Image

VIRUS ALERT

Anything that doesn't fit in another category.
User avatar
wiseguy
Site Admin
Posts: 1906
Joined: Wed Aug 18, 2004 5:05 pm
Location: WV

Post by wiseguy »

The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.

You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.


mnementh
Posts: 674
Joined: Tue Apr 28, 2009 5:41 am
Location: Dundee, Scotland

Post by mnementh »

wiseguy wrote:The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.

You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.
Nice tip.

Haven't tried that one, yet.

EDIT;
just had a look and I believe you mean delete everything below "for example" that is NOT preceded by a # symbol.

Yes?

Sandy
User avatar
wiseguy
Site Admin
Posts: 1906
Joined: Wed Aug 18, 2004 5:05 pm
Location: WV

Post by wiseguy »

mnementh wrote:
wiseguy wrote:The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.

You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.
Nice tip.

Haven't tried that one, yet.

EDIT;
just had a look and I believe you mean delete everything below "for example" that is NOT preceded by a # symbol.

Yes?

Sandy
It really doesn't matter. You could delete everything in it with no ill effects. For the typical user it is probably best to just set the hosts file to read only.
Bigdog
Posts: 2937
Joined: Wed Jan 31, 2007 2:15 am

Post by Bigdog »

Now my clock is on military time... :roll: :lol: :cry:
Kevinper
Posts: 2
Joined: Mon Apr 26, 2010 4:16 pm

Post by Kevinper »

I have found Malwarebytes to be the best for this kind of stuff personally. You can usually download it in safe mode with networking at the very least.

When no programs will run, go to My Computer and right click - then click on Explore. Go to Tools - Folder Options. Click on File Types.

Go to New and click advanced. For File extention, enter EXE. For Associated File Type click on Application from the drop down list. Press OK. If it asks if you want to change, say yes.

What some of these Trojans do is change the EXE extention to open with something else or nothing. That's why you will get the "Open with" pop up.

Then run Malwarebytes with a full scan. It should be gone and your computer back to normal. BTW, A restore point did not work for me when I got it.
Bigdog
Posts: 2937
Joined: Wed Jan 31, 2007 2:15 am

Post by Bigdog »

wiseguy wrote:The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.

You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.
OK slllooooowwww dddooowwwnnnn computer nerd ahead. :shock: :lol: :roll:

How do you open it in Notebook?

Where is the host files thingy? :?
mnementh
Posts: 674
Joined: Tue Apr 28, 2009 5:41 am
Location: Dundee, Scotland

Post by mnementh »

Bigdog wrote:
wiseguy wrote:The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.

You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.
OK slllooooowwww dddooowwwnnnn computer nerd ahead. :shock: :lol: :roll:

How do you open it in Notebook?

Where is the host files thingy? :?
As Wiseguy posted, the HOSTS file is here;

C:\Windows\System32\drivers\etc\

Use My Computer or Windows Explorer to go to that folder and you will see the Hosts file.

It doesn't have an extension, so when you Right click it and select OPEN your PC should ask what program you want to use.

A dialogue box will open with a list of programs on your PC.

Scroll down the list and select Notepad.

Do NOT tick the box for "Always use the selected program".

When Notepad opens the file, carry out Wiseguys' instructions.

Sandy
Bigdog
Posts: 2937
Joined: Wed Jan 31, 2007 2:15 am

Post by Bigdog »

Right click does give me some options but not what program do you want to use to open. :cry:
User avatar
wiseguy
Site Admin
Posts: 1906
Joined: Wed Aug 18, 2004 5:05 pm
Location: WV

Post by wiseguy »

Forget the right click. just double click the HOSTS file and when it asks what you want to open it with select Notepad.
Bigdog
Posts: 2937
Joined: Wed Jan 31, 2007 2:15 am

Post by Bigdog »

I found something that's called hostnames, but it doesn't look like a folder, just a box with a blue outline. Is that the host thing you mean?
Bigdog
Posts: 2937
Joined: Wed Jan 31, 2007 2:15 am

Post by Bigdog »

I tried opening that thing and the black DOS screen momentarily comes up and disappears. :roll:
User avatar
wiseguy
Site Admin
Posts: 1906
Joined: Wed Aug 18, 2004 5:05 pm
Location: WV

Post by wiseguy »

The file will have no extension and will be named hosts exactly.

Follow these step by step.

1. Browse to Start -> All Programs -> Accessories
2. Right click "Notepad" and select "Run as administrator"
3. Click "Continue" on the UAC prompt
4. Click File -> Open
5. Browse to "C:\Windows\System32\Drivers\etc" (the hosts file is inside the etc folder)
6. Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7. Select "hosts" and click "Open"
8. Make the needed changes and close Notepad. Save when prompted.
mnementh
Posts: 674
Joined: Tue Apr 28, 2009 5:41 am
Location: Dundee, Scotland

Post by mnementh »

C'mon Wiseguy!

Computer nerds rool?????

Sandy
Bigdog
Posts: 2937
Joined: Wed Jan 31, 2007 2:15 am

Post by Bigdog »

wiseguy wrote:The file will have no extension and will be named hosts exactly.

Follow these step by step.

1. Browse to Start -> All Programs -> Accessories
2. Right click "Notepad" and select "Run as administrator"
3. Click "Continue" on the UAC prompt
4. Click File -> Open
5. Browse to "C:\Windows\System32\Drivers\etc" (the hosts file is inside the etc folder)
6. Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7. Select "hosts" and click "Open"
8. Make the needed changes and close Notepad. Save when prompted.
OK I have a couple issues. :roll:

I'm not sure I can run as administrator. I'm not sure if I'm running it as me or the administrator.

What's UAC mean? :roll:

I didn't see a drives file or folder. And nothing that says etc folder. :?

I'm in XP does that matter?
User avatar
wiseguy
Site Admin
Posts: 1906
Joined: Wed Aug 18, 2004 5:05 pm
Location: WV

Post by wiseguy »

I was thinking you were running Vista. Then do this.

1. Open Notepad

2. Click on File and then on Open

3. Click the My Computer button

4. Double Click the Local Disk (C;)

5. Double Click the WINDOWS folder

6. Double Click the system32 folder

7. Double Click the drivers folder

8. Double Click the etc folder

9. Double Click the the hosts file

10. Now delete everything below # For example:

11. Click on File and then on Save

12. Close Notepad
Post Reply