"...your hosts file has been hacked."

[Guest]

This popped up yesterday when I try to google or msn.com. Is this legit?

If you see this page your hosts file has been hacked. Please use the instruction below to clean your machine.

You cannot reach the site you where trying to reach without following this procedure! - Please follow the steps provided in this document and make sure to download all patches for your computer from the Windows Update Site which can be found here:
http://windowsupdate.microsoft.com/

1. Start regedit,
find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file.
How to edit your hosts file: locate it first, either by browsing to the directory (as shown above) or by hitting "Start - Search - select all files and folders - type in 'hosts' (without the quotation marks) and hit search. When the file is found, click with your right mouse button on the file and select 'Open With...' This will bring up a list of programs to edit the file with. Select Notepad from that list and click OK. - Remove all lines from the file and type in: 127.0.0.1 localhost. Now close the file and save your changes.
For Windows 95/98/Millenium machines: Locate the file hosts in your C:\Windows directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows 2000 machines: Locate the file hosts in your C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows XP machines: Locate the file hosts in your C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
This page started popping up when I try to go to google or msn home. Is this legit? It directs me to a m

 

[Drew Cooper [MSFT]]

Microsoft doesn't have browser popups to tell people to go to Windows
Update.

That being said . . . it might be a good idea to make sure you have all the
latest patches. And a scan for spyware/adware might be in order, too.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

This popped up yesterday when I try to google or msn.com. Is this legit?

If you see this page your hosts file has been hacked. Please use the

instruction below to clean your machine.

You cannot reach the site you where trying to reach without following this

procedure! - Please follow the steps provided in this document and make sure
to download all patches for your computer from the Windows Update Site which
can be found here:

http://windowsupdate.microsoft.com/

1. Start regedit,
find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All

Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file.
How to edit your hosts file: locate it first, either by browsing to the

directory (as shown above) or by hitting "Start - Search - select all files
and folders - type in 'hosts' (without the quotation marks) and hit search.
When the file is found, click with your right mouse button on the file and
select 'Open With...' This will bring up a list of programs to edit the file
with. Select Notepad from that list and click OK. - Remove all lines from
the file and type in: 127.0.0.1 localhost. Now close the file and save your
changes.

For Windows 95/98/Millenium machines: Locate the file hosts in your

C:\Windows directory. Just delete it or edit it with a text editor like
notepad and make sure there is only one line there:

127.0.0.1 localhost
For Windows 2000 machines: Locate the file hosts in your

C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it with a
text editor like notepad and make sure there is only one line there:

127.0.0.1 localhost
For Windows XP machines: Locate the file hosts in your

C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it with a
text editor like notepad and make sure there is only one line there:

127.0.0.1 localhost
This page started popping up when I try to go to google or msn home. Is

this legit? It directs me to a m

 

[Kent W. England [MVP]]

This is the old Qhosts bug. Google qhosts for details on how to get rid
of it. What you quote doesn't sound right. IIRC, there is a registry key
to be repaired and a substitute hosts file to delete, if desired. I
don't recall svchost.exe being involved.

--
Kent W. England, Microsoft MVP for Windows Security

This popped up yesterday when I try to google or msn.com. Is this legit?

If you see this page your hosts file has been hacked. Please use the

instruction below to clean your machine.

You cannot reach the site you where trying to reach without following

this procedure! - Please follow the steps provided in this document and
make sure to download all patches for your computer from the Windows
Update Site which can be found here:

http://windowsupdate.microsoft.com/

1. Start regedit,
find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All

Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file.
How to edit your hosts file: locate it first, either by browsing to

the directory (as shown above) or by hitting "Start - Search - select
all files and folders - type in 'hosts' (without the quotation marks)
and hit search. When the file is found, click with your right mouse
button on the file and select 'Open With...' This will bring up a list
of programs to edit the file with. Select Notepad from that list and
click OK. - Remove all lines from the file and type in: 127.0.0.1
localhost. Now close the file and save your changes.

For Windows 95/98/Millenium machines: Locate the file hosts in your

C:\Windows directory. Just delete it or edit it with a text editor like
notepad and make sure there is only one line there:

127.0.0.1 localhost
For Windows 2000 machines: Locate the file hosts in your

C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it with
a text editor like notepad and make sure there is only one line there:

127.0.0.1 localhost
For Windows XP machines: Locate the file hosts in your

C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it
with a text editor like notepad and make sure there is only one line
there:

127.0.0.1 localhost
This page started popping up when I try to go to google or msn home.

Is this legit? It directs me to a m

 

[Guest]

Thanks for the help. I didn't think it was legit so I didn't click on the link. I already have all the updates, it's on automatic. Google will not come up, nor msn, just the message. My adware/spyware shows nothing unusual. I'll keep hunting. Thanks.

 

[Mike Donnelly]

=?Utf-8?B?bXVzY2xl?= <[email protected]>
wrote in

This popped up yesterday when I try to google or msn.com.
Is this legit?

If you see this page your hosts file has been hacked.
Please use the instruction below to clean your machine.

-------Rest clipped.---------

It wouldn't hurt to take a look at your hosts file to see if
anything is there concerning the web sites you mentioned.