HpHosts-Setup-Win32.exe on hosts-file.net appears to contain a very nasty malware. I went there from the BC HOSTS tutorial and installed it on two computers.
On my HP, I also disabled DNS using that program.
On my HP, MBAM quarantined the resulting HOSTS file and there were two Hijack.hosts entries in quarantine - one was not restorable. I downloaded and added the HOSTS file from the "hosts.zip" file (from the same site) and it did not get quarantined, so it appears this has to do with just the app.
On my Toshiba, I got a very nasty malware, possibly Symmi. It does several wonderful things. I have not yet figured out how to rid myself of it, and have sent a message to Malwarebytes asking for help.
It turns off the Internet, removes MBAM (paid) from startup, prevents opening MBAM, SAS free and avast! free (from the start menu, systray and desktop), disables right-click of those programs, causes Windows Explorer to hang if you right-click in it or the desktop, disables run as admin, removes MBAM from the start menu, prevents MB Chameleon from working and, if I actually get MBAM to open, MBAM's scan cannot get past "updating" because there is no Internet access. It does NOT stop access to WinPatrol. I even ran EEK from WinPE (flashdisk boot) and it only found one Symmi infection, but the system is still infected.
I just noticed that it also changed msconfig to selective startup.
This occurred at the same time as a renewal of avast with a trial of their IS.
I have reported this to Malwarebytes, since the program's author is supposedly their employee and the site says it's powered by Malwarebytes.
If anyone has a suggestion for a powerful commandline scanner that works in Windows PE (on a flashdisk), I'm all ears since EEK failed. I tried running several stand-alone programs (JRT, ART, Minitoolbox, ZHP, AwdCleaner, Security Check, and adsfix), but couldn't get them to work, either. Zemana requires Internet access, so I didn't try it.
For malware hunters - enjoy.
Edit: This is the log. It happened again today.
Edited by RevGAM, 13 September 2016 - 08:38 AM.