Jump to content
SKIBA

Hijack.Host-false positive

Recommended Posts

I wanted to report incorrect detection Hijack.Hosts. I use the program Hosts Block, where he added the entries dangerous websites, which represent a threat to your computer.

 

post-184631-0-33660100-1453464957_thumb.

Share this post


Link to post
Share on other sites

Can you also confirm which HOSTS file provider you're using please?

 

Note: if hpHosts, please specify whether it's the "full fat" HOSTS or a merging of the custom options.

 

/edit

 

Please also provide the URL for "Hosts Block".

Share this post


Link to post
Share on other sites

I get the same problem on 2 computers. They are used for different things so its highly unlikely to be Malware. I will try and upload the logfile.

Share this post


Link to post
Share on other sites

Same thing at this end?

 

From what I can see, there's nothing wrong with it, but can't be sure.

 

I'm using spybot - could that be the source?

 

I am not using a host blocker

See attached for report

Malware-012216.txt

Share this post


Link to post
Share on other sites

I give up. It took me 4 goes to post the first time. I now try to attach the log file and I get

 

Your secure key, used to verify you are posting the topic, did not match the one submitted. Please go back, reload the form, and try again

 

this happened over and over again first time. it seems it logs me out each time. you have a faulty web site as well

 

by the way I ran n spybot, herd protect and 360 security and they were clean

Share this post


Link to post
Share on other sites

 I too found the six files with Malwarebytes this morning  in c/Windows/system/system32/etc/hosts. I quarantined them.Do I need to restore them?I was skeptical because my system is relatively fresh install.Found this forum before I deleted.

Share this post


Link to post
Share on other sites

 I too found the six files with Malwarebytes this morning  in c/Windows/system/system32/etc/hosts. I quarantined them.Do I need to restore them?I was skeptical because my system is relatively fresh install.Found this forum before I deleted.

I mis- typed it is C/Windows/System32/drivers/etc/hosts

Share this post


Link to post
Share on other sites

This should be fixed shortly when the following update goes live.
v2016.01.22.08


Tnks!
 
 

Share this post


Link to post
Share on other sites

@fabioM

 

Being these are custom changes i would recommend you add them to our ignore list. When the results come up simply select them to be ignored in the future.

 

The others i am looking at.

Share this post


Link to post
Share on other sites

08 has a few more fixes.

 

If you are blocking ads on legit av sites i cant unblock these as malware usually blocks the whole domain. I recommend adding it to malwarebytes ignore list if want to keep these blocked.

Share this post


Link to post
Share on other sites

Can you also confirm which HOSTS file provider you're using please?

 

Note: if hpHosts, please specify whether it's the "full fat" HOSTS or a merging of the custom options.

 

/edit

 

Please also provide the URL for "Hosts Block".

http://winhelp2002.mvps.org/hosts.htm

 

I see that not only I had such a problem. You see, last updated databases found that the HOSTS file has been modified by malware. Earlier scan did not detect anything. I hope it was fixed. ;)

Share this post


Link to post
Share on other sites

I've updated my MWB to 2016.1.22.09 and it's happening again.  My hosts files have entries created by spywarebot anti beacon, even deleting the host file doesn't stop the errors I'm getting.

Share this post


Link to post
Share on other sites

Hello mig0,

 

That looks to be a rather custom hosts file for those concerned about privacy as far as Microsoft telemetry stuff..

These you can tell MBAM next time to "ignore always" next time they come up in a scan.

Share this post


Link to post
Share on other sites

Looking further into the issue.. there will be another small fix that will go out in the next database update that should resolve a bunch of the issues you folks are seeing.

 

Researching a few of the entries in the hosts files.. I can see why now they are there in the first place..

Most AV products, Microsoft, etc collect some data on how users use the product(s), as for AV - threats found and so on.

Most of this is all for telemetry purposes. An example being, if we visit Symantec to see what the top 10 threats are, this info is only available because of telemetry collected from real live user machines. Some will find this useful, some find it intrusive to privacy.

 

Some refer to it as "data mining" and are concerned about it, so HOSTS files were created so this telemetry collections cannot occur.

 

So really, these connections would normally happen as designed by the products we use.

Often malware will insert into the HOSTS file blocks on common AV products so you can't get updates or download the product.

Therefore a good many AV/AS products remove entries in hosts files pointing to AV/AS & Microsoft domains.

It is often difficult to tell whether this is a custom entry put there by the user or something malicious did it.

 

If you want to keep the entries in the hosts files, have MBAM ignore the detections.

If you ignore these (always), the next scan should not show them.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.