Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Domains?


  • Please log in to reply
5 replies to this topic

#1 shark101a

shark101a

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TEXAS
  • Local time:10:25 AM

Posted 31 January 2010 - 06:59 PM

Hi,
My computer had been acting strangely so I ran Hijack this and I got a message:
"You have an particlarly large amount of hijack domains. It's probably better to delete the file itself then to fix each item..."
Does this mean i have some kind of virus? :thumbsup:

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 31 January 2010 - 11:26 PM

That could be an indication that the HOSTS file has been compromised (modified) or that you have used a custom HOSTS file of have a security program installed which manages that file.

The HOSTS file is a text file that maps an IP address to a name. It has no extension and can be viewed using notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a # sign. In Windows XP, 127.0.0.1 localhost is the universal IP address of all local computers and is the standard hostname given to the address of the loopback network interface which refers to the local computer only.

In Windows Vista and XP, the HOSTS file is located in this default location: C:\Windows\system32\drivers\etc\hosts.Anything that appears in your HOSTS file without an # at the beginning, except from the "127.0.0.1 localhost" line, should be viewed with suspicion. Although malware can be responsible for altering the HOSTS file in an attempt to redirect your browser, it does not do so without infecting other areas of your system.

There are several legitimate security programs like SpySweeper and Spybot S&D which can add numerous entries to the HOSTS file and be detected by other scanning tools. See Spybot S&D: HOSTS file viewer. If you downloaded and used a custom HOSTS file or made edits that too could trigger a warning. If you did not make any changes, use a custom HOSTS file or have a security programs with these features, then you need to investigate further.

To view the folder containing your Hosts file, go to Posted Image > Run..., and in the Open box, type:
%windir%\system32\drivers\etc\
Click Ok.

The easiest way to access and view the contents is by using Notepad.
  • Double-click on the HOSTS file.
  • A message will appear saying Windows can't open the file or Choose the program you want to open this file.
  • Scroll down the list of programs until you see Notepad.
  • Select it and click OK.
To view the Hosts file in Notepad automatically, go to Posted Image > Run..., and in the Open box, type:
notepad %windir%\system32\drivers\etc\hosts
Click Ok.

Note: Since the Hosts file is often used and altered by malware, some security programs (like Spybot S&D) will lock the file's read-only attributes as protection so it cannot be changed without your knowledge unless you disable that feature. As such, you may receive an access is denied message. If using Vista, be aware that the User Account Control UAC blocks access to the HOSTS file since itís a system file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 shark101a

shark101a
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TEXAS
  • Local time:10:25 AM

