Jump to content

Spybot hosts file


AlexLangley

Recommended Posts

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 12/07/2014

Scan Time: 23:16:35

Logfile: 12th July MBAM log.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.07.12.09

Rootkit Database: v2014.07.09.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Alexander

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 276759

Time Elapsed: 8 min, 38 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

Trojan.Agent, C:\Windows\hosts, Quarantined, [7831742a3249f244d8229aa80300857b],

Physical Sectors: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The etc/hosts file does not belong in %windir%.

 

The etc/hosts is a Networking File Structure (NFS) component of the TCP/IP stack.

 

Under MS Windows the etc/hosts file belongs in;  %windir%\system32\drivers\etc

 

Since %windir%. is a non-standard location, no wonder it is getting flagged.

Link to post
Share on other sites

The location of the etc/hosts, services, networks and protocol tables are set in the Registry.  Malware has been known to alter the location and slip in anti malware site negation.  One looks at the traditional location and doesn't see a modified etc/hosts as most don't know about the Registry setting.  This allows the malware to obfuscate and retain its OS modifications.

 

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

DataBasePath = %SystemRoot%\System32\drivers\etc

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.