Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hostsfile has malicious websites


  • Please log in to reply
5 replies to this topic

#1 sammyandsam

sammyandsam

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 21 March 2016 - 05:21 PM

I do scans of my computer every so often to see if there is any malware on it.

I did a Rkill scan and I check the log. There are websites added to the host file. I went to them and Chrome blocked them.

I'm not sure if it is malware.

Rkill log: http://pastebin.com/xiHjBiBx


Edited by sammyandsam, 21 March 2016 - 05:21 PM.


BC AdBot (Login to Remove)

 


#2 sammyandsam

sammyandsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 21 March 2016 - 05:33 PM

I did a AdwCleaner scan and it did find something in Chrome.

http://pastebin.com/xkv7Be3A



#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 PM

Posted 21 March 2016 - 06:19 PM

G'day sammyandsam, and Welcome to BC

 

Please copy and paste any logs to your topic


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#4 sammyandsam

sammyandsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 21 March 2016 - 06:24 PM

Ok. Here are the logs:

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/21/2016 06:14:33 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * fcvsc [Missing Service]
 * HdAudAddService [Missing Service]
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 * wfpcapture [Missing Service]
 
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1                   activate.adobe.com
  127.0.0.1                   practivate.adobe.com
  127.0.0.1                   lmlicenses.wip4.adobe.com
  127.0.0.1                   lm.licenses.adobe.com
  127.0.0.1                   na1r.services.adobe.com
  127.0.0.1                   hlrcv.stage.adobe.com
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
 
  20 out of 41 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 03/21/2016 06:15:45 PM
Execution time: 0 hours(s), 1 minute(s), and 11 seconds(s)
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1800 bytes] ##########
# AdwCleaner v5.105 - Logfile created 21/03/2016 at 18:29:59
# Updated 21/03/2016 by Xplode
# Database : 2016-03-21.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Tyler - TYLERDESKTOP
# Running from : G:\Media\Antivirus Programs\adwcleaner_5.105.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.conduit.com/?ctid=CT3298573&SearchSource=48&CUI=UN18910901751085129&UM=2
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1142 bytes] - [14/01/2016 15:57:00]
C:\AdwCleaner\AdwCleaner[S11].txt - [681 bytes] - [12/11/2015 19:20:45]
C:\AdwCleaner\AdwCleaner[S12].txt - [3013 bytes] - [27/11/2015 17:33:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [2899 bytes] - [14/01/2016 15:55:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2972 bytes] ##########


#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 PM

Posted 21 March 2016 - 10:12 PM

Do you get any BSOD's (blue screens of death)....any error messages during normal use of your PC...?

 

 

Re your hosts file.....I have copied a sample hosts file used By microsoft for windows....just to let you see that your hosts file is ok....

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

0.0.0.0 localhost
0.0.0.0 bi.bisrv.com
0.0.0.0 cdn.bisrv.com
0.0.0.0 cdn.bisrv.com/sponsored/baidu/pcfaster
0.0.0.0 global-shared-files-l3.softonic.com
0.0.0.0 www.softonic.com
0.0.0.0 softonic.com
0.0.0.0 www.bestvistadownloads.com
0.0.0.0 image.online-convert.com/convert-to-ico
0.0.0.0 tracking.opencandy.com.s3.amazonaws.comESET
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
::1 localhost

I would run a scan with ESET

 

BE AWARE....the scan will take quite some time.....2 hours plus is not unusual.

 

 

ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


If this program is already installed: Skip the installation and run only the scan!

    Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
    Click the button.

    For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    Click on to download the ESET Smart Installer. Save it to your desktop.
    Double click on the icon on your desktop.

  
    Click the button.
    Accept any security warnings from your browser.
    Check
that the option to REMOVE PUP's is checked    Make sure that the option "Remove found threats" is Checked
    Push the Start button.
    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    When the scan completes, push
    Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply. 


Edited by Condobloke, 21 March 2016 - 10:13 PM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#6 sammyandsam

sammyandsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 22 March 2016 - 08:59 AM

The scan finished and it detected nothing.

I did not have any errors or BSOD.

Sadly, I checked "Unistall this program after close." before I got the log.

I think I am fine.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users