Posted 07 February 2010 - 05:54 PM

I went and followed the path and opened it with notebook: This is what came out..
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 www.securesoftwarebill.com
64.86.17.32 google.ae
64.86.17.32 google.as
64.86.17.32 google.at
64.86.17.32 google.az
64.86.17.32 google.ba
64.86.17.32 google.be
64.86.17.32 google.bg
64.86.17.32 google.bs
64.86.17.32 google.ca
64.86.17.32 google.cd
64.86.17.32 google.com.gh
64.86.17.32 google.com.hk
64.86.17.32 google.com.jm
64.86.17.32 google.com.mx
64.86.17.32 google.com.my
64.86.17.32 google.com.na
64.86.17.32 google.com.nf
64.86.17.32 google.com.ng
64.86.17.32 google.ch
64.86.17.32 google.com.np
64.86.17.32 google.com.pr
64.86.17.32 google.com.qa
64.86.17.32 google.com.sg
64.86.17.32 google.com.tj
64.86.17.32 google.com.tw
64.86.17.32 google.dj
64.86.17.32 google.de
64.86.17.32 google.dk
64.86.17.32 google.dm
64.86.17.32 google.ee
64.86.17.32 google.fi
64.86.17.32 google.fm
64.86.17.32 google.fr
64.86.17.32 google.ge
64.86.17.32 google.gg
64.86.17.32 google.gm
64.86.17.32 google.gr
64.86.17.32 google.ht
64.86.17.32 google.ie
64.86.17.32 google.im
64.86.17.32 google.in
64.86.17.32 google.it
64.86.17.32 google.ki
64.86.17.32 google.la
64.86.17.32 google.li
64.86.17.32 google.lv
64.86.17.32 google.ma
64.86.17.32 google.ms
64.86.17.32 google.mu
64.86.17.32 google.mw
64.86.17.32 google.nl
64.86.17.32 google.no
64.86.17.32 google.nr
64.86.17.32 google.nu
64.86.17.32 google.pl
64.86.17.32 google.pn
64.86.17.32 google.pt
64.86.17.32 google.ro
64.86.17.32 google.ru
64.86.17.32 google.rw
64.86.17.32 google.sc
64.86.17.32 google.se
64.86.17.32 google.sh
64.86.17.32 google.si
64.86.17.32 google.sm
64.86.17.32 google.sn
64.86.17.32 google.st
64.86.17.32 google.tl
64.86.17.32 google.tm
64.86.17.32 google.tt
64.86.17.32 google.us
64.86.17.32 google.vu
64.86.17.32 google.ws
64.86.17.32 google.co.ck
64.86.17.32 google.co.id
64.86.17.32 google.co.il
64.86.17.32 google.co.in
64.86.17.32 google.co.jp
64.86.17.32 google.co.kr
64.86.17.32 google.co.ls
64.86.17.32 google.co.ma
64.86.17.32 google.co.nz
64.86.17.32 google.co.tz
64.86.17.32 google.co.ug
64.86.17.32 google.co.uk
64.86.17.32 google.co.za
64.86.17.32 google.co.zm
64.86.17.32 google.com
64.86.17.32 google.com.af
64.86.17.32 google.com.ag
64.86.17.32 google.com.ar
64.86.17.32 google.com.au
64.86.17.32 google.com.bn
64.86.17.32 google.com.br
64.86.17.32 google.com.by
64.86.17.32 google.com.bz
64.86.17.32 google.com.cu
64.86.17.32 google.com.ec
64.86.17.32 google.com.fj
64.86.17.32 www.google.ae
64.86.17.32 www.google.as
64.86.17.32 www.google.at
64.86.17.32 www.google.az
64.86.17.32 www.google.ba
64.86.17.32 www.google.be
64.86.17.32 www.google.bg
64.86.17.32 www.google.bs
64.86.17.32 www.google.ca
64.86.17.32 www.google.cd
64.86.17.32 www.google.com.gh
64.86.17.32 www.google.com.hk
64.86.17.32 www.google.com.jm
64.86.17.32 www.google.com.mx
64.86.17.32 www.google.com.my
64.86.17.32 www.google.com.na
64.86.17.32 www.google.com.nf
64.86.17.32 www.google.com.ng
64.86.17.32 www.google.ch
64.86.17.32 www.google.com.np
64.86.17.32 www.google.com.pr
64.86.17.32 www.google.com.qa
64.86.17.32 www.google.com.sg
64.86.17.32 www.google.com.tj
64.86.17.32 www.google.com.tw
64.86.17.32 www.google.dj
64.86.17.32 www.google.de
64.86.17.32 www.google.dk
64.86.17.32 www.google.dm
64.86.17.32 www.google.ee
64.86.17.32 www.google.fi
64.86.17.32 www.google.fm
64.86.17.32 www.google.fr
64.86.17.32 www.google.ge
64.86.17.32 www.google.gg
64.86.17.32 www.google.gm
64.86.17.32 www.google.gr
64.86.17.32 www.google.ht
64.86.17.32 www.google.ie
64.86.17.32 www.google.im
64.86.17.32 www.google.in
64.86.17.32 www.google.it
64.86.17.32 www.google.ki
64.86.17.32 www.google.la
64.86.17.32 www.google.li
64.86.17.32 www.google.lv
64.86.17.32 www.google.ma
64.86.17.32 www.google.ms
64.86.17.32 www.google.mu
64.86.17.32 www.google.mw
64.86.17.32 www.google.nl
64.86.17.32 www.google.no
64.86.17.32 www.google.nr
64.86.17.32 www.google.nu
64.86.17.32 www.google.pl
64.86.17.32 www.google.pn
64.86.17.32 www.google.pt
64.86.17.32 www.google.ro
64.86.17.32 www.google.ru
64.86.17.32 www.google.rw
64.86.17.32 www.google.sc
64.86.17.32 www.google.se
64.86.17.32 www.google.sh
64.86.17.32 www.google.si
64.86.17.32 www.google.sm
64.86.17.32 www.google.sn
64.86.17.32 www.google.st
64.86.17.32 www.google.tl
64.86.17.32 www.google.tm
64.86.17.32 www.google.tt
64.86.17.32 www.google.us
64.86.17.32 www.google.vu
64.86.17.32 www.google.ws
64.86.17.32 www.google.co.ck
64.86.17.32 www.google.co.id
64.86.17.32 www.google.co.il
64.86.17.32 www.google.co.in
64.86.17.32 www.google.co.jp
64.86.17.32 www.google.co.kr
64.86.17.32 www.google.co.ls
64.86.17.32 www.google.co.ma
64.86.17.32 www.google.co.nz
64.86.17.32 www.google.co.tz
64.86.17.32 www.google.co.ug
64.86.17.32 www.google.co.uk
64.86.17.32 www.google.co.za
64.86.17.32 www.google.co.zm
64.86.17.32 www.google.com
64.86.17.32 www.google.com.af
64.86.17.32 www.google.com.ag
64.86.17.32 www.google.com.ar
64.86.17.32 www.google.com.au
64.86.17.32 www.google.com.bn
64.86.17.32 www.google.com.br
64.86.17.32 www.google.com.by
64.86.17.32 www.google.com.bz
64.86.17.32 www.google.com.cu
64.86.17.32 www.google.com.ec
64.86.17.32 www.google.com.fj
64.86.17.32 google.com
64.86.17.32 www.google.com
64.86.17.32 bing.com
64.86.17.32 www.bing.com
64.86.17.32 search.yahoo.com
64.86.17.32 www.search.yahoo.com
64.86.17.32 search.live.com
64.86.17.32 search.msn.com
64.86.17.32 googleads.g.doubleclick.net
64.86.17.32 www.googleads.g.doubleclick.net
64.86.17.32 pubads.g.doubleclick.net
64.86.17.32 www.pubads.g.doubleclick.net
64.86.17.32 partner.googleadservices.com
64.86.17.32 www.partner.googleadservices.com
64.86.17.32 www.partner.googleadservices.com

