Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Host File


  • Please log in to reply
7 replies to this topic

#1 Fluxpheria

Fluxpheria

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 28 May 2016 - 04:41 PM

My malwarebyte's daily scan found out that I have a infected file. It called hosts and says it is a Trojan.Agent.



BC AdBot (Login to Remove)

 


#2 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 28 May 2016 - 05:12 PM

Could you post the content of the hosts file so the malware-squad can inspect it?
 
The location is C:\Windows\System32\drivers\etc assuming your OS is installed on the C-drive, right click the hosts file and open with notepad. Please copy/paste the content in your next reply.

 

Greets!  :wink:



#3 Fluxpheria

Fluxpheria
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 28 May 2016 - 05:14 PM

The location of my host file isn't in System32/drivers/etc, it is just in the Windows folder. Here is the content


# Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2015 Safer-Networking Ltd.
# End of entries inserted by Spybot - Search & Destroy

# Start of entries inserted by Spybot Anti-Beacon for Windows 10
0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com
0.0.0.0    feedback.search.microsoft.com
0.0.0.0    feedback.windows.com
0.0.0.0    corp.sts.microsoft.com
0.0.0.0    diagnostics.support.microsoft.com
0.0.0.0    i1.services.social.microsoft.com
0.0.0.0    i1.services.social.microsoft.com.nsatc.net
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
# End of entries inserted by Spybot Anti-Beacon for Windows 10

 



#4 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 28 May 2016 - 05:42 PM

I see no problems with the content of your hosts file, the added entries are for blocking Windows 10 "telemetry/spying"!  B)

 

Other members (who have Windows 10 running) may advise you about the location of your hosts file because I think it should be in C:\Windows\System32\drivers\etc... even M$ says it should be...

 

Greets!



#5 Fluxpheria

Fluxpheria
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 28 May 2016 - 06:10 PM

I have two hosts files. There is one in just the C:\\Windows and another one in C:\\Windows\System32\drivers\etc. It is kind of weird. Malwarebytes is saying the one in the Windows folder is infected.f51e820703.png



#6 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 28 May 2016 - 06:31 PM

You can manually delete the one in C:\Windows or let MBAM remove it...  :wink:

It was probably flagged just because of the location!

 

Does the hosts file in C:\Windows\System32\drivers\etc has the same content?

 

Greets!


Edited by GNULINUX, 28 May 2016 - 06:48 PM.


#7 Fluxpheria

Fluxpheria
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 28 May 2016 - 08:13 PM

There are some lines that are not in the host file in C:\Windows\System32\drivers\etc. Should I copy and paste the lines from one to another?



#8 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 29 May 2016 - 04:55 AM

Yes, that way the blocking of telemetry/spying intended by Spybot Anti-Beacon stays in place!

 

Greets!  :wink:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users