Solved how do i reverse what this batch file does

August 28, 2016 at 13:16:02
Specs: Windows 7
attrib -r %WINDIR%\system32\drivers\etc\hosts

SET NEWLINE=^& echo.

FIND /C /I "skipittok.com" %WINDIR%\system32\drivers\etc\hosts
IF %ERRORLEVEL% NEQ 0 ECHO ^127.0.0.1 skipittok.com>>%WINDIR%\system32\drivers\etc\hosts

FIND /C /I "keystone.mwbsys.com" %WINDIR%\system32\drivers\etc\hosts
IF %ERRORLEVEL% NEQ 0 ECHO ^127.0.0.1 keystone.mwbsys.com>>%WINDIR%\system32\drivers\etc\hosts

attrib +r %WINDIR%\system32\drivers\etc\hosts


See More: how do i reverse what this batch file does

Report •


✔ Best Answer
August 29, 2016 at 01:02:34
i tried something and it worked apparently.i modified the batch file as follows:

attrib -r %WINDIR%\system32\drivers\etc\hosts
SET NEWLINE=^& echo.
FIND /C /I %WINDIR%\system32\drivers\etc\hosts
IF %ERRORLEVEL% NEQ 0 ECHO ^>>%WINDIR%\system32\drivers\etc\hosts
FIND /C /I %WINDIR%\system32\drivers\etc\hosts
IF %ERRORLEVEL% NEQ 0 ECHO ^>>%WINDIR%\system32\drivers\etc\hosts
attrib +r %WINDIR%\system32\drivers\etc\hosts

after this i saved and ran it.
i opened the hosts file and checked, it was blank.
then i made a new hosts file as per directions given on Microsoft site for win 7.
restarted the system, and its bk to normal. no more addition of the 2 lines and no more malware flag.
thanks or all the help gentlemen. appreciate it. cheers.



#1
August 28, 2016 at 13:30:56
While you are awaiting a programmer, do you know about Hosts files and are you using one because it seems the batch file changes a couple of entries? Your answer could make a difference to what we should be recommending. What is the background to this query?

Always pop back and let us know the outcome - thanks


Report •

#2
August 28, 2016 at 13:39:14
yes i do know about the basics of hosts file. i was looking for a way to block an application access to internet for which i found this file. however due to this file adding the two new lines to the host file, the file is being flagged as malware. i tried deleting these two lines from the hosts file. however after system restart they reappear. so i want a solution or that. how to get these two lines not to reappear in the hosts file.

Report •

#3
August 28, 2016 at 13:44:54
But if you don't add the entries then the application won't be blocked!

Actually, it should be blocked by the Windows Firewall anyway if you haven't added it as an exception.


Report •

Related Solutions

#4
August 28, 2016 at 13:50:57
yeah now i have it blocked with my firewall. iitially i didnt want to block it via firewall so as to be able to update regularly. but now since i have done that, i want to get rid of this change in the host file ( the added two lines) as it is getting flagged as malware. how do i do that, any suggestions?

Report •

#5
August 28, 2016 at 13:58:34
Better idea: Take care of the malware that's adding the lines in the first place

How To Ask Questions The Smart Way


Report •

#6
August 28, 2016 at 14:00:19
Just edit the host file with notepad and remove the entries. You'll need to remove the read-only status to do so, then reinstate it.

Report •

#7
August 28, 2016 at 14:04:52
i did remove the entried by editing the host file. but they get added again on system restart??

Report •

#8
August 28, 2016 at 14:26:18
They should not be added again automatically. The answer is not reverse engineering but is to eliminate the malware that keeps putting the lines back again.

Run these three freebies for starters, in the order given. They often unearth what your anit-virus program can miss:

AdwCleaner:
https://toolslib.net/downloads/view...
(blue "Download Now" button on right).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Clean" button.

Junkware Removal Tool (JRT)
https://www.malwarebytes.org/junkwa...
(blue Download button).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
https://www.malwarebytes.org/
(use the "download" button rather than the "buy" button).
Install and Run the program but before running the Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

Please copy/paste the logs on here so that we can see what is going on.

Always pop back and let us know the outcome - thanks


Report •

#9
August 29, 2016 at 01:02:34
✔ Best Answer
i tried something and it worked apparently.i modified the batch file as follows:

attrib -r %WINDIR%\system32\drivers\etc\hosts
SET NEWLINE=^& echo.
FIND /C /I %WINDIR%\system32\drivers\etc\hosts
IF %ERRORLEVEL% NEQ 0 ECHO ^>>%WINDIR%\system32\drivers\etc\hosts
FIND /C /I %WINDIR%\system32\drivers\etc\hosts
IF %ERRORLEVEL% NEQ 0 ECHO ^>>%WINDIR%\system32\drivers\etc\hosts
attrib +r %WINDIR%\system32\drivers\etc\hosts

after this i saved and ran it.
i opened the hosts file and checked, it was blank.
then i made a new hosts file as per directions given on Microsoft site for win 7.
restarted the system, and its bk to normal. no more addition of the 2 lines and no more malware flag.
thanks or all the help gentlemen. appreciate it. cheers.


Report •

#10
August 29, 2016 at 04:59:10
I've no idea what kept bringing those lines back but thanks for the feedback.

Always pop back and let us know the outcome - thanks


Report •

Ask Question