Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hosts Change


  • Please log in to reply
5 replies to this topic

#1 Shane Corcoran

Shane Corcoran

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 05 June 2008 - 01:12 PM

Hi. First time poster. My AVG Free tells me that, among other viruses (which it heals), that I have a virus. Under the File Heading it says "hosts", under the Result/Infection heading it says "change" and other under the Path heading it says "c:\windows\system32\drivers\etc\hosts". At the end of the scan it pretty much ignores the virus but clears any others. Should I worry?

Thanks,




P.S. Apologies for posting this same post in the Introduce Yourself forum. Like I said, first time poster.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:04 AM

Posted 05 June 2008 - 01:40 PM

Welcome to Bleepingcomputer

If you navigate to the hosts file you can use wordpad to look at it

Mine is immunized by spybot search and destroy

127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info


the entries are all bad and are directed to the local ip address which serves as a dead end for them

An infection can reverse these and direct me to bad sites not protect me from them

You might want to run a scan/fix with MBAM as a second opinion on what has actually happened

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

We have been seeing a lot of problems with AVG free recently

Edited by DaChew, 05 June 2008 - 01:41 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 Shane Corcoran

Shane Corcoran
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 06 June 2008 - 12:37 PM

Thanks Chewy. MBAM showed no infections. I'll try Spybot Search and Destroy next and revert

#4 Shane Corcoran

Shane Corcoran
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 06 June 2008 - 01:03 PM

Spybot Search & Destroy showed no infections. Any other suggestions?

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:04 AM

Posted 06 June 2008 - 01:24 PM

did you immunize with spybot?

that's what changes the hosts file and give you protection from bad web sites

avg is getting to be a pain if this is a false positive?
Chewy

No. Try not. Do... or do not. There is no try.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,059 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:04 AM

Posted 06 June 2008 - 10:15 PM

AVG does not change your HOSTS file but it will alert you that it has changed since the last scan. Although malware can be responsible for altering the HOSTS file in an attempt to redirect your browser, it does not do so without infecting other areas of your system. There are several legitimate security programs like SpySweeper and Spybot S&D which can add numerous entries to the HOSTS file and that action may be detected as a change. If you downloaded and used a custom HOSTS file or made edits that too would trigger a change detection. If you did not make any changes or do not have security programs with these features, then you need to investigate what the changes are.

The HOSTS file should not show as changed unless the user is aware of a program needing a change made to it and is aware that it is being altered. Protection softwares and also Malware's will often change this file so they can affect where a computer goes to on the internet.

This is one reason why the user on this system needs to look at the file to make certain that something didn't change it and if so determine if it is a good or bad change...

General system maintenance can change the file even when it isn't apparent by visual inspection. AVG uses a checksum to compare a file before and after and a minor change or correction to the file could have caused it to appear changed.

AVG Forum: C:\WINDOWS\system32\drivers\etc\hosts
AVG Forum: Host file changed
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users