Jump to content

Recommended Posts

Thread: https://forums.malwarebytes.com/topic/202828-trojanagentegeneric-is-stuck-in-cwindowshosts-even-after-multiple-quarantines/

Hosts file created by Spybot Anti-Beacon is being targetted by Malwarebytes (with reason in my opinion, since it isn't in the right location):

Trojan.Agent.E.Generic, C:\WINDOWS\HOSTS, No Action By User, [1103], [353524],1.0.2284

No idea if this detection can be adjusted.

hosts file attached here: https://forums.malwarebytes.com/topic/202828-trojanagentegeneric-is-stuck-in-cwindowshosts-even-after-multiple-quarantines/?do=findComment&comment=1140174

Content of the hosts file posted here: https://forums.malwarebytes.com/topic/202828-trojanagentegeneric-is-stuck-in-cwindowshosts-even-after-multiple-quarantines/?do=findComment&comment=1140177

Spybot Anti-Beacon installed on the system:

Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)

 

Link to post
Share on other sites

  • Staff

Hi,

The hosts file isn't supposed to be in that location - unless they have the path set to that location for the hosts file. Nevertheless, this is a method that malware has been using a lot, where they create a custom hosts file and have adjusted the location to there as well, hence why we need to alert the user about this.

So if this is a legitimate hosts file set where the user is aware and where it was allowed to create a custom path to it, I suggest to add it to exclusions. However, I am sure you can understand why we have a generic detection for any hosts file not at their default location.

Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.