Posted 05 May 2010 - 02:56 PM
The "My Security Engine" infection took place in a laptop running XP SP2. I was able to complete all steps in the guide except #18, the deletion of the C:\windows\system32\drivers\etc\hosts file. The batch HOSTSperm.bat failed to make HOSTS accessible, as did I when I attempted to use the ATTRIB command manually. I tried it in safe mode w/command prompt, always getting the "access denied" message even after I terminated all the tasks that Task Manager allowed me to kill. I also tried disabling Microsoft Security Essentials and Windows' built-in firewall. The attributes of this file remain as +S +H +R no matter what I do. I am only allowed to EDIT the file (and can see the IP addresses placed there by "My Security Engine"), but needless to say there is no possibility of modifying it. My goal is to restore the laptop to its original state and save myself the trouble of reinstalling windows.
(1) Is there another way to delete HOSTS?
(2) Is my infected HOSTS file dangerous even after successfully completing all previous steps?
(3) Does Microsoft Security Essentials protect my laptop against "My Security Engine"?
Thanks in advance!