.com
|
| They all point to the local machine, 127.0.0.1. Need to figure out what is
| putting them in there and how to stop it. Thanks.
|
| --
| Jamie
| MCP, Net+, A+

Dump the contents of the IE Temporary Internet Folder cache (TIF)

Start --> Settings --> Control Panel --> Internet Options --> Delete Files


Dump the contents of the Mozilla FireFox Cache

Tools --> Options --> Privacy --> Cache --> Clear


1) Download TrendMicro Sysclean by one of the following 2 methods

Trend Sysclean Method 1
---------------------------------------
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt580.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

2) Download Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Update Ad-aware with the latest definitions.
3) Reboot your PC into Safe Mode and shutdown as many applications as possible.
4) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
5) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware

* * * Please report back your results * * *