Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Security Shield Question


  • Please log in to reply
1 reply to this topic

#1 aninkling

aninkling

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 August 2010 - 10:13 AM

I definitely have/had a My Security Shield infestation. I'm down to step 17 of http://www.bleepingcomputer.com/virus-remo...security-shield. I looked at the current hosts file, which is in the codebox. There don't appear to be any active lines. So where is the problem? Are the comment lines read as functional by the malware?

# Copyright © 1993-1999 Microsoft Corp.## This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to computernames# (NetBIOS) names.  Each entry should be kept on an individual line.# The IP address should be placed in the first column followed by the# corresponding computername. The address and the computername# should be separated by at least one space or tab. The "#" character# is generally used to denote the start of a comment (see the exceptions# below).## This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts# files and offers the following extensions:##      #PRE#      #DOM:<domain>#      #INCLUDE <filename>#      #BEGIN_ALTERNATE#      #END_ALTERNATE#      \0xnn (non-printing character support)## Following any entry in the file with the characters "#PRE" will cause# the entry to be preloaded into the name cache. By default, entries are# not preloaded, but are parsed only after dynamic name resolution fails.## Following an entry with the "#DOM:<domain>" tag will associate the# entry with the domain specified by <domain>. This affects how the# browser and logon services behave in TCP/IP environments. To preload# the host name associated with #DOM entry, it is necessary to also add a# #PRE to the line. The <domain> is always preloaded although it will not# be shown when the name cache is viewed.## Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)# software to seek the specified <filename> and parse it as if it were# local. <filename> is generally a UNC-based name, allowing a# centralized lmhosts file to be maintained on a server.# It is ALWAYS necessary to provide a mapping for the IP address of the# server prior to the #INCLUDE. This mapping must use the #PRE directive.# In addtion the share "public" in the example below must be in the# LanManServer list of "NullSessionShares" in order for client machines to# be able to read the lmhosts file successfully. This key is under# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares# in the registry. Simply add "public" to the list found there.## The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE# statements to be grouped together. Any single successful include# will cause the group to succeed.## Finally, non-printing characters can be embedded in mappings by# first surrounding the NetBIOS name in quotations, then using the# \0xnn notation to specify a hex value for a non-printing character.## The following example illustrates all of these extensions:## 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC# 102.54.94.102    "appname  \0x14"                    #special app server# 102.54.94.123    popular            #PRE             #source server# 102.54.94.117    localsrv           #PRE             #needed for the include## #BEGIN_ALTERNATE# #INCLUDE \\localsrv\public\lmhosts# #INCLUDE \\rhino\public\lmhosts# #END_ALTERNATE## In the above example, the "appname" server contains a special# character in its name, the "popular" and "localsrv" server names are# preloaded, and the "rhino" server name is specified so it can be used# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"# system is unavailable.## Note that the whole file is parsed including comments on each lookup,# so keeping the number of comments to a minimum will improve performance.# Therefore it is not advisable to simply add lmhosts file entries onto the# end of this file.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:11 AM

Posted 10 August 2010 - 11:13 PM

What you posted is LMHOSTS file, not HOSTS file.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users