Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Need Some Help..

  • Please log in to reply
2 replies to this topic

#1 Nenn


  • Members
  • 2 posts
  • Local time:06:21 AM

Posted 10 March 2008 - 08:47 PM

Hi there..
Ive had some "changes" on my shell32.dll for sometime now, but ive read that its normal..
But now I have a change in c:\windows\system32\drivers\etc\hosts, and ive read that its a bad thing?

so, I have no idea whatsoever what to do. How do I get it back to normal?
I'm not that great with computers..

I would really appriciate some help :flowers:

Edit: Edited out the hijackthislog :thumbsup: didnt know that its not allowed to post it here

Edited by Nenn, 10 March 2008 - 08:54 PM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,090 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:21 AM

Posted 11 March 2008 - 01:36 PM

Are you using AVG anti-virus?

Reported changes in system files such as kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe are normal for AVG.

There are many valid reasons for those files to show changed, a Windows update, file system check that replaced them if corrupted, and others. As long as AVG doesn't say they are infected it is ok. If it continues to show changed, delete the following file(s) in the C:\ directory and AVG will create a new one(s)...AVG7DB_F.DAT, AVG7QT.DAT

kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe have "changed"

It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected.

To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in the %ALLUSERSPROFILE%\Application Data\avg7\ folder and AVG will rebuild it the next time it is run.

The %ALLUSERSPROFILE% is different for each version of Windows. The following are the typical locations for XP and Win9x

XP - C:\Documents and Settings\All Users\Application Data\avg7
Win9x -C:\Windows\All Users\Application Data\avg7

Another method suggested by DEStucki to remove the MBR changed alert if the above method didn't help...
Go to the System Area Test settings
Select the "Remove MBR" button to remove the MBR from the list of items in the System Area test list
Click on OK so that the list has been up dated
Now go back into the System Area Test settings and push the "Default" button to put the MBR back in the list.

Changed File Alerts

AVG does not change your HOSTS file but it will alert you that the HOSTS file has changed since the last scan. What security programs are you using? Although malware can be responsible for altering the HOSTS file, some security programs like SpySweeper and Spybot S&D have features that can add entries to your HOSTS file and that action may be detected as a change. If you downloaded and used a custom HOSTS file or made edits that too would trigger a change detection. If you did not make any changes or do not have security programs with these features, then you need to investigate what the changes are.

The HOSTS file should not show as changed unless the user is aware of a program needing a change made to it and is aware that it is being altered. Protection softwares and also Malware's will often change this file so they can affect where a computer goes to on the internet.

This is one reason why the user on this system needs to look at the file to make certain that something didn't change it and if so determine if it is a good or bad change...

General system maintenance can change the file even when it isn't apparent by visual inspection. AVG uses a checksum to compare a file before and after and a minor change or correction to the file could have caused it to appear changed.

Re: C:\WINDOWS\system32\drivers\etc\hosts
Host file changed
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Nenn

  • Topic Starter

  • Members
  • 2 posts
  • Local time:06:21 AM

Posted 11 March 2008 - 06:45 PM

I use AVG, and sygate fire wall, and i have some spybot - search and destroy program aswell, and hijackthis, but i have no idea yet how to use it properly :flowers:

