8 ответов в этой теме

[schismtracer]

My first scan picked up tool.killproc.3 in Process.exe and gave me the "host file has been changed" bit, so I allowed the program to replace it. Consecutive scans did *not* pick up tool.killproc.3 (or anything else), but continued to report changes to the host file. Is this a sign that there is still an infection or just something that Windows does?

[SergM]

Open host file in the Notepad and copy its contents here.

[schismtracer]

Open host file in the Notepad and copy its contents here.

.../System32/etc/hosts, right?

Прикрепленные файлы:

•  hostsfilecopy.txt   409,6К   189 Скачано раз

[PAUK]

.../System32/etc/hosts, right?

C:\WINDOWS\system32\drivers\etc\hosts
and hosts file should look like this sample:

Win 7:
# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
remove all unnecessary
Oops!
Many entries inserted by Spybot - Search & Destroy
you have a Spybot - Search & Destroy? this is his record (probably).

[SergM]

.../System32/etc/hosts, right?

Mama mia! Execute advice for the message #4

[schismtracer]

Sorry about that. The C:\WINDOWS\system32\drivers\etc\hosts file is identical to the one I posted earlier. Also, I do have Spybot (it's an anti-spyware program) installed on my machine, and, assuming I'm understanding this link correctly, the added entries are legit (it's how the program guards against dialers or attack sites or something).

Nothing else seems amiss?

[PAUK]

I'm understanding this link correctly

Yes.

the added entries are legit

Likely yes. Then all in norm

[schismtracer]

Likely yes. Then all in norm

Excellent. Thanks for the help, everybody.

[drumut]

Security applications have host file protection. Using more than one security software which engaged with host file would cause conflicts. Disable all host file protections except one that could be spybot search and destroy or dr.web.