SDGuy73

Maurice, Thank you for your time and help. I appreciate you.

Here you go. Fixlog.txt

Had you recently used MSCONFIG to turn off some services ? Yes. I tried to stop Comodo from starting up with my computer. I have since removed Comodo. Have you used MSCONFIG to turn off some services of Malwarebytes program ? No. Never. Yes. My friend suggested it to try to remove HostsFileHijack. The scan found nothing. I can remove it. I ask that because I see its service is listed as running & that is un-expected. We will attempt to have it not auto-started as part of the task below.

Here you are. Addition.txt FRST.txt

Is Vivaldi a good browser?

The snapshot above does show the threat. The highjack. Spybot Anti-Beacon v.1.5 has been on my computer since 6/7/2016. lol. I will uninstall it. Comodo was uninstalled last week. Webroot SecureAnywhere was uninstalled over a month ago. I don't know why t shows those. .NET Framework 4.8 or a later update is already installed on this computer. WinRAR - Updated Skype - Removed Adobe AIR - Removed swMSM - How do I find it so I can remove it? I don't see it in Programs and Features. Opera - Updated JDownloader 2 - Safe FLV Player - Removed. I no longer use it Java 8 - Removed GIMP - Updated

I'm not sure I did this right. I've never touched the host file. Questions A and B. No. I noticed this virus popped up when Malwarebytes updated to a new version and NordVPN updated to a new version.

I took screenshots C:\Windows\System32\drivers\etc. They are dated. Malwarebytes blocks the site for SecurityCheck. Part one completed. Part two next. hosts.zip SecurityCheck.txt

I updated windows and now windows defender says the virus is back. GRRRRRRRRRRR.

Thank you. I noticed Windows Defender didn't flag it when it restarted.

That was fast. Here you go. Fixlog.txt

Does the attached FILELIST.txt go on my desktop or in a folder? I saved it to my desktop

Before I do the above. My PC is running windows version 1909. I've been trying all week for windows update to offer me new updates. Finally, it is offering me version 20H2. Will updating to 20H2 fix my issue or do I need to fix the host file first?

Tis is the file infected. C:\Windows\System32\drivers\etc\hosts

I did it right this time. What info do you need? Can I put it in text doc? Or put it here? Command Prompt.txt Command Prompt.txt

I understand that. So what do I do now? what about this? Microsoft Windows [Version 10.0.18363.1316] (c) 2019 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>%ProgramFiles%\Windows Defender\MpCmdRun.exe 'C:\Program' is not recognized as an internal or external command, operable program or batch file. C:\WINDOWS\system32>"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate C:\WINDOWS\system32>

"The last time that Windows Defender flagged the Hosts file was Feb 1" Once I installed Comodo Internet Security Premium, Windows Defender no longer flagged it. I did a scan with Comodo and it found nothing. I did not see it update definitions for Microsoft Defender antivirus. What did I do wrong? Do I just move to the next step? Microsoft Windows [Version 10.0.18363.1316] (c) 2019 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>%ProgramFiles%\Windows Defender\MpCmdRun.exe 'C:\Program' is not recognized as an internal or external command, operable program or batch file. C:\WINDOWS\system32>"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate C:\WINDOWS\system32>

Windows Defender found this. I noticed it happen after MB updated. I installed Comodo after Defender found Highjacker. I ran the virus scan and found nothing. Thanks MBScan.txt Addition.txt FRST.txt