Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hosts File is no long working after a virus cleanup.


  • Please log in to reply
14 replies to this topic

#1 girton1965

girton1965

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 26 July 2010 - 09:49 PM

Just recently repaired a computer from a serious scareware infection. The internet has stopped working though. I double checked that I reenabled all necessary services and made sure that the hosts file did not have any entries that were preventing internet access to common websites.

Also, the only other hint vista has given me is that the hosts service has stopped running.

Would really appreciate help on this. I don't want to have come this far only to be beaten.

Edit: Looking back, I titled this without double checking what I was typing. It was host service not host file. I can see where possible confusion might arise between the topic and my description as it is now.

Edited by girton1965, 27 July 2010 - 12:52 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:19 AM

Posted 26 July 2010 - 10:56 PM

Hello there are 5 solutions for this as there are a few reasons for it. --->> L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 girton1965

girton1965
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 27 July 2010 - 12:46 AM

Thanks for responding boopme,

Method 1 pertains to ATI third party software that his computer does not have.
Method 2 pertains to incompatible drivers recently installed. Internet worked earlier today before he got the virus, stopped after I removed it. No drivers hav ebeen installed. Which brings us to...
Method 3, which pertains to to the BIT Service is an issue that also arises with updates. And as before, no new updates have been installed. On to...
Method 4, where it asks to go to event viewer and look for EMDMgmt errors. There are none, which is expected since no external media has been connected. So last but not least...
Method 5, faulty RAM. MemTest did not show any errors for the memory.

Basically, the above solutions are for everyday random problems that occur outside of virus attacks, and are solutions to an error message popup. The location I retrieved the info merely told me that the hosts service had stopped working today (along with showing me other unresolved service discontinuations he had, like the spooler service which stopped a few months ago.)

If there are any reports or logs you would like me to paste here, or any scripts you would like me to run to help find the source of this issue, I would be glad to do it.

P.S. The primary virus infection was Malware Doctor, he brought along a lot of his friends though.

-Scott


Edit: I also still have the MBAM logs from the full removal and can easily generate a services and startup list, as well as cite the procedure I used to remove it if that will aid you.

Edited by girton1965, 27 July 2010 - 12:48 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:19 AM

Posted 27 July 2010 - 03:04 PM

Hello and welcome... You need to do all the steps as some pertain to your issue..
Please follow our Removal Guide here Remove Cleanup Antivirus
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 girton1965

girton1965
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 27 July 2010 - 06:59 PM

mbam-log...21-15-44 is the scan that helped me delete the files after I disabled thier presence in startup and services through msconfig

21-22-11 is from after the system had been cleaned.

The virus was removed before I started this thread btw. I need help with getting the Hosts service started, and not necessarily in the removal of said virus.

Attached Files


Edited by girton1965, 27 July 2010 - 06:59 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:19 AM

Posted 27 July 2010 - 07:44 PM

Ok although this log shows clean,the Database version: 4052 is old.. It is at 4360 and we may still have malware causing this.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 girton1965

girton1965
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 27 July 2010 - 09:39 PM

Is there a manual way to update the definitions library? I would have updated if the internet (hosts service) was working.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:19 AM

Posted 27 July 2010 - 09:49 PM

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 girton1965

girton1965
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 27 July 2010 - 10:25 PM

Still no virus.

Attached Files



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:19 AM

Posted 27 July 2010 - 10:29 PM

I think we should run SFC

Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista users..The command needs to be run from an elevated Command Prompt.
Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 girton1965

girton1965
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 27 July 2010 - 10:34 PM

You will need your operating system CD handy.


I'll have to grab a msdn disk from work tomorrow, I only have copies of the windows xp msdn around.

See you around 6 cst tomorrow.

Thank you for what you have done so far btw.

#12 henrylol2

henrylol2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 28 July 2010 - 01:32 AM

Just recently repaired a computer from a serious scareware infection. The internet has stopped working though. I double checked that I reenabled all necessary services and made sure that the hosts file did not have any entries that were preventing internet access to common websites.

Also, the only other hint vista has given me is that the hosts service has stopped running.

Would really appreciate help on this. I don't want to have come this far only to be beaten.

Edit: Looking back, I titled this without double checking what I was typing. It was host service not host file. I can see where possible confusion might arise between the topic and my description as it is now.


Microsoft has specialy realsed a host file so your lucky in this case Click here for the link This run by Fix it so simply click on fix it and do the installation process and the host file should be gone back to its normal state :huh:

#13 girton1965

girton1965
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 28 July 2010 - 08:37 PM

....... It was host service not host file. I can see where possible confusion might arise between the topic and my description as it is now.


Microsoft has specialy realsed a host file so your lucky in this case Click here for the link This run by Fix it so simply click on fix it and do the installation process and the host file should be gone back to its normal state :huh:


Good contribution, but all for naught unfortunately.

#14 girton1965

girton1965
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 28 July 2010 - 10:07 PM

I think we should run SFC

Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista users..The command needs to be run from an elevated Command Prompt.
Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.



Worked for about 5 seconds, then pooped out again. Here is a transcription of some of the problem info.

Description: A Windows update did not install properly. Sending the following information to Microsoft can help improve the software.

Problem signiature:
Problem Event Name: WindowsUpdateFailure
Client Version: 7.4.7600.226
Win32HResult: 8024000b
UpdateId: 0BC0E502-52B6-492E-8856-14B84973C615
Scenario: Install
SourceId: 101
Environment: Unmanaged
OS Version: 6.0.6001.2.1.0.256.1
Locale ID: 1033




In other news, when the computer being mentioned is connected to the network, the network dies for the rest of the computers on it until i disconnect it.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:19 AM

Posted 29 July 2010 - 10:26 AM

Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."
OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users