Malwarebytes not detecting or cleaning hijacked HOSTS

[Galdorf]

I have tried cleaning a fake av with malwarebytes it seems to find everything fine but did not pickup the hijacked hosts file in current version with newest defs, i have re-scanned using full , manually checking the hosts file which is hijacked search engines are still there.

I have to manually change attributes then edit hosts to remove the hi-jacked search engines even spybot-sd missed it and a few av's only one av picked it up was dr. web antivirus but it could not repair it on it's own.

This was in windows 7 premium 64 bit.

Seems malwarebytes is not picking up the hijack scans show clean but when i view hosts file it still hijacked.

[kexul]

No one security product catch HOSTS file, even if hijacked. You must edit it manually, with HOST manager(just like this in HJT) or with a command(for OTL, for example)

[TeMerc]

I have tried cleaning a fake av with malwarebytes it seems to find everything fine but did not pickup the hijacked hosts file in current version with newest defs, i have re-scanned using full , manually checking the hosts file which is hijacked search engines are still there.

I have to manually change attributes then edit hosts to remove the hi-jacked search engines even spybot-sd missed it and a few av's only one av picked it up was dr. web antivirus but it could not repair it on it's own.

This was in windows 7 premium 64 bit.

Seems malwarebytes is not picking up the hijack scans show clean but when i view hosts file it still hijacked.

At this time Malwrebytes is not coded to detect or correct hosts file hijacks, but we're working on getting this added into future versions

[sunnie]

At this time Malwrebytes is not coded to detect or correct hosts file hijacks, but we're working on getting this added into future versions

several options for managing hosts files until mbam starts doing so below. Try 1 or more & see what works for you:

1. Hostsman - I find this a wonderful interface to use to manage my hostsfile. Makes it easy to backup, update, scan for issues.

http://www.abelhadigital.com/

2. winpatrol (free or Pro.) Pro will monitor in realtime if you set it to do so. free monitors periodically. Can't rave enough about winpatrol. It's not anti-infection scanner, what it monitors is computer settings & changes to them - not just hosts, file associations, new items wanting to run at startup & provides an easy interface to view and change these things on the fly. stop/start services, information about processes. I am using an older (non-cloud based version) which doesn't monitor the registry. the newer versions do.

http://www.winpatrol.com/

3. I don't use this cause use hostsman/winpatrol. but may be an option for you. in online armor there is an option to prompt if an untrusted program tries to change the hosts. I am sure other hips/firewall combos also offer this feature. Since I use OA paid version, if you plan to downwload it, first verify that the free version does what you want.

4. spybot s&d -- don't enable teatimer (realtime protection - will compete with rest of what you have running.) but do update and immunize- passive list of things it blocks silently including hosts file. in the ie tweaks section, it will "lock hosts files" Note that if you use this together with hostsman, you will need to open spybot s&d, unable this checked "lock hosts file" before it will allow hostsman to update. when done, you would go back into spybot s&d to re-check this.

(I don't use this, switched to hostsman, but the sw is there & the lock does the job)

http://www.safer-networking.org/index2.html