Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MVPS Host File and Rkill Virus removal


  • Please log in to reply
4 replies to this topic

#1 Iced42

Iced42

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 07 March 2015 - 09:11 AM

The other day I was removing some malware I picked up and when scanning with rkill it indicated the following:
------------------------------------------------------------
Checking HOSTS File:
 * HOSTS file entries found:
 
  127.0.0.1 localhost
  ::1 localhost #[IPv6]
  0.0.0.0 fr.a2dfp.net
  0.0.0.0 m.fr.a2dfp.net
  0.0.0.0 mfr.a2dfp.net
  0.0.0.0 ad.a8.net
  0.0.0.0 asy.a8ww.net
  0.0.0.0 static.a-ads.com
  0.0.0.0 atlas.aamedia.ro
  0.0.0.0 abcstats.com
  0.0.0.0 ad4.abradio.cz
  0.0.0.0 a.abv.bg
  0.0.0.0 adserver.abv.bg
  0.0.0.0 adv.abv.bg
  0.0.0.0 bimg.abv.bg
  0.0.0.0 ca.abv.bg
  0.0.0.0 www2.a-counter.kiev.ua
  0.0.0.0 track.acclaimnetwork.com
  0.0.0.0 accuserveadsystem.com
  0.0.0.0 www.accuserveadsystem.com
 
  20 out of 13820 HOSTS entries shown.
  Please review HOSTS file for further entries.
------------------------------------------------------------------------------
 
Does this mean anything? This is the only information I was provided from rkill. I was also in safe mode too when I ran rkill.
 
When I performed the malware removal I ran the following:
 
Adware
JRT
Malwarebytes
 
Then In safe mode I Ran
Rkill
Norton Anti-Virus
 
Then I recovered to a restore point that I had setup. All malware seems to be gone, scans are not picking up anything. Rkill still picks up the host file entries.
 
 
I am running Windows 8.1
 
 
Thank You,
RS

Edited by Queen-Evie, 07 March 2015 - 09:49 AM.
moved from General Security to the appropriate forum for rkill log


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:05 AM

Posted 07 March 2015 - 10:24 AM

That is just part of the hosts that you or someone else installed on that computer using the MSVP host file. Nothing wrong with that.

As it the log says....20 out of 13820 HOSTS entries shown

Complete downloadable MSVP Hosts file....http://winhelp2002.mvps.org/hosts.txt   Updated: February-28-2015

 

Another good program suggested to use for finding and removing adware and malware is the Eset Online Scanner.

Free Virus Scan | Online Virus Scanner from ESET


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:05 AM

Posted 07 March 2015 - 11:46 AM

Rkill will display the first 20 valid entries in the HOSTS file file which sometimes is altered (modified) by malware infection. Modification of this file does not necessarily mean your system is infected since some legitimate security programs and custom HOSTS files can also add numerous entries. Rkill will also check the permissions on the HOSTS file and reset them if the administrator does not have proper permissions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Iced42

Iced42
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 08 March 2015 - 09:19 AM

Rkill will display the first 20 valid entries in the HOSTS file file which sometimes is altered (modified) by malware infection. Modification of this file does not necessarily mean your system is infected since some legitimate security programs and custom HOSTS files can also add numerous entries. Rkill will also check the permissions on the HOSTS file and reset them if the administrator does not have proper permissions.

 

 

Thank you for your quick reply.

 

I didn’t think there was a problem, just needed to make sure.

 

Thanks again



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:05 AM

Posted 08 March 2015 - 09:22 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users