Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Leftover malware domains in the HOSTS file


  • Please log in to reply
6 replies to this topic

#1 inkoalawetrust

inkoalawetrust

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:10:33 AM

Posted 21 August 2016 - 08:21 PM

So whenever i use Rkill it detects a bunch of malware domains on the HOSTS file after sometime that are (probably) leftovers from the last time my computer got infected but i also get sometime while visit new websites that CloudFlare is establishing a secure connetction or something (i dont remember because it happened long ago and i didnt pay attention to it because it got me to the site i wanted to go to with no problems but i lost my trust in things of such nature from cloudflare since last time.

The whole file ( i cant post attachments here )

 
Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/22/2016 04:09:22 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
  0.0.0.0 cdn.llogetfastcach.us
  0.0.0.0 cdn.montiera.com
 
  20 out of 35 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 08/22/2016 04:11:53 AM
Execution time: 0 hours(s), 2 minute(s), and 31 seconds(s)
 

Twitter

Discord:inkoalawetrust#9783

Website


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:33 AM

Posted 21 August 2016 - 08:37 PM

Reset the Hosts file back to the default?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 inkoalawetrust

inkoalawetrust
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:10:33 AM

Posted 21 August 2016 - 08:45 PM

Yea but what i will happen if i mess the process up (which i will) and even if i succed what will happen after that ? (there cant just be a windows file with no purpose}


Twitter

Discord:inkoalawetrust#9783

Website


#4 Platypus

Platypus

  • Moderator
  • 14,206 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:05:33 PM

Posted 21 August 2016 - 08:45 PM

A 0.0.0.0. prefix in the HOSTS file blocks that address, see for example the explanation given for the MVPS HOSTS File:

http://winhelp2002.mvps.org/hosts.htm

"The 0.0.0.0 (prefix) is considered the location of your computer, so when an entry listed in the (MVPS) HOSTS file is requested on a page you are viewing, your computer thinks 0.0.0.0 is the location of the file. When this file is not located it skips onto the next file and thus the ad server is blocked from loading the banner, Cookie, or some unscrupulous ActiveX, or javascript file."


Edited by Platypus, 21 August 2016 - 08:46 PM.

Top 5 things that never get done:

1.


#5 inkoalawetrust

inkoalawetrust
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:10:33 AM

Posted 21 August 2016 - 08:52 PM

Oh i see.


Twitter

Discord:inkoalawetrust#9783

Website


#6 Platypus

Platypus

  • Moderator
  • 14,206 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:05:33 PM

Posted 21 August 2016 - 09:38 PM

I like that! Just as long as you know it's normal to have a list of malware sites in the HOSTS file with 0.0.0.0. in front of them. It stops your computer from going to those known problem sites.


Top 5 things that never get done:

1.


#7 inkoalawetrust

inkoalawetrust
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:10:33 AM

Posted 22 August 2016 - 05:41 AM

Ok


Twitter

Discord:inkoalawetrust#9783

Website





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users