Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Down Load


  • Please log in to reply
13 replies to this topic

#1 Confused X 2

Confused X 2

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 12 April 2008 - 04:41 PM

I got this article http://www.mvps.org/winhelp2002/hosts.htm form another site. Looked good so I downloaded the zip file and all of a sudden my spy sweeper is constantly block connection to bad sites like 2-quest.com, adultliksco.com asecurityissue.com and on and on. I did a system restore to yesterday and it did not help. What have I done and how do I fix it? My Zone Alarm icon is showing constant internet access and the Spy Sweeper warning box is always on showing the adware sites it is blocking. All of this started immediately after down loading the zip file. Any ideas?

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 12 April 2008 - 05:32 PM

form another site



from which site did you get your link ? this is the Hosts text file that is normally OK to put on ones computer to BLOCK ads etc , NOT create them !!!

see on here this thread

http://www.bleepingcomputer.com/forums/ind...=123980&hl=

how many days ago did you get this download onto the computer ?

#3 Potticus

Potticus

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oklahoma
  • Local time:05:29 AM

Posted 12 April 2008 - 05:42 PM

I suggest going to the hijack this log forum and posting one.
No doubt your now infected.
IF YOUR NOT SURE ABOUT A FILE GOOGLE IT!

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 12 April 2008 - 05:52 PM

I suggest going to the hijack this log forum and posting one.
No doubt your now infected.
IF YOUR NOT SURE ABOUT A FILE GOOGLE IT!



I would politely suggest that at this point that is not adviseable as the HJT log section is somewhat swamped

we need to establish from where the appparent bugged Host file was downloaded then
we need to find out from the poster what his windows version is, what scans have been run to see if an infection is on there and proceed from there once the infection is identified by the scans ; if it is appropriate, a Mod will direct for a log to be posted

what is your antivirus program? and do you have either superantispyware and or asquared programs on board?

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:29 AM

Posted 12 April 2008 - 06:55 PM

One of the old lessons I ran accross at antimalware schools was to try and use the posters programs to handle a problem, if that software was any good, I have heard alot about webroot spysweeper

Advanced detection and removal capabilities for stubborn spyware


I would make sure it was updated and use the F8 boot into safe mode and run the ATF cleaner and run a scan with it and save a log.

And after booting into normal mode disconnected from the internet I would run another scan

Edited by DaChew, 12 April 2008 - 06:56 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 Confused X 2

Confused X 2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 12 April 2008 - 06:59 PM

Might be on to something here. ZA anti virus just picked this up "not-a-virus:PSWTool.Win32.AirCrack.c" I scan regularly so this is new and I would say it came with the down load. I quarantined it but still have the problem.

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:29 AM

Posted 12 April 2008 - 07:05 PM

have you ever booted into safe mode?
Chewy

No. Try not. Do... or do not. There is no try.

#8 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 12 April 2008 - 07:12 PM

let me give you this ;;this method is how I get the Hosts text file update

google search for Hosts text file

http://www.google.co.uk/search?hl=en&q...earch&meta=

then go to
third link down


from where did YOU get your download? which site did you got to before you got TO the hosts site?

and what windows version are you on

can you try runnign superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

free exe is http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

and asquared

http://www.emsisoft.com/en/software/free/

free exe is http://download6.emsisoft.com/a2FreeSetup.exe

fully update the definitions, reboot and run each from their desktop shortcuts on a full deep scan; see what they find ?

(ps you have ME concerned now as I do not wish to pick up a bad download from a normally 'safe' for me site!!!!!)

Edited by ruby1, 12 April 2008 - 07:13 PM.


#9 Confused X 2

Confused X 2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 12 April 2008 - 07:16 PM

I got the link here http://sofaware.infopop.cc/eve/forums/a/tp...34/m/8481043664 second to last post.

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:29 AM

Posted 12 April 2008 - 08:10 PM

http://www.mvps.org/winhelp2002/hosts.htm

http://www.siteadvisor.com/sites/mvps.org?...FF&aff_id=0

that's about as safe and good as it gets,

did you follow these directions

Release Notes for the MVPS HOSTS File © All Rights Reserved
http://www.mvps.org/winhelp2002/hosts.htm
http://www.mvps.org/winhelp2002/hosts.zip


[Install Instructions using the included Installer (98/ME/XP)]

You may use the included batch file "mvps.bat" to copy the included HOSTS file to the proper
location on your machine. This batch file will backup the existing HOSTS file prior to copying
the updated version. The backed-up file will be renamed to HOSTS.MVP.

To use: double-click on mvps.bat

Important: Windows Vista requires special instructions:
http://www.mvps.org/winhelp2002/hostsvista.htm

***********************************************

Note: if prompted by one of your Security programs about this file, allow it to run. Also if
you are prompted by a Security program about changes to the HOSTS file = allow them.

