Hi Jan - Glad you've gotten past it. One cautionary note, however; you may
just want to delete that file altogether - it's been "contaminated" by the
trojan and is useless for anything further "as is". If you ever want to
use a HOSTS file for ad blocking or the like, you can always create a new
default as I outlined or just copy a good ad blocking HOSTS file to that
location in \drivers\etc such as the one here:
http://www.mvps.org/winhelp2002/hosts.zip from Mike Burgess' site. You can
read more about this here:
http://www.mvps.org/winhelp2002/hosts.htm I
would recommend it, as it also stops much "malware" from getting on your
system as well as ads.
If you want to take some additional steps to defend your machine, I would
suggest the following:
The best way to start is to get Ad-Aware 6.0, Build 162 or later, here:
http://www.lavasoftusa.com/support/download/. Update and run this regularly
to get rid of most "spyware/hijackware" on your machine.
Another excellent program for this purpose is SpyBot Search and Destroy
available here:
http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
using both normally. After fixing things with SpyBot S&D, be sure to
re-boot and rerun SpyBot again and repeat this cycle until you get a clean
"no red" scan.
Next, courtesy of Mike Burgess:
--Recommended Minimum Security Settings--
Close all instances of IE and OE
Control Panel | Internet Options
Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"
1) "Download signed ActiveX scripts" = Prompt
2) "Download unsigned ActiveX scripts = Disable
3) "Initialize and script ActiveX not marked as safe" = Disable
4) "Installation of Desktop items" = Prompt
5) "Launching programs and files in a IFRAME" = Prompt
Click on the "Content" tab
Click the "Publishers" button
Highlight and click "Remove" any unknowns, click Ok
Click on the "Advanced" tab
Uncheck: "Install on demand (other)", click Apply\Ok
Prevent your "HomePage" setting from being Hijacked
http://www.mvps.org/winhelp2002/ietips.htm
_____________________________
Mike Burgess
Information isn't free if you can't find it!
http://www.mvps.org/winhelp2002/
Then, from me:
You might want to consider installing the SpywareBlaster and SpywareGuard
here to help prevent this kind of thing from happening in the future:
http://www.wilderssecurity.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it updated) The latest version as of this writing
will prevent installation or prevent the malware from running (837 parasites
as of this date) if it is already installed, and it provides information and
fixit-links for a variety of parasites.
http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts
to install malware) Both Very Highly Recommended.
Good luck!