Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hosts file hidden and read only


  • Please log in to reply
3 replies to this topic

#1 alive247

alive247

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 20 March 2011 - 09:14 AM

This last week I noticed one customer get hit with a new variation of security tools and within 2 days had a "Microsoft" representative ring up to 'fix' their computer. Wondering is this a coincidence or are they now working in conjunction in a new highly sophisticated way?

Anyway this new vartion, forget what it was called soz, its only appeared real recent, anyway the hosts file on the machine is hidden and read only. The funny thing is it is really hidden rootkit style, even when I've set show system files I know cause when I went to create a new hostsfile it remained hidden and could not overwrite it (used admin privillage) only on one occasion did i see it, I read it ( had all the ms default txt so wasnt compromised that i could see) and then deleted it. that was after installing spybot which made backups ( i assume) I removed the .backup extension from one of the backups, (there were 2) and that file went hidden too. Anyway, hoping if anyone comes across this same issue and maybe we can help suss whats going on.

Edited by jgweed, 20 March 2011 - 10:14 AM.
Post moved to more appropriate forum.jgw


BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:11:50 AM

Posted 20 March 2011 - 10:20 AM

Can you elaborate on the event you mentioned in the first paragraph?

Edited by jgweed, 20 March 2011 - 10:23 AM.

Whereof one cannot speak, thereof one should be silent.

#3 alive247

alive247
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 20 March 2011 - 06:20 PM

Not much else to say apart from it seemed suspicious that within a couple of days of her getting the scamware she had the phone scammers targeting her too. It could be just coincidence as due to the demographics of this area being elderly the phone scammers are targeting it full on. Apparently they are doing unsolicited surveys a week or so before hand. Anyway, they got her to go to some website and dl stuff, the usual method, before she wised on to them and pulled out of the convo. Im hoping and thinking it was just coincidence that the phone scammer rang when they did, but thought best to mention it in case others start observing similar patterns.

#4 alive247

alive247
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 09 May 2011 - 04:11 AM

Just had another Client have Mr Microsoft Indian ring up a week after having experienced Security Tools 2011 on her machine - another coincidence or not, any other field techs observing similar.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users