***********************************************

[Important Notice - 2K/XP/Vista Users]
In most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs
in W2000 and XP. Windows 98 and Windows ME are not affected.

To resolve this issue (manually) open the "Services Editor"

Start | Run (type) "services.msc" (no quotes)
Scroll down to "DNS Client", Right-click and select: Properties
Click the drop-down arrow for "Startup type"
Select: Manual, click Apply/Ok and restart.

For more details please see:
http://www.mvps.org/winhelp2002/hosts.htm


[Manual Install Instructions]
Always backup the existing file prior to replacing with a newer version.

You can simply copy the included HOSTS file to the proper location.

Windows Vista = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98*DaChew = C:\WINDOWS

Note: the above locations are for the default paths (Windows folder location)

When prompted to overwrite select Yes
For more detailed instructions please review the following:

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

[Removal Instructions]
In the event you do not wish to continue using the MVPS HOSTS file, you can simply delete the
existing HOSTS file and rename HOSTS.MVP to HOSTS (no 3-letter extension)
Note: none of the included files make any changes to the Registry or install any additional
files to the Operating System.

[Copyright Notice]

COPYRIGHT AND TRADEMARK ATTRIBUTIONS © All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
system, or translated into any language in any form or by any means without the written permission.
It is a violation of your software license agreement to distribute or share these files with any
other person or entity without written permission. Further, posting of any of the included files to
publicly available Internet sites is prohibited.

[License Agreement]

The attached files are distributed under the CREATIVE COMMONS PUBLIC LICENSE
http://creativecommons.org/licenses/by-nc-sa/3.0/legalcode

LICENSE AGREEMENT NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE TO USE THE SOFTWARE
THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE LICENSE.TXT OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES
THESE FILES, EITHER AS A TEXT FILE OR AS PART OF THE SOFTWARE PACKAGING. IF YOU DO NOT AGREE TO ALL OF
THE TERMS SET FORTH THEREIN, DO NOT INSTALL THE SOFTWARE.

[Disclaimer]

You are responsible for reading and following all instructions for preparation, configuration, and
installation of the MVPS HOSTS file. The attached files are provided as is, and with no warranty either
expressed or implied as to their suitability for any particular use or purpose.

By installing the MVPS HOSTS file you acknowledge that it is your decision to restrict the functionality and content of the web sites and/or domains including sites and services that may prohibit you from restricting their functionality and content.

If you do not wish to restrict the functionality and content of certain sites, you can selectively edit the MVPS HOSTS file to remove any entries that restrict the functionality and content of those sites.

You agree to accept any and all legal responsibility for the consequences that may result from the restriction of functionality and content of the sites and/or domains covered in the MVPS HOSTS file.

I reserve the right to make changes to any and all parts of the MVPS HOSTS file, at any time, without
any obligation to notify any person or entity of such changes.

[Contact Information]
You can send an email to: winhelp2002@comcast.net

Please provide a detailed explaination of your request. For general questions the majority of these
can be addressed by reviewing the HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm


the entries are all bad sites that can harm your computer, a antimalware program will not like seeing them anywhere but in the hosts file
Chewy

No. Try not. Do... or do not. There is no try.

#11 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 13 April 2008 - 07:24 AM

you need to ensure that you do choose the correct location for YOUR windows version in which to 'install'the Hosts

did occur to me, how did you unzip it? which program did you use do do that?

( for what it is worth)my view is that you have an infection on there that is NOT from the Hosts; were you by any chance doing MSN or e mailing at the time

when you get back we need to know your windows version and what programs have you now run to check for infections?

#12 Confused X 2

Confused X 2
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 13 April 2008 - 01:38 PM

Thanks for all the replies and help. Let's put this on hold for now. Booted up today and guess what? ZA and Spy Sweeper are quiet. Seems to have fixed it's self (if that is possible). Only thing I noticed different is that all my favorites in IE7 are in alphabetical order now. Probably doesn't have anything to do with it. I think I will update all my spy ware programs and my ZA anti virus and run all of them in safe mode just to be sure. Thanks again.

#13 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 13 April 2008 - 03:35 PM

suggest; if you think it IS OK at this point in time? take a System Restore point and give it a good label ; then, if things go a bit tiz waz you can use this point if you need to ?

of interest, now you HAVE Hosts on board...notice any difference when browsing...especally to pages that would normally have ads on 'em? :thumbsup:

#14 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:29 AM

Posted 13 April 2008 - 04:24 PM

of interest, now you HAVE Hosts on board...notice any difference when browsing...especally to pages that would normally have ads on 'em?



using the hosts file totally blocks those web pages listed in it

I have noticed a few web pages failing to load, when that happens, I go, maybe i shouldn't go there

Edited by DaChew, 13 April 2008 - 04:25 PM.

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users