What now?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 07 February 2010 - 05:58 PM

To restore your HOSTS file to its default, do this:

Please download HostsXpert - Hosts File Manager
  • Create a new folder on your hard drive called HostsXpert (C:\HostsXpert) and extract (unzip) the file there. (click here if you're not sure how to do this. Vista users refer to these instructions.)
  • Open the folder and double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make Read Only".
  • Click the X to exit the program.
-- If the Hosts file does not exist, you will be prompted to create a new one. Just press "Ok".
-- If you were using a custom Hosts file you will need to replace any of those entries yourself.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 shark101a

shark101a
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TEXAS
  • Local time:10:25 AM

Posted 07 February 2010 - 10:30 PM

I downloaded program and ran it from the folder- got an error message:

ERROR: Can not create file C:\WINDOWS\system32\Drivers\ETC\hosts

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:25 AM

Posted 08 February 2010 - 07:51 AM

What OS are you using? What other security programs do you have installed?

There can be several reasons why you may see that particular error message:
  • The file's attributes may be set to "Read Only. Right-click on the HOSTS file and make sure Read Only is not checked.
  • Since the HOSTS file is often used and altered by malware, some security programs (like Spybot S&D, WinPatrol, ZoneAlarm Pro, etc) will lock the file's read-only attributes as protection so it cannot be changed without your knowledge unless you disable that feature.
  • If using Vista, did you right-click on HostsXpert.exe and Run As Administrator?
  • Also with Vista, be aware that it's UAC (User Account Control) blocks access to the HOSTS file since itís a system file. To get around this you may have to turn off UAC - How to Disable UAC the Easy Way on Win 7 or Vista.

Edited by quietman7, 08 February 2010 - 08:02 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users