hsncorrosion Posted January 13, 2007 Share Posted January 13, 2007 Recently I've began to think my internet may be slowing down. I have good antivirus, havent downloaded anything except IE7 update. I do have a server on the network (it has different antivirus) the servers antivirus is telling me that my hosts file in C:windowssystem32driversetchosts.txt is a virus. Whats up with that? Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 13, 2007 Share Posted January 13, 2007 The hosts file is called 'hosts' just like it is on Linux, there is no file extension. What do you mean "I have good antivirus"? Exacly what anti-virus software do you use? Ee will be the judges of weather it's good or not ;) Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 13, 2007 Share Posted January 13, 2007 start -> run -> "cmd /k cat C:windowssystem32driversetchosts.txt" What does it say? start -> run -> "cmd /k cat C:windowssystem32driversetchosts" What does it say? (sans quotation marks) cat C:windowssystem32driversetchosts >> "c:Documents and Settings/<your username>/Desktop/hosts.txt" That should make a file called hosts.txt on your desktop that should read: # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost If there is more than that, you have a problem. Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted January 13, 2007 Author Share Posted January 13, 2007 start -> run -> "cmd /k cat C:windowssystem32driversetchosts.txt" What does it say? start -> run -> "cmd /k cat C:windowssystem32driversetchosts" What does it say? (sans quotation marks) cat C:windowssystem32driversetchosts >> "c:Documents and Settings/<your username>/Desktop/hosts.txt" That should make a file called hosts.txt on your desktop that should read: # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost If there is more than that, you have a problem. Sorry the .txt extension was a typo. My anti virus is avast 4.7 pro. Uhoh! heres my hosts file # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 www.symantec.com 127.0.0.1 securityresponse.symantec.com 127.0.0.1 symantec.com 127.0.0.1 www.sophos.com 127.0.0.1 sophos.com 127.0.0.1 www.mcafee.com 127.0.0.1 mcafee.com 127.0.0.1 liveupdate.symantecliveupdate.com 127.0.0.1 www.viruslist.com 127.0.0.1 viruslist.com 127.0.0.1 viruslist.com 127.0.0.1 f-secure.com 127.0.0.1 www.f-secure.com 127.0.0.1 kaspersky.com 127.0.0.1 kaspersky-labs.com 127.0.0.1 www.avp.com 127.0.0.1 www.kaspersky.com 127.0.0.1 avp.com 127.0.0.1 www.networkassociates.com 127.0.0.1 networkassociates.com 127.0.0.1 www.ca.com 127.0.0.1 ca.com 127.0.0.1 mast.mcafee.com 127.0.0.1 my-etrust.com 127.0.0.1 www.my-etrust.com 127.0.0.1 download.mcafee.com 127.0.0.1 dispatch.mcafee.com 127.0.0.1 secure.nai.com 127.0.0.1 nai.com 127.0.0.1 www.nai.com 127.0.0.1 update.symantec.com 127.0.0.1 updates.symantec.com 127.0.0.1 us.mcafee.com 127.0.0.1 liveupdate.symantec.com 127.0.0.1 customer.symantec.com 127.0.0.1 rads.mcafee.com 127.0.0.1 trendmicro.com 127.0.0.1 pandasoftware.com 127.0.0.1 www.pandasoftware.com 127.0.0.1 www.trendmicro.com 127.0.0.1 www.grisoft.com 127.0.0.1 www.microsoft.com 127.0.0.1 microsoft.com 127.0.0.1 www.virustotal.com 127.0.0.1 virustotal.com I know I didn't put that there (this is from my ut2k4 game server) Oh my main system anti virus is avast my server sadly only has avg free. Help what do I do to fix this? Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 13, 2007 Share Posted January 13, 2007 Your totally fucked. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 13, 2007 Share Posted January 13, 2007 lol, your box is hosed, you need to do a clean install of windows to properly fix it. Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted January 13, 2007 Author Share Posted January 13, 2007 Had a bad felling u were going to say that. Well, worst senerio, what will happen if I leave it. This is on a lan with my main pc. Also found this Response Number 1 Name: Tufenuf Date: May 08, 2004 at 04:54:51 Pacific Subject: System32 hosts folder Reply: baza999, The hosts (no extension) file located in your C:WINNTSystem32driversetc folder for Windows XP comes as shown below between the lines. ____________________________________________ Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ____________________________________________ If you have downloaded some type of Spyware Removal Program it may have added those porn links so that you can't access them as a safety precaution or did you download another hosts file for protection against porn sites which are responsible for most spyware/adware/malware/hijackers entering your system? There are some viruses/trojans that add entries to AV sites/Spyware Removal Programs sites/etc. so that you can't reach any of them to fix the viruses/trojans and what you have to do is go into the hosts (no extension) file open it in Notepad and delete all entries below the 127.0.0.1 localhost. DO NOT delete the 127.0.0.1 localhost. Close Notepad and accept the changes when it asks, then right click the HOSTS (no extension)file, choose Properties and put a checkmark in front of Read only, click Apply/OK. This will prevent anything from altering it or writing to it. HTH, Tufenuf Report Offensive Follow Up For Removal Heres the url i copied this from. http://www.computing.net/windowsxp/wwwboar...rum/104055.html Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 13, 2007 Share Posted January 13, 2007 Had a bad felling u were going to say that.Well, worst senerio, what will happen if I leave it. This is on a lan with my main pc. You don't want to leave it, that would be the most stupid thing any one with an infected computer could do. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 13, 2007 Share Posted January 13, 2007 I'll report your IP to the abuse contact of your ISP if you leave it. Its like allowing someone to deal heroin from your garden shed. It would be the case that a virus has forced your computer to always resolve the domain names of popular anti-crapware sites to your local host, so you can't clean the infection. The only way to clear this type of compromise is to dump the install and start again. Its Saturday, so your going to have to purchase a stack of DVD-R's and cancel your weekend plans. Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted January 13, 2007 Author Share Posted January 13, 2007 I'll report your IP to the abuse contact of your ISP. What abuse??? Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 13, 2007 Share Posted January 13, 2007 What abuse??? Sending spam and been part of a bot net. Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted January 13, 2007 Author Share Posted January 13, 2007 What abuse??? Sending spam and been part of a bot net. What? what am i spaming, what bot net Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 13, 2007 Share Posted January 13, 2007 What? what am i spaming, what bot net The bot net you are probably a part of and is been used to spam as well as DDoS attacks and used as a means of not easily traceable attacks on other computers on the Internet. You need to do a clean install of windows, no 'if's, 'but's or 'no's. Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted January 13, 2007 Author Share Posted January 13, 2007 What? what am i spaming, what bot net The bot net you are probably a part of and is been used to spam as well as DDoS attacks and used as a means of not easily traceable attacks on other computers on the Internet. You need to do a clean install of windows, no 'if's, 'but's or 'no's. Ok, I will clean install, I just wanted to know what would happen if i didnt. You dont need to report anything. Anyway I will run a clean install. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 13, 2007 Share Posted January 13, 2007 abuse@Windstream.net :twisted: Quote Link to comment Share on other sites More sharing options...
hsncorrosion Posted January 13, 2007 Author Share Posted January 13, 2007 abuse@Windstream.net :twisted: why report, im takin care of the problem, in fact why audit? why not just fully wipe and reinstall? Look at this (antivirus on server found somthing) http://freewebtown.com/haroldsflash/hosts.JPG Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.