p_l_c
asked on
Host file hijack
I`m sure one of the computer in my network has a issue with its hosts file.
everytime we reboot the host file is replace by this
127.0.0.1 localhost
69.31.85.202 google.com
69.31.85.202 www.google.com
69.31.85.202 google.de
69.31.85.202 www.google.de
69.31.85.202 google.co.in
69.31.85.202 www.google.co.in
69.31.85.202 google.ca
69.31.85.202 www.google.ca
69.31.85.202 google.fr
69.31.85.202 www.google.fr
69.31.85.202 google.it
69.31.85.202 www.google.it
69.31.85.202 google.com.au
69.31.85.202 www.google.com.au
69.31.85.202 google.co.uk
69.31.85.202 www.google.co.uk
69.31.85.202 google.be
69.31.85.202 www.google.be
66.250.130.130 find4u.net
66.250.130.130 www.find4u.net
and some favorite related to sex sites are added.
the workstation also has Zone Alarm witch report SVCHOST wants to connect to the internet (no way.....)
it also has Norton Antivirus Enterprise edition , and yes its update.
ok i`ts a virus / spyware / hijack / or i dont know... , now how do i get it out
everytime we reboot the host file is replace by this
127.0.0.1 localhost
69.31.85.202 google.com
69.31.85.202 www.google.com
69.31.85.202 google.de
69.31.85.202 www.google.de
69.31.85.202 google.co.in
69.31.85.202 www.google.co.in
69.31.85.202 google.ca
69.31.85.202 www.google.ca
69.31.85.202 google.fr
69.31.85.202 www.google.fr
69.31.85.202 google.it
69.31.85.202 www.google.it
69.31.85.202 google.com.au
69.31.85.202 www.google.com.au
69.31.85.202 google.co.uk
69.31.85.202 www.google.co.uk
69.31.85.202 google.be
69.31.85.202 www.google.be
66.250.130.130 find4u.net
66.250.130.130 www.find4u.net
and some favorite related to sex sites are added.
the workstation also has Zone Alarm witch report SVCHOST wants to connect to the internet (no way.....)
it also has Norton Antivirus Enterprise edition , and yes its update.
ok i`ts a virus / spyware / hijack / or i dont know... , now how do i get it out
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There may be something running in your startup - Start/Run/MSConfig <enter> - remove all entries in the startup tab and reboot - does it still occur? One of the online scanners above should clean it for you. . .
Most likely the result of the Trojan.QHosts virus:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
Removal tool available below:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
Removal tool available below:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
ASKER
That was not the Trojan.Qhost : tried and download & scan : found nothing.
Then i tried sirbounty solution first i tried spyware : piece of s.....
anyway then i tried SPYBOT and i was succesful.
btw: i now recommend spybot , was very easy to use...
Then i tried sirbounty solution first i tried spyware : piece of s.....
anyway then i tried SPYBOT and i was succesful.
btw: i now recommend spybot , was very easy to use...
Thanx - I will move spybot to the top of the list. ;-)
p_l_c - if Spybot worked for you, why would you grade this as a "B"?
Sunray