How do I get rid of this Virus? Part 2

March 8, 2011 at 14:14:30
Specs: Windows XP
YOU HAVE A VIRUS ON YOUR SYSTEM THAT IS TAKING OVER YOUR %WINDIR%\system32\drivers\etc\hosts FILE

This is what I get when I try to use a search field from my browser or web page.

Any ideas on how to get rid of it?

I have run Avast, Superantispyware, RUbotted, Malewarebytes' Anti-Maleware, and Regserve.
None of them have spotted this virus. They all say my system is clean.


See More: How do I get rid of this Virus? Part 2

Report •

#1
March 8, 2011 at 14:21:27
Virus issues should have been posted on the Security and Virus forum here. Perhaps a moderator will move the thread.

Where and when are you seeing this message?


Report •

#2
March 8, 2011 at 14:34:37
Did you look at the hosts file? You'll have to enable "show hidden files & folders" & disable "hide protected operating system files". Once you've done that, go to C:\windows\system32\drivers\etc & open the hosts file with notepad. Here's how it should look:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


Report •

#3
March 8, 2011 at 14:38:36
BTW, all spyware & virus scans should be run from Safe mode. One other thing to check is your LAN setting. Go to Start > Control Panel (classic view) > Internet Options > Connections tab, then click on the LAN settings button. Make sure "Use a proxy server...." is unchecked

Report •

Related Solutions

#4
March 8, 2011 at 15:00:52
Just a tiny clarification/addition to mickliq's excellent replies; the hosts file has no extension, and is identified as Type: File

Report •

#5
March 9, 2011 at 14:50:00
"BTW, all spyware & virus scans should be run from Safe mode. "

Generally true, but not always. Some cleaners, MalwareBytes' Antimalware especially, require being run in regular Windows mode so it can detect the malware in action.


Report •

Ask Question