also , i checked the hosts file with notepad....
It has alot of odd stuff in it like these for example : localhost bin.errorprotector.com ## added by CiD br.errorsafe.com ## added by CiD br.winantivirus.com ## added by CiD br.winfixer.com ## added by CiD cdn.drivecleaner.com ## added by CiD cdn.errorsafe.com ## added by CiD cdn.winsoftware.com ## added by CiD de.errorsafe.com ## added by CiD de.winantivirus.com ## added by CiD download.cdn.drivecleaner.com ## added by CiD download.cdn.errorsafe.com ## added by CiD download.cdn.winsoftware.com ## added by CiD download.errorsafe.com ## added by CiD download.systemdoctor.com ## added by CiD download.winantispyware.com ## added by CiD download.windrivecleaner.com ## added by CiD download.winfixer.com ## added by CiD drivecleaner.com ## added by CiD dynamique.drivecleaner.com ## added by CiD errorprotector.com ## added by CiD errorsafe.com ## added by CiD es.winantivirus.com ## added by CiD fr.winantivirus.com ## added by CiD fr.winfixer.com ## added by CiD go.drivecleaner.com ## added by CiD go.errorsafe.com ## added by CiD go.winantispyware.com ## added by CiD go.winantivirus.com ## added by CiD hk.winantivirus.com ## added by CiD instlog.errorsafe.com ## added by CiD instlog.winantivirus.com ## added by CiD instlog.winfixer.com ## added by CiD jsp.drivecleaner.com ## added by CiD kb.errorsafe.com ## added by CiD kb.winantivirus.com ## added by CiD nl.errorsafe.com ## added by CiD se.errorsafe.com ## added by CiD secure.drivecleaner.com ## added by CiD secure.errorsafe.com ## added by CiD secure.winantispam.com ## added by CiD secure.winantispy.com ## added by CiD secure.winantivirus.com ## added by CiD support.winantivirus.com ## added by CiD trial.updates.winsoftware.com ## added by CiD ulog.winantivirus.com ## added by CiD utils.errorsafe.com ## added by CiD utils.winantivirus.com ## added by CiD utils.winfixer.com ## added by CiD winantispyware.com ## added by CiD winantivirus.com ## added by CiD winfixer.com ## added by CiD winfixer2006.com ## added by CiD winsoftware.com ## added by CiD www.drivecleaner.com ## added by CiD www.errorprotector.com ## added by CiD www.errorsafe.com ## added by CiD www.systemdoctor.com ## added by CiD www.utils.winfixer.com ## added by CiD www.win-anti-virus-pro.com ## added by CiD www.win-virus-pro.com ## added by CiD www.winantispam.com ## added by CiD www.winantispy.com ## added by CiD www.winantispyware.com ## added by CiD www.winantivirus.com ## added by CiD www.winantiviruspro.com ## added by CiD www.windrivecleaner.com ## added by CiD www.windrivesafe.com ## added by CiD www.winfixer.com ## added by CiD www.winfixer2006.com ## added by CiD www.winsoftware.com ## added by CiD
# Start of entries inserted by Spybot - Search & Destroy www.007guard.com 007guard.com 008i.com www.008k.com 008k.com www.00hq.com 00hq.com 010402.com www.032439.com 032439.com www.1001-search.info 1001-search.info www.100888290cs.com 100888290cs.com www.100sexlinks.com 100sexlinks.com www.10sek.com 10sek.com www.123topsearch.com 123topsearch.com www.132.com 132.com www.136136.net 136136.net www.139mm.com 139mm.com www.163ns.com 163ns.com 171203.com 17-plus.com www.1800searchonline.com 1800searchonline.com www.180searchassistant.com 180searchassistant.com www.180solutions.com 180solutions.com www.181.365soft.info 181.365soft.info www.1987324.com 1987324.com www.1-domains-registrations.com 1-domains-registrations.com www.1-extreme.biz 1-extreme.biz www.1sexparty.com 1sexparty.com www.1stantivirus.com 1stantivirus.com www.1stpagehere.com 1stpagehere.com www.1stsearchportal.com 1stsearchportal.com 2.82211.net www.2006ooo.com www.2007-download.com 2007-download.com www.2020search.com 2020search.com 20x2p.com www.24.365soft.info 24.365soft.info www.24-7pharmacy.info 24-7pharmacy.info www.24-7searching-and-more.com 24-7searching-and-more.com www.24teen.com 24teen.com www.2every.net 2every.net 2ndpower.com www.2search.com 2search.com www.2search.org 2search.org www.2squared.com 2squared.com www.3322.org 3322.org 365soft.info www.36site.com 36site.com 3721.com 39-93.com www.3abetterinternet.com 3abetterinternet.com www.3bay.it 3bay.it www.3ebay.it 3ebay.it www.3xclipsonline.com 3xclipsonline.com www.3xcurves.com 3xcurves.com www.3xfestival.com 3xfestival.com www.3x-festival.com 3x-festival.com www.3x-galls.com 3x-galls.com www.3xmiracle.com 3xmiracle.com www.3xmoviesblog.com 3xmoviesblog.com www.404dns.com 404dns.com www.4199.com 4199.com www.4corn.net 4corn.net www.4ebay.it 4ebay.it 4klm.com www.4mpg.com 4mpg.com www.4repubblica.it 4repubblica.it www.4softget.com 4softget.com www.5iscali.it 5iscali.it www.5repubblica.it 5repubblica.it www.5starvideos.com 5starvideos.com www.5tiscali.it 5tiscali.it www.5zgmu7o20kt5d8yq.com 5zgmu7o20kt5d8yq.com www.680180.net 680180.net www.6iscali.it 6iscali.it www.6njaga.com 6njaga.com www.6sek.com 6sek.com www.6tiscali.it www.zxlinks.com zyban-zocor-levitra.com
# This list is Copyright 2000-2008 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy

and it goes on ... HUGE list... so could someone tell me step by step instructions how to get my pc back to normal?
The men around here dont know anything about pcs and are no use! :thumbsup:

Edited by Nenn, 11 March 2008 - 06:47 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users