[Infected - SettingsModifier:Win32/HostsFileHijack]

Maurice,

Thank you for your time and help. I appreciate you.

 

[Infected - SettingsModifier:Win32/HostsFileHijack]

Here you go.

Fixlog.txt

[Infected - SettingsModifier:Win32/HostsFileHijack]

Had you recently used MSCONFIG to turn off some services ? Yes. I tried to stop Comodo from starting up with my computer. I have since removed Comodo.

Have you used MSCONFIG to turn off some services of Malwarebytes program ? No. Never.

Quote

Have you recently downloaded and used RogueKiller on your own ? 

Yes. My friend suggested it to try to remove HostsFileHijack. The scan found nothing. I can remove it.

I ask that because I see its service is listed as running & that is un-expected. We will attempt to have it not auto-started as part of the task below.

[Infected - SettingsModifier:Win32/HostsFileHijack]

Here you are.

Addition.txt FRST.txt

[Infected - SettingsModifier:Win32/HostsFileHijack]

Is Vivaldi a good browser?

[Infected - SettingsModifier:Win32/HostsFileHijack]

The snapshot above does show the threat. The highjack.

Spybot Anti-Beacon v.1.5 has been on my computer since 6/7/2016. lol. I will uninstall it.

Comodo was uninstalled last week.

Webroot SecureAnywhere was uninstalled over a month ago. I don't know why t shows those.

.NET Framework 4.8 or a later update is already installed on this computer.

WinRAR - Updated

Skype - Removed

Adobe AIR - Removed

swMSM - How do I find it so I can remove it? I don't see it in Programs and Features.

Opera - Updated

JDownloader 2 - Safe

FLV Player - Removed. I no longer use it

Java 8 - Removed

GIMP - Updated

[Infected - SettingsModifier:Win32/HostsFileHijack]

I'm not sure I did this right. I've never touched the host file. Questions A and B. No. I noticed this virus popped up when Malwarebytes updated to a new version and NordVPN updated to a new version.

[Infected - SettingsModifier:Win32/HostsFileHijack]

I took screenshots C:\Windows\System32\drivers\etc. They are dated. Malwarebytes blocks the site for SecurityCheck.

Part one completed. Part two next.

hosts.zip SecurityCheck.txt

[Infected - SettingsModifier:Win32/HostsFileHijack]

I updated windows and now windows defender says the virus is back. GRRRRRRRRRRR.

[Infected - SettingsModifier:Win32/HostsFileHijack]

Thank you. I noticed Windows Defender didn't flag it when it restarted.

[Infected - SettingsModifier:Win32/HostsFileHijack]

That was fast. Here you go.

Fixlog.txt

[Infected - SettingsModifier:Win32/HostsFileHijack]

Does the attached FILELIST.txt go on my desktop or in a folder? I saved it to my desktop

[Infected - SettingsModifier:Win32/HostsFileHijack]

Before I do the above. My PC is running windows version 1909. I've been trying all week for windows update to offer me new updates. Finally, it is offering me version 20H2. Will updating to 20H2 fix my issue or do I need to fix the host file first?

[Infected - SettingsModifier:Win32/HostsFileHijack]

Tis is the file infected. C:\Windows\System32\drivers\etc\hosts

[Infected - SettingsModifier:Win32/HostsFileHijack]

On 2/13/2021 at 7:58 AM, Maurice Naggar said:

What I had provided before were commands to be used in a Command prompt.   and please be sure you are not taking them out of the order I had tem.

What is missing was the quote marks in this line   ( you gotta copy the entire line exactly as / the whole lot  )

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

I did it right this time. What info do you need? Can I put it in text doc? Or put it here?

Command Prompt.txt Command Prompt.txt

[Infected - SettingsModifier:Win32/HostsFileHijack]

2 hours ago, Maurice Naggar said:

Hello.  Be aware that by installing Comodo Internet Security it became the resident antivirus program.  and therefore, Microsoft Defender becomes  disabled.

I am a bit curious as to the contents of the Hosts file.

I understand that. So what do I do now? what about this?

Microsoft Windows [Version 10.0.18363.1316]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>%ProgramFiles%\Windows Defender\MpCmdRun.exe
'C:\Program' is not recognized as an internal or external command,
operable program or batch file.

C:\WINDOWS\system32>"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate

C:\WINDOWS\system32>

[Infected - SettingsModifier:Win32/HostsFileHijack]

"The last time that Windows Defender flagged the Hosts file was Feb 1" Once I installed Comodo Internet Security Premium, Windows Defender no longer flagged it. I did a scan with Comodo and it found nothing.

I did not see it update definitions for Microsoft Defender antivirus. What did I do wrong? Do I just move to the next step?

Microsoft Windows [Version 10.0.18363.1316]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>%ProgramFiles%\Windows Defender\MpCmdRun.exe
'C:\Program' is not recognized as an internal or external command,
operable program or batch file.

C:\WINDOWS\system32>"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate

C:\WINDOWS\system32>

[Infected - SettingsModifier:Win32/HostsFileHijack]

Windows Defender found this. I noticed it happen after MB updated. I installed Comodo after Defender found Highjacker. I ran the virus scan and found nothing.

Thanks

MBScan.txt Addition.txt FRST.txt