Jump to content

Hijackthis issue on W7 HP


Ken429

Recommended Posts

I have something that causes IE9 to periodically jump to the wrong web page link. I have run MSE, Malwarebytes and Microsoft's MSERT.exe several times both under W7, W7 Safe Mode and in the Microsoft Beta world a CD boot version of MSE. Malwarebytes did find a couple of bad guys but something still remains. I tried to run HijackThis v2.0.4 but it says the Hosts file cannot be accessed (screen dump attached). I have also attached the HijackThis log file. It sure looks like something is screwed up on this machine - my wife opens too many emails?! I have a second machine with almost exactly the same software and HijackThis does not show the error popup and it does not detect any "01 - Hosts". Help is need since I have run out of ideas. Thanks in advance.

I need even more help. I tried to run dds.scr and dds.com in both cases the program runs for a few seconds - # signs make it about 80% across the Command Prompt window and then they just quit. I cannot find anything that will let me run them as an administrator. It does not appear in the Right mouse click and it is grayed out in the Advanced Tab. I have uninstalled Microsoft's MSE program and it does not have any effect on the outcome. I am running W7 Home Premium with all the latest patches. I am the administrator. One last question, why does this thread show on the forum grayed out all the others are blue?

Not getting much help so I started Googling again. I found a thread on Groups.Google.com and someone there said the Norton Program PPE.COM fixed their HiJacking problem. I ran it on my system and it found an error and fixed it. The problem appears to have gone away, at least for now. Also, the HijackThis program now runs normally and the HOSTS file has been restored and has not been tampered with for several hours. However, I still cannot get the dds.scr or .com to run to completion. Based on the length of the Google thread this Hijack problem has come and gone for several years. One would think that the more commercial Anti-Virus/Maleware programs would have addressed this issue by now!

post-106466-0-67991400-1326576368.png

hijackthis.log

Link to post
Share on other sites

Welcome to the forum

See if this works:

1. > Download and run hosts-perm.bat

http://download.blee.../hosts-perm.bat

(Vista and W7 users --- use right click "run as administrator")

2. > Open up Notepad by "right-click and select Run as Administrator“, leave it open.

3. > Open up your host file:

C:\Windows\System32\Drivers\etc\HOSTS

Drag it into notepad and delete these so the hosts file now looks like this:

O1 - Hosts: 217.23.4.166 www.google-analytics.com. <-----delete all of these

O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.

O1 - Hosts: 217.23.4.166 www.statcounter.com.

O1 - Hosts: 178.250.45.15 www.google-analytics.com.

O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.

O1 - Hosts: 178.250.45.15 www.statcounter.com.

Save the changes and OK your way out.

It should look like this when done:

# Copyright © 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

Let me know, MrC

Link to post
Share on other sites

Thanks for the reply. Like I said in the previous post(s) NPE.COM found the "bad guy" and deleleted it (I should have got a screen dump but didn't). NPE.COM also reset the HOSTS file to - 127.0.0.1 localhost

::1 localhost

I then used NotePad to edit and put # in front of each entry for good measure. The HOSTS file has not been tampered with since so...I think NPE.COM did it's thing and I'm ok for now.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.