Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant add new text document to reset hosts


  • Please log in to reply
7 replies to this topic

#1 AndyWWW

AndyWWW

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 26 October 2014 - 05:49 AM

Hello

 

The other day my friend changing the settings on our routers (wifi shared by multiple people in the house) and introduced a second router to enable him to get greater access to the internet. However, since this date I have had a couple of warnings over DNS cache poisoning attacks and same IP address being located on the router (I think ...sorry my IT knowledge is very limited).

 

I read about flushing my DNS cache which I have done but also about resetting my hosts, Ive tried to do this but when I go the system32 and drivers section and then the etc folder to rename the hosts file and create another I cannot create a new text document as I do not have that option when I right click (only new folder)

 

I have tried to look at online solutions but got a little lost

 

When I go into Regedit is shows the following

 

HKEY_CLASES_ROOT/,txt

Default  Reg_SZ txtfile

Content Type   Reg SZ text/plain

Perceived Type  Reg SZ text

 

under persistency handler it shows

 

default Reg SZ (5e94qd80-bf96-11cd-b579-08002b30bfeb)

 

under SHELLNEW

 

Default  Reg SZ and There is nothing under the data column

Item name Reg_Expand_SZ @=%SystemRoot%\system32\notepad.exe,-470

Null file  Reg_SZ and again nothing under the data column

 

Can anyone help please?

 

Thanks

 

A

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:02 PM

Posted 26 October 2014 - 06:05 AM

Hi,

 

It's better not to mess with the registry!

 

Try following the instructions provided by Microsoft on this page Reset Hosts file to default


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 AndyWWW

AndyWWW
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 26 October 2014 - 09:16 AM

Ok thanks for the help I did as per the instructions and managed to add the new hosts text file. In addition to the above I have just had my cursor moving very slowly by itself without me touching it, should I be concerned with what is happening re dns cache poisoning attacks, warnings re 2 ip addresses being on same router, my cursor moving around on its own? I also just checked my remote assistance tick box and it has been checked, when Im sure before it has ben unchecked


Edited by AndyWWW, 26 October 2014 - 09:27 AM.


#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:02 PM

Posted 26 October 2014 - 09:57 AM

Hi,

 

Sometimes the mouse pointer moving like that it's only because the mouse isn't working very well or because it doesn't like the mouse pad you are using. I have seen this happening with my optical mouse, changed the mouse pad and the problem was gone!

 

Where did you get the warnings about the DNS cache poisoning attacks?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#5 AndyWWW

AndyWWW
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 26 October 2014 - 04:38 PM

Hi Sleepydude

 

From my virus protection Eset  followed by pop up stating that the same IP was being detected. Yeh I seemed to update the mouse drivers and the problem doesn't seem as bad now/ But could the DNS cache poisoning attack warning be a result of conflict between the two routers that have been installed in the house? Just a little paranoid as I could have sworn the remote assistance was turned off and then it was turned back on again



#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:02 PM

Posted 26 October 2014 - 05:47 PM

Hi,

 

Eset was my first suspicious but I had to ask :)

 

Check the following article DNS Cache Poisoning Attack from ESET


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 AndyWWW

AndyWWW
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 27 October 2014 - 01:32 PM

Thanks SD - but do you think I shouldn't worry then re the dns cache warnings and the same two ip addresses being on the same router, plus my remote assistance seemingly ticking itself again, plus occasionally my virus protection is switched off on boot up and I have to re-enable it



#8 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:02 PM

Posted 27 October 2014 - 04:40 PM

Hi,
 
The reported IP's started with 192.???? also make sure both routers have different IP addresses to avoid conflicts.
 
If you are not sure that your machine is free of malware it's best to create a new topic in the Am I infected? What do I do? section of the forum.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users