Jump to content

Internet Suddenly Seems Slower (Host file virus?)


hsncorrosion
 Share

Recommended Posts

Recently I've began to think my internet may be slowing down.

I have good antivirus, havent downloaded anything except IE7 update.

I do have a server on the network (it has different antivirus) the servers antivirus is telling me that my hosts file in C:windowssystem32driversetchosts.txt

is a virus. Whats up with that?

Link to comment
Share on other sites

start -> run -> "cmd /k cat C:windowssystem32driversetchosts.txt"

What does it say?

start -> run -> "cmd /k cat C:windowssystem32driversetchosts"

What does it say?

(sans quotation marks)

cat C:windowssystem32driversetchosts >> "c:Documents and Settings/<your username>/Desktop/hosts.txt"

That should make a file called hosts.txt on your desktop that should read:

# Copyright (c) 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host



127.0.0.1       localhost

If there is more than that, you have a problem.

Link to comment
Share on other sites

start -> run -> "cmd /k cat C:windowssystem32driversetchosts.txt"

What does it say?

start -> run -> "cmd /k cat C:windowssystem32driversetchosts"

What does it say?

(sans quotation marks)

cat C:windowssystem32driversetchosts >> "c:Documents and Settings/<your username>/Desktop/hosts.txt"

That should make a file called hosts.txt on your desktop that should read:

# Copyright (c) 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host



127.0.0.1       localhost

If there is more than that, you have a problem.

Sorry the .txt extension was a typo. My anti virus is avast 4.7 pro.

Uhoh! heres my hosts file

# Copyright (c) 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host



127.0.0.1       localhost



































127.0.0.1    www.symantec.com

127.0.0.1    securityresponse.symantec.com

127.0.0.1    symantec.com

127.0.0.1    www.sophos.com

127.0.0.1    sophos.com

127.0.0.1    www.mcafee.com

127.0.0.1    mcafee.com

127.0.0.1    liveupdate.symantecliveupdate.com

127.0.0.1    www.viruslist.com

127.0.0.1    viruslist.com

127.0.0.1    viruslist.com

127.0.0.1    f-secure.com

127.0.0.1    www.f-secure.com

127.0.0.1    kaspersky.com

127.0.0.1    kaspersky-labs.com

127.0.0.1    www.avp.com

127.0.0.1    www.kaspersky.com

127.0.0.1    avp.com

127.0.0.1    www.networkassociates.com

127.0.0.1    networkassociates.com

127.0.0.1    www.ca.com

127.0.0.1    ca.com

127.0.0.1    mast.mcafee.com

127.0.0.1    my-etrust.com

127.0.0.1    www.my-etrust.com

127.0.0.1    download.mcafee.com

127.0.0.1    dispatch.mcafee.com

127.0.0.1    secure.nai.com

127.0.0.1    nai.com

127.0.0.1    www.nai.com

127.0.0.1    update.symantec.com

127.0.0.1    updates.symantec.com

127.0.0.1    us.mcafee.com

127.0.0.1    liveupdate.symantec.com

127.0.0.1    customer.symantec.com

127.0.0.1    rads.mcafee.com

127.0.0.1    trendmicro.com

127.0.0.1    pandasoftware.com

127.0.0.1    www.pandasoftware.com

127.0.0.1    www.trendmicro.com

127.0.0.1    www.grisoft.com

127.0.0.1    www.microsoft.com

127.0.0.1    microsoft.com

127.0.0.1    www.virustotal.com

127.0.0.1    virustotal.com

I know I didn't put that there (this is from my ut2k4 game server)

Oh my main system anti virus is avast my server sadly only has avg free.

Help what do I do to fix this?

Link to comment
Share on other sites

Had a bad felling u were going to say that.

Well, worst senerio, what will happen if I leave it.

This is on a lan with my main pc.

Also found this

Response Number 1

Name: Tufenuf

Date: May 08, 2004 at 04:54:51 Pacific

Subject: System32 hosts folder

Reply:

baza999, The hosts (no extension) file located in your C:WINNTSystem32driversetc folder for Windows XP comes as shown below between the lines.

____________________________________________

Copyright © 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

____________________________________________

If you have downloaded some type of Spyware Removal Program it may have added those porn links so that you can't access them as a safety precaution or did you download another hosts file for protection against porn sites which are responsible for most spyware/adware/malware/hijackers entering your system? There are some viruses/trojans that add entries to AV sites/Spyware Removal Programs sites/etc. so that you can't reach any of them to fix the viruses/trojans and what you have to do is go into the hosts (no extension) file open it in Notepad and delete all entries below the 127.0.0.1 localhost.

DO NOT delete the 127.0.0.1 localhost.

Close Notepad and accept the changes when it asks, then right click the HOSTS (no extension)file, choose Properties and put a checkmark in front of Read only, click Apply/OK. This will prevent anything from altering it or writing to it.

HTH,

Tufenuf

Report Offensive Follow Up For Removal

Heres the url i copied this from.

http://www.computing.net/windowsxp/wwwboar...rum/104055.html

Link to comment
Share on other sites

I'll report your IP to the abuse contact of your ISP if you leave it. Its like allowing someone to deal heroin from your garden shed.

It would be the case that a virus has forced your computer to always resolve the domain names of popular anti-crapware sites to your local host, so you can't clean the infection. The only way to clear this type of compromise is to dump the install and start again. Its Saturday, so your going to have to purchase a stack of DVD-R's and cancel your weekend plans.

Link to comment
Share on other sites

What? what am i spaming, what bot net

The bot net you are probably a part of and is been used to spam as well as DDoS attacks and used as a means of not easily traceable attacks on other computers on the Internet.

You need to do a clean install of windows, no 'if's, 'but's or 'no's.

Link to comment
Share on other sites

What? what am i spaming, what bot net

The bot net you are probably a part of and is been used to spam as well as DDoS attacks and used as a means of not easily traceable attacks on other computers on the Internet.

You need to do a clean install of windows, no 'if's, 'but's or 'no's.

Ok, I will clean install, I just wanted to know what would happen if i didnt. You dont need to report anything. Anyway I will run a clean install.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...