Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix deleted hosts-file


  • Please log in to reply
7 replies to this topic

#1 SebastianJu2

SebastianJu2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 24 June 2010 - 04:59 AM

Hello,

I had a virus and I ran combofix because I was told to do so. Now I have to see that combofix deleted my hosts-file. And I think I even had a backup in the folder named hosts.txt but now its gone.

Now all my local website-urls dont work anymore and I have to put them in again.

Why didnt combofix make a backup? I mean it backed up everything but not the hosts-file? Or it could have rename the hosts-file.

I already searched my whole system including hidden directories and systemfiles but didnt find a backup of the hosts-file.

Is there a backup somewhere?

Thanks!
Sebastian

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:10 AM

Posted 24 June 2010 - 12:20 PM

unfortunately you didn't see the Blue text atop this forum .. What is your operating system??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SebastianJu2

SebastianJu2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 24 June 2010 - 01:05 PM

unfortunately you didn't see the Blue text atop this forum .. What is your operating system??


Sorry I missed that part. :thumbsup: Im using Vista Home Premium SP2.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:10 AM

Posted 24 June 2010 - 10:22 PM

Make sure it's gone ... delete the C:\Windows\System32\Drivers\etc\HOSTS file.

Download the following HOSTS file and save it in the C:\Windows\System32\Drivers\etc folder. If the contents of the HOSTS file opens in your browser when you click on a link below then right-click on the appropriate link and select Save Target As..., if in Internet Explorer, or Save Link As.., if in Firefox, to download the file.

Windows Vista HOSTS File Download Link

Your Windows HOSTS file should now be back to the default one from when Windows was first installed.

Now reboot your computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 SebastianJu2

SebastianJu2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 25 June 2010 - 05:15 AM

And then? I mean the hostfile Combofix created is a virgin one. It only contains:

127.0.0.1 localhost

But I miss all my manually entered data. For example the redirects for webdeveloping.

Why is Combofix treating the hosts-file as something that cant be filled with useful things? The hostsfile can be used as a simple kind of DNS so why is it deleted without chance of getting it back?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:10 AM

Posted 25 June 2010 - 10:01 AM

Have you tried a system restore to before this happened?

If things are not good after that. We'll need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Include the ComboFix log..
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Carl Simmons

Carl Simmons

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 01 April 2011 - 02:31 PM

I don't remember the old version deleting my hosts file but this version sure did it.

Can an issue to the devs be created to have someone look at the hosts file deletion and ensure it's creating a backup and mentioning where it is or have it notify the user that their hosts file is xx size or contains xx entries and they should back it up before proceeding because it's going to be wiped.

I vote this to be included in the next combofix release because it's bad practice to wipe a hosts file in this manner.

It'll be painful while I rebuild my hosts file but now I know to include in my backup routines.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:10 AM

Posted 01 April 2011 - 02:49 PM

I don't remember the old version deleting my hosts file but this version sure did it.

Can an issue to the devs be created to have someone look at the hosts file deletion and ensure it's creating a backup and mentioning where it is or have it notify the user that their hosts file is xx size or contains xx entries and they should back it up before proceeding because it's going to be wiped.

I vote this to be included in the next combofix release because it's bad practice to wipe a hosts file in this manner.

It'll be painful while I rebuild my hosts file but now I know to include in my backup routines.

This is one of the reasons why we do not advise running ComboFix on your own.

Please see this thread: http://www.bleepingcomputer.com/forums/topic273628.html

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users