Tried to get into Google earlier today and a page opene dtelling me in red print that if I could seee that page my Hosts file had been hacked, advising then to update files from Microsoft update, giving a genuine link,and to delete winlogon.exe from Windows startup and the svchost.exe from the registry and windowsand enter a new address for the local host of 127.0.0.1. I have ADSL and contacted the IP to check it wasn't a genuine Microsoft msg which of course it wasn't and they have told me to do none of these things and treat it as a virus. My updated AVG found nothing as with Panda. Anyone think I should follow these instructions or have any knowledge of what I'm dealing with here? Cannot access search engines but otherwise seems ok.Did system restore with no effect. Affects both IE(6) and Opera the same. Thanks. Stuffed without you.
I think you should definitely NOT follow those instructions. You may have a virus or trojan or worm or adware or some other sort of malware.
Run an AV scan, and download AdAware and Spybot, install them, update them, and run. Delete anything that looks suspicious. Some advise deleting everything because it's all reversible. Also get Spyblaster which keeps a list of bad stuff on your computer and blocks them from being installed (theoretically). Be sure your independent (not MS’s) firewall is enabled.
If you had in mind running Hijack This as well, and posting your log, don’t until after you’ve run the two programs below. Then if you want to run HJT and post the log, do so in the Security and Virus settings and say you’ve run these two al-ready. If you don’t do this, the forum moderator will delete your post.
Go to THIS SITE and read what it has to offer. Then click the link that says "To view the HOSTS file in plain text form.” This will open a file of parasites and other bad sites. Right click on the list and click "select all" then "copy"
Paste that entire list into your "hosts" file.
If you read the page it will tell you how to do this. It's very simple and will stop you from opening any bad-guy sites and help stop "trackers and tracers and data-miners" from loading onto your unit.
Same thing happened to me. Make a long story short, look for a nasty little file in Windows/help/host and delete it. Had same problem, two months of spare houndogging and I found it. Microsoft Security no help. After deleting this file my browsers work better than ever, so does all my stop pop up software. Drove me nuts. Good Luck.
I had a similiar issue on my wife's computer. I tracked it down by first, fixing my hosts file, then rebooting. Upon reboot, that file was being overwritten every time. So I corrected it again, and made the file read only, figuring that if it was a hacker, the probably weren't smart enough to check to see if the file was read only. And sure enough, upon reboot, I got an error box. With XP, when you bring up your application list, it allows you to find out what process that box is from. A extra WINLOGON.EXE process was running. But this was not the WINLOGON from the WINNT directory, it was sitting in the \documents and settings\all users\start menu\programs folder. So I deleted that .EXE file and so far it hasn't returned. I'm hoping it was a 1-time thing, but I'll be watching to see if it came from something else. As a sidenote, both Adaware 6 and NAV with all the latest patches found nothing when both scans were run.
 |
|
| « delete dual boot option | Slow XP » |
TOM'S GUIDE AROUND THE WORLD | |
| United States | France |
| Germany | Italy |
| United Kingdom | Ireland |
