Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer hosts hijacked


  • This topic is locked This topic is locked
2 replies to this topic

#1 yellowskin

yellowskin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 21 May 2017 - 01:26 AM

Hi All,

 

My hosts file was hijacked. This is what I get when I open hosts file with notepad. Any help will be greatly appreciated

 

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost
 
 127.0.0.1       down.baidu2016.com
 127.0.0.1       123.sogou.com
 127.0.0.1       www.czzsyzgm.com
 127.0.0.1       www.czzsyzxl.com
 127.0.0.1       union.baidu2019.com
 127.0.0.1       down.baidu2016.com
 127.0.0.1       123.sogou.com
 127.0.0.1       www.czzsyzgm.com
 127.0.0.1       www.czzsyzxl.com
 127.0.0.1       union.baidu2019.com
 


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:29 AM

Posted 21 May 2017 - 06:27 AM

Hello yellowskin and welcome to Bleeping Computer.

Those entries in your hosts file are perfectly normal.

127.0.0.1 refers to your own computer, therefore if an attempt to connect to eg 123.sogou.com, ( a bad site), the page will not load as it is being redirected back to your PC.

It is likely that these have been added by an anti-malware program.

Is there another reason that you may think you have malware on your computer or are you just questioning the hosts file entries?

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:29 AM

Posted 23 May 2017 - 08:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users