Fluxpheria Posted January 22, 2016 ID:1014185 Share Posted January 22, 2016 I just ran a scan on my computer a while ago and it says that I have 5 files with Hijack.host. I have no idea what it is but I have posted the scan log.host.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 22, 2016 ID:1014189 Share Posted January 22, 2016 Hello and welcome to Malwarebytes,Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above....Next,Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...Next,Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach those logs to your reply.Let me see those logs in your next reply...Thank you,Kevin... Link to post Share on other sites More sharing options...
Fluxpheria Posted January 22, 2016 Author ID:1014195 Share Posted January 22, 2016 Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 1/22/2016Scan Time: 2:40 PMLogfile:Administrator: YesVersion: 2.2.0.1024Malware Database: v2016.01.22.09Rootkit Database: v2016.01.20.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 10CPU: x64File System: NTFSUser: AppleScan Type: Threat ScanResult: CompletedObjects Scanned: 333210Time Elapsed: 15 min, 7 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 4Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (127.0.0.1 services.wes.df.telemetry.microsoft.com), Replaced,[d2df0834574277bfee4c97558e76e21e]Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: ( for Windows.## This file contains t), Replaced,[7b36e8542277be78221806e641c3dc24]Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: ( for Windows.## This file contains the mapping), Replaced,[68493705b9e0fa3c80bae309e420867a]Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (ws.## This file contains the mappings of), Replaced,[6b46a993019882b482b8717b8b79ec14]Physical Sectors: 0(No malicious items detected)(end) # AdwCleaner v5.030 - Logfile created 22/01/2016 at 14:59:26# Updated 17/01/2016 by Xplode# Database : 2016-01-19.2 [server]# Operating system : Windows 10 Home (x64)# Username : Apple - DESKTOP-T7RIL5C# Running from : C:\Users\Apple\Downloads\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum***** [ Services ] ********** [ Folders ] *****[-] Folder Deleted : C:\Windows\SysWOW64\GroupPolicy\Adm***** [ Files ] ********** [ DLLs ] ********** [ Shortcuts ] ********** [ Scheduled tasks ] ********** [ Registry ] ********** [ Web browsers ] ******************************:: "Tracing" keys removed:: Winsock settings cleared########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [720 bytes] ########## FRST.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 23, 2016 ID:1014199 Share Posted January 23, 2016 Thanks for those logs, run the following: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Scan with HitmanProIn any case don't remove on your own anything that Hitman Pro detects!This scanner, as it is a really good for checking, has been known for deleting files instead od curing them, which in some cases may render the machine unbootable.Any removals will be done manually after careful analysis of the scan results!Please download HitmanPro by SurfRight and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool. If the program won't run please run it while holding down the left CTRL key until it's loaded! Click on the Next button. You must agree with the terms of EULA (if asked). Check the box beside No, I only want to perform a one-time scan to check this computer. Click on the Next button. The program will start to scan the computer. It would only take several minutes. When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore. If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply. Click on the Next button. Click on the Save Log button. Save that file to your desktop.Please include that logfile in your next reply.Don't forget to re-enable your security!Let me see those logs.... Also give an update on any remaining issues or concerns.. Thank you, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
David H. Lipman Posted January 23, 2016 ID:1014202 Share Posted January 23, 2016 I just ran a scan on my computer a while ago and it says that I have 5 files with Hijack.host. I have no idea what it is but I have posted the scan log. FYI: They are not files. They are entries in a table known as the etc/hosts file. That is a file supposed to provide resolution of a name to a fixed IP address but may also be used to poison address resolution. That is done so a site one does NOT want to go to does not have an address to be visited. Thus an entry in this table file can be used to poison resolution. There were False Positive reports Today and corrections were made.Hijack.Host-false positive and hijack.host - malware or not? Therefore you should update MBAM to mitigate that False Positive condition. Link to post Share on other sites More sharing options...
Fluxpheria Posted January 23, 2016 Author ID:1014205 Share Posted January 23, 2016 Here you go.Fixlog.txtHitmanPro_20160122_1633.log Link to post Share on other sites More sharing options...
kevinf80 Posted January 23, 2016 ID:1014208 Share Posted January 23, 2016 Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Let me see that log, also give an update on any remaining issues or concerns.... Thank you, Kevin..... Link to post Share on other sites More sharing options...
Fluxpheria Posted January 23, 2016 Author ID:1014212 Share Posted January 23, 2016 Can I delete the cookies on hitmanpro? And i think it fixed the problem. Thank you very much Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 1/22/2016Scan Time: 4:42 PMLogfile:Administrator: YesVersion: 2.2.0.1024Malware Database: v2016.01.22.09Rootkit Database: v2016.01.20.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 10CPU: x64File System: NTFSUser: AppleScan Type: Threat ScanResult: CompletedObjects Scanned: 332937Time Elapsed: 17 min, 0 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
kevinf80 Posted January 23, 2016 ID:1014213 Share Posted January 23, 2016 It is really down to personal choice on cookies, I never remove them.... http://www.infosecisland.com/blogview/12015-Are-Internet-Cookies-Good-or-Bad.html If no remaining issues or concerns I guess we can clean up: Download "Delfix by Xplode" and save it to your desktop.Or use the following if first link is down:"Delfix link mirror"If your security program alerts to Delfix either, accept the alert or turn your security off.Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administratorMake Sure the following items are checked: Remove disinfection tools Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settingsNow click on "Run" and wait patiently until the tool has completed.The tool will create a log when it has completed. We don't need you to post this.Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner?Take care and surf safeKevin... Link to post Share on other sites More sharing options...
Fluxpheria Posted January 23, 2016 Author ID:1014216 Share Posted January 23, 2016 Thank you very much, it is rather weird that this is a relatively new and the next day I found out there was this error. But anyways thanks a lot. Link to post Share on other sites More sharing options...
kevinf80 Posted January 23, 2016 ID:1014272 Share Posted January 23, 2016 Yes a new one on me too, I have read the following: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_security/how-to-block-spying-telemetry-services/0f104191-c329-4bd4-83d7-60390f2aa5eb?auth=1 have a read yourself, does make one wonder about " Telemetry Services" Your thread will be closed later, Regards, Kevin... Link to post Share on other sites More sharing options...
LDTate Posted January 28, 2016 ID:1015666 Share Posted January 28, 2016 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts