Window XP Explore Problem

T

TL

my window explore recently ran into a problem that keeps
bring up a site that i did not specific as my default
page. according to a message from www.msn.com, my host
file has been hacked. i followed this instructions. but
the site still come back after i reboot. the site is
called www.find4u.com. Please help...

1. Start regedit,
find
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and
Settings\All Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file.
How to edit your hosts file: locate it first, either by
browsing to the directory (as shown above) or by
hitting "Start - Search - select all files and folders -
type in 'hosts' (without the quotation marks) and hit
search. When the file is found, click with your right
mouse button on the file and select 'Open With...' This
will bring up a list of programs to edit the file with.
Select Notepad from that list and click OK. - Remove all
lines from the file and type in: 127.0.0.1 localhost. Now
close the file and save your changes.

For Windows XP machines: Locate the file hosts in your
C:\Windows\System32\Drivers\Etc directory. Just delete it
or edit it with a text editor like notepad and make sure
there is only one line there:
127.0.0.1 localhost
 
G

Guest

Yes, I have the same problem right now. If nobody can help us, maybe we can help each other by sharing what we know.

Below I wrote comments on those directions they gave us. The funny thing about this is I'm not sure if the directions are really from microsoft or a trick. They are so ambiguous in places as to be impossible for laymen like us to follow. But here's what I've figured out. Hope this helps.


If you see this page your hosts file has been hacked. Please use the instruction below to clean your machine.

You cannot reach the site you where trying to reach without following this procedure! - Please follow the steps provided in this document and make sure to download all patches for your computer from the Windows Update Site which can be found here:
http://windowsupdate.microsoft.com

1. Start regedit, [[[should say "Start, Run, type Regedit", then screen pops up and find HKEY_Current......]]]
find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ,
delete starting of svchost.exe file, [[[now what do they mean by "starting", and i don't see that file]]]
[[[the files i have in the run folder are ctfmon.exe and dxsty,, what do you have??]]]
[[[I haven't deleted anything yet, so I've never made it to the next step.]]]
reboot your computer,
delete file svchost.exe in windows directory. [[[BY "windows directory" i wasn't sure at first, but now I think they mean in my computer/local disk c:/windows/system32, there's an exe file called "svchost" there]]]

2. Reboot windows and start in [[[confident I could do this onen when the time comes, ask me if you are unsure how to do it..]]]
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file. [[[I have XP so I go to the bottom]]]
How to edit your hosts file: locate it first, either by browsing to the directory (as shown above) or by hitting "Start - Search - select all files and folders - type in 'hosts' (without the quotation marks) and hit search. When the file is found, click with your right mouse button on the file and select 'Open With...' This will bring up a list of programs to edit the file with. Select Notepad from that list and click OK. - Remove all lines from the file and type in: 127.0.0.1 localhost. Now close the file and save your changes.
For Windows 95/98/Millenium machines: Locate the file hosts in your C:\Windows directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows 2000 machines: Locate the file hosts in your C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows XP machines: Locate the file hosts in your C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
[[[I have a few of what look to be host files in this the Ect folder, one called "hosts" and the other "lmhost", but it appears the "hosts" is the one they mean us to edit with notepad]]]

I hope you are still checking this page..!!
 
R

Ronnie Vernon MVP

Jerry said:
Yes, I have the same problem right now. If nobody can help us, maybe
we can help each other by sharing what we know.

Below I wrote comments on those directions they gave us. The funny
thing about this is I'm not sure if the directions are really from
microsoft or a trick. They are so ambiguous in places as to be
impossible for laymen like us to follow. But here's what I've
figured out. Hope this helps.


If you see this page your hosts file has been hacked. Please use
the instruction below to clean your machine.

You cannot reach the site you where trying to reach without following
this procedure! - Please follow the steps provided in this document
and make sure to download all patches for your computer from the
Windows Update Site which can be found here:
http://windowsupdate.microsoft.com

1. Start regedit, [[[should say "Start, Run, type Regedit", then
screen pops up and find HKEY_Current......]]]
find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ,
delete starting of svchost.exe file, [[[now what do they mean by
"starting", and i don't see that file]]] [[[the files i have in the
run folder are ctfmon.exe and dxsty,, what do you have??]]] [[[I
haven't deleted anything yet, so I've never made it to the next
step.]]]
reboot your computer,
delete file svchost.exe in windows directory. [[[BY "windows
directory" i wasn't sure at first, but now I think they mean in my
computer/local disk c:/windows/system32, there's an exe file called
"svchost" there]]]

2. Reboot windows and start in [[[confident I could do this onen when
the time comes, ask me if you are unsure how to do it..]]]
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All
Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file. [[[I have XP so I go to the bottom]]]
How to edit your hosts file: locate it first, either by browsing to
the directory (as shown above) or by hitting "Start - Search - select
all files and folders - type in 'hosts' (without the quotation marks)
and hit search. When the file is found, click with your right mouse
button on the file and select 'Open With...' This will bring up a
list of programs to edit the file with. Select Notepad from that list
and click OK. - Remove all lines from the file and type in: 127.0.0.1
localhost. Now close the file and save your changes. For Windows
95/98/Millenium machines: Locate the file hosts in your C:\Windows
directory. Just delete it or edit it with a text editor like notepad
and make sure there is only one line there: 127.0.0.1 localhost
For Windows 2000 machines: Locate the file hosts in your
C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it
with a text editor like notepad and make sure there is only one line
there: 127.0.0.1 localhost
For Windows XP machines: Locate the file hosts in your
C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it
with a text editor like notepad and make sure there is only one line
there: 127.0.0.1 localhost [[[I have a few of what look to be host
files in this the Ect folder, one called "hosts" and the other
"lmhost", but it appears the "hosts" is the one they mean us to edit
with notepad]]]

I hope you are still checking this page..!!
Click to expand...

Jerry

Just follow the directions. If you don't see anything with "svchosts" in
that Run key in the registry, then go to the next step.

The svchosts.exe is a legitimate XP file and should be in the \System32
folder. If there is a copy of this file in the C:\Windows folder, right
click the file and select Delete to remove it from there.

Boot into Safe Mode, according to those directions and delete the
Winlogon.exe file from the specified location.

Open the Hosts file (Not lmhosts) and select all of the text in that file
and press the DEL key. At the top of the page, type 127.0.0.1 localhost and
select File/Save and close the file.

This should get rid of this spyware. Next, download one or both of the
following programs and run them on a regular basis to keep this type of
spyware off of the system.

Spybot -- http://www.safer-networking.org/
AdAware -- http://www.lavasoftusa.com/




--
Ronnie Vernon
Microsoft MVP-Windows Shell/User

Please reply to the newsgroup so all may benefit.
http://www.dts-l.org
http://www.mvps.org
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Host File Hacked Fix Needed 1
google trouble 3
hacked 3
Hosts file has been hacked? 1
I Explorer Bug? Fix ? 1
Virus or hoax??? "If you are seeing this page your host file has been hacked" 2
"...your hosts file has been hacked." 4
Host Files Have Been Hacked 2

Top