Hijacked web sites

Have the spyweare: associated with rogue ware.  when going to a site in google get taken to one of their addresses uasing the above IP.

Ran spybot but it cannot delete, get the following error:

Unexpected error in fixing problems
(cannot create file)
access is denied
Who is Participating?
younghvConnect With a Mentor Commented:
I will once again state that any effort directed at your HOSTS file is wasted.
THAT symptom can easily be fixed after the repair is done.

The simplest method I know of is to use the instructions and file found here:


ONLY do that after MBAM has repaired the infection.
I would try a scan with Malwarebytes' Anti-Malware, TDSSKiller, Hitman Pro and ComboFix in that order.  If your machine is still infected please reply with any logs created by these programs.
With using above scanners, you will also have to reset the Hosts file otherwise you will still get redirected
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

The symptoms you are describing appear to be some variant of the malware known as "Windows Protection Suite".

Here is a step-by-step set of instructions for removing it:

Please work through them and post back if you have any questions.

@Experts -
You are encouraged to actually read the details of the problem being described and try to give targeted advice.

Random suggestions are never a good idea when trying to solve malware problems.
Access is denied to the host file. Generally, if that happens, malware has altered permissions and adding a list of "bogus" redirects.

Author: To clarify if the host file contains these rogue ip addresses , post a hijackthis log which should note those entries , if

Note : if system Vista or 7 , " run as administrator " for hijackthis .
Simply re-setting your "HOSTS" file will not address the underlying infection.

You have to treat the actual problem - not the symptoms.
ycguy1117Author Commented:
Ran all of the software mentioned, no success:

Combox fix will not run indicates Symantec is on, I have disabled eveerything still indicates scan feature is running.
Tried to run host reset: eror;  Cannot create file.  Will not run.

here is the files with the names and IP address that causes this issue and seemingly canot be deleted? 4-open-davinci.com securitysoftwarepayments.com privatesecuredpayments.com secure.privatesecuredpayments.com getantivirusplusnow.com secure-plus-payments.com www.getantivirusplusnow.com www.secure-plus-payments.com www.getavplusnow.com safebrowsing-cache.google.com urs.microsoft.com www.securesoftwarebill.com secure.paysecuresystem.com paysoftbillsolution.com protected.maxisoftwaremart.com
You should not be running ComboFix - beyond the fact that several anti-malware applications will conflict with it, it is not needed.

Follow the instructions in the link I posted above, but when downloading MBAM, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.
Regarding the host file. Did you make it writable using hostxpert firstly? If so , there is another way which can fix it.

You ran all mentioned scanners ( brettkm's post ) except CF . Did they find anything ?
ycguy1117Author Commented:
I was trying to follow directions posted on the first reply.  I had malware bytes already installed on this machine, it did not detect anything.  That is why I ran spybot, it found it but could not delete due to error on host file.  Do I need to uninstall malwarebytes and try again?
Apart from the redirects(due to host file), is there any fake program popping up on the machine, hampering other functions?

Use these steps for the host file to reset it to defaults:
1-Create a system restore point
2-Download unlocker + Microsoft's hosts fixit
http://ccollomb.free.fr/unlocker/unlocker1.8.8-portable.zip (av may detect it as a threat so disable av temporarly, if so)

3-Show hidden files

4-Run unlocker and browse to
Use unlocker to delete the host file

5-Reboot and run Microsoft's fixit to create new host file

6-Reboot again and check hosts file

ycguy1117Author Commented:
Nope!  just redirects
Ok. Try steps above to reset Hosts file :)
"Do I need to uninstall malwarebytes and try again? "

You do not need to 'uninstall' it, but you do need to download it again using the "renaming/Save As" function I described.

Many variants of malware will recognize the MBAM-setup file when it hits your computer and block its effectiveness.

If you save it to your Windows desktop as "xyz.exe", simply double-left-click on xyz.exe after it is downloaded.

What I am describing for you is very standard for any of us who actually fight malware for a living.

You are attempting to repair something that is very old in malware terms (almost two years) and is very easy to fix if you will follow the instructions at the link I posted.
All Courses

From novice to tech pro — start learning today.