Jump to content

Search the Community

Showing results for tags 'hosts'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 7 results

  1. Hiyah! I recently decided to add lines to my hosts file in order to block ads due to the fact i cant block ads via steam web browser... My question is if it's safe to do so? Everyone mentioned this guys github and his hosts files: https://github.com/StevenBlack/hosts Now, i added Unified hosts = (adware + malware) one... Should i worry about anything? I basically copy pasted everything what's inside it... Thanks in advance!
  2. What is Oneway? The Malwarebytes research team has determined that Oneway is a hosts file hijacker and part of an adware bundle. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Oneway? You may see these entries in your hosts file: How did Oneway get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Oneway? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Oneway? No, Malwarebytes removes Oneway completely. If you were using a custom hosts file you may want to re-install it. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the Oneway adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt () C:\Users\{username}\Desktop\oneway.exe ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2017-07-10 10:49 - 00001146 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 distribution.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 plugpackdownload.net 127.0.0.1 dscdn.pw 127.0.0.1 beautifllink.xyz Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- In the existing folder C:\Windows\System32\drivers\etc Alters the file hosts = 7/10/2017 10:49 AM, 1146 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tschmna] "state"="REG_SZ", "succed" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tsckmna] "state"="REG_SZ", "succed" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy] Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/10/17 Scan Time: 3:48 PM Log File: mbamOneway.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2333 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337571 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 2 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Adware.Tuto4PC.Generic, C:\USERS\{username}\DESKTOP\ONEWAY.ZIP, Quarantined, [1342], [414802],1.0.2333 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. Hello, I believe my HOSTS file detection to be a false positive, Virus total scans clean no other detections. My HOSTS file was downloaded from http://hosts-file.net/download/hosts.zip Would you please be kind enough to check and report back. Thank you. Kind regards. MBAM_HOSTS.txt
  4. Hi, A few months back, I had an infected hosts file which would redirect selective websites. Malwarebytes did not detect it at that time. Will it now detect "dirty" hosts files or, if not, could it be added as a warning ? Thanks, mandacat
  5. I decided to give Roguekiller a try today and just finished scanning my machine. I keep very close tabs on system files and processes and have no cause for concern at the moment (no weird system behaviours), but decided to use Roguekiller to be sure there's no silent malware that i might've missed. I don't know enough to discern if the results shown in RK's scan are false positives or actual threats. If you'd care to have a look at the report i'd be very interested in knowing your expert opinion on which of these entries might be beneficial to delete. RogueKiller V8.6.2 [Jul 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : José [Admin rights] Mode : Scan -- Date : 07/03/2013 23:27:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 22 ¤¤¤ [DNS] HKLM\[...]\CCSet\[...]\{B0BBEACD-1579-4BC0-AD1B-BEE2B0396FAF} : NameServer (88.214.182.2 88.214.178.1) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{B0BBEACD-1579-4BC0-AD1B-BEE2B0396FAF} : NameServer (88.214.182.2 88.214.178.1) -> FOUND [DNS] HKLM\[...]\CS002\[...]\{B0BBEACD-1579-4BC0-AD1B-BEE2B0396FAF} : NameServer (88.214.182.2 88.214.178.1) -> FOUND [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [FF][PROXY] 4013noxj.Multivac2 : user_pref("network.proxy.type", 2); -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-1.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG 470 Series SSD +++++ --- User --- [MBR] bcc91b02f70009de1c7c4a28a05cfa1c [bSP] df411fe1a960eaf63f8cc7d9c684d8cd : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 244096 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG 470 Series SSD +++++ --- User --- [MBR] 9c44c7731e933c1aa07703f6ba30f179 [bSP] 29ea0c61e7ecf77adb55299b621edd92 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07032013_232744.txt >>
  6. In order to prevent ads from stealing my bandwidth i am adding to my hosts file lines like 127.0.0.1 ads.pile-of-crap.com i copied file to other machines, and once noticed that file changed. i started making local copies and found out that two lines (out of about 100) constantly disappear from the file: 127.0.0.1 ad.doubleclick.net 127.0.0.1 www.google-analytics.com clearly this is an action of some malicious entity. Unfortunately both NOD32 which i have constantly running, and manual scan by my favorite Malwarebytes, don't show anything wrong with my system. Any ideas?
  7. Although MBAM does detect the files associated with the Trojan.Qhost.Gen and .BG (dplaysvr.exe & dplayx.dll), it does not appear to detect or warn that the hosts file has been changed. I'm not positive, but apparently it was changed by these Trojans. In my case , the host file redirected the browser to a site in Romania ? when either www.google.com or www.bing.com was browsed. Is it possible to warn users when the host file has lines in it without the # character ? Thanks, mandacat
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.