Infected - SettingsModifier:Win32/HostsFileHijack

[SDGuy73]

Here you are.

Addition.txt FRST.txt

[Maurice Naggar]

Thank you for the new FRST reports.  We are nearing the end of this case.  I have some questions.

Had you recently used MSCONFIG to turn off some services ?  Have you used MSCONFIG to turn off some services of Malwarebytes program ?

Have you recently downloaded and used RogueKiller on your own ?  I ask that because I see its service is listed as running & that is un-expected. We will attempt to have it not auto-started as part of the task below.

This run will also run the Windows System File Checker tool and a check with the Windows DISM to check the Windows integrity. It will also cleanup some Windows context menu handlers  ( old obsolete ones). It will remove an obsolete mention of Webroot.

This custom script is for SDGuy73  only / for this machine only.

Please first delete the prior file named Fixlist.txt  which is on the Desktop.   ( we want to delete the old one ).

The  custom Fix script is going to be used by the FRST64  tool. They will both work together as a pair.

Please save the (attached file named) FIXLIST.txt   to the  DESKTOP  folder

The tool named FRST64 .exe   tool    is already on the Desktop
Start the Windows Explorer and then, to the Desktop folder.   KEEP in mind that the FRST will be doing a Update  run so it is the latest  & so do not freak.

RIGHT click on  FRST64.exe   and select RUN as Administrator and allow it to proceed. 

 Reply YES when prompted to allow to run. Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this.   ALSO, please go to the Windows taskbar Search box and type in

check security status

and tap Enter to select that.  On the next display of Control Panel, look at the line SECURITY and click on the down chevron to expand the view.

Please review the Security display.

Fixlist.txt

[SDGuy73]

Had you recently used MSCONFIG to turn off some services ? Yes. I tried to stop Comodo from starting up with my computer. I have since removed Comodo.

Have you used MSCONFIG to turn off some services of Malwarebytes program ? No. Never.

Quote

Have you recently downloaded and used RogueKiller on your own ? 

Yes. My friend suggested it to try to remove HostsFileHijack. The scan found nothing. I can remove it.

I ask that because I see its service is listed as running & that is un-expected. We will attempt to have it not auto-started as part of the task below.

Edited February 24, 2021 by AdvancedSetup
corrected font issue

[SDGuy73]

Here you go.

Fixlog.txt

[Maurice Naggar]

Thank you for the information and the Fixlog report.   Needless to say, please do not run other tools on your own without asking me first.

The custom script run succeeded.  The Windows System File Checker tool and the DISM tool found no issues   Very good findings.

I believe your Windows 10  O S  is now in much better state.  You should do a quick visual check.

Go to the taskbar's Search box, type in 

virus & threat protection

& tap Enter  on the Shield icon  in the result pane.  Take a look at the summary presented.  Especially the top middle section.

and let me know, if you need any other help.

Note that yu can click on "Check for Updates" in blue to do a update for Microsoft Defender.  and then next, click on the button "Quick scan" to run a quick scan.

 

[SDGuy73]

Maurice,

Thank you for your time and help. I appreciate you.

 

[Maurice Naggar]

Hi.  You ware very welcome.  I am glad to have worked with you.  Plus it is good to know that your OS is on the 20H2 build of Windows 10.

we can proceed with cleanup of tools we used.

To remove the FRST  tool & its work files, do this.  Go to your Desktop folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

 

Delete SecurityCheck.exe

Any other download file I had you download, you may delete.   I wish you all the best.  Stay safe.

Sincerely.

Maurice

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you