View Full Version : Need advice/help with global hosts file
Puniksem
2008-09-16, 13:43
I recently discovered an infection by Virtumundo trojan, which apparently lead to other similar infections of various names, I ran spybot SD 1.6 to clear the infections and was informed at the end of the fix that all items had been sucessfully removed, however after restarting, the afore-mentioned infection continued to plague my system.
Now I've noticed that there was an issue with my global hosts list in that spybot SD immunisation would not verify the entire list, even after selecting a restored version from spybots restore list.
I've also noticed that all items in the list have the same IP address 127.0.0.1
Is this correct or do I have yet more issues to resolve?
can anyone shed some light on this?
md usa spybot fan
2008-09-16, 14:46
Puniksem:
The HOSTS file contains the mappings of IP addresses to host names and is loaded into memory at startup. The HOSTS file must contain one entry: "127.0.0.1 localhost". The IP address 127.0.0.1 is the local machine. Windows checks the HOSTS file before it queries any DNS (Domain Name System) servers, which enables entries in the HOSTS file to override addresses in the DNS servers. Adding an entry such as "127.0.0.1 malware.com" to the HOSTS file prevents the access of "malware.com" through a browser because any connection attempts are redirected back to the local machine. HOSTS file entries can also be used to block other applications from connecting to the Internet.
If there are 127.0.0.1 entries added by malware to block access to anti-malware sites they should be picked up with a Spybot scan. The 127.0.0.1 entries added by Spybot are correct and do not indicate a problem.
Puniksem
2008-09-16, 17:06
Thank you for your reply, however as I was rushed to get out earlier I neglected to mention a few additional facts around this issue.
Firstly Since this infection, I have received an error message from windows updates in the form of windows security centre reporting that windows updates are turned off when in the the automatic updates window in control panel it clearly indicates tht windows updates are turn ON. however in the security centre (which remains in the notification area) one cannot turn it on, nothing happens when I repeatedly try.
When I visit the microsoft updates site, I get the express and custom buttons, and regardless of which I chose I get this message.
"The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. " and displays this error code [0x80070424]
They in their wisdom offer a suggested fix, but alas as with most of microsoft fixes, it done nothing to help.
It seems that whatever infected my system, has now prevented windows system updates.
Any advice would be appreciated.
you might want to visit the malware removal forums (http://forums.spybot.info/forumdisplay.php?f=22) and get your system cleaned and/or looked at. The reason i am telling you to do this is because you stated you are infected. If normal scans of antivirus and other antispyware software does not detect the threat(s), post in the malware removal forums. Before you post there, (if you decide to post there) follow these directions. (http://forums.spybot.info/showthread.php?t=288)
Try doing this to get windows updates back: disable Microsoft updates completely, in whatever options you find. Restart the computer. Re-enable them. Try the Microsoft update (http://update.microsoft.com/windowsupdate) website again. If it still does not work, do the following: Right click my computer-manage. Click services and applications, click services, right click automatic updates, click stop. Wait a bit. Then right click and click start. Wait, and then close out of the window or windows, and restart. Then try to access the Microsoft update (http://update.microsoft.com/windowsupdate) website again.
Puniksem
2008-09-17, 00:11
Thanks for the advice, after running a full scan, mcafee found and removed 26 items all related to the aforementioned trojan infection.
I will try what you said and with fingers crossed I will endevour to avoid a clean install of windows.:spider:
good, let us know if that solved the problem. If you still think you are infected, visit the malware forums like i suggested. I hope that the tricks i told you to get windows updates working again works for you. :)
Puniksem
2008-09-17, 00:36
Sorry to say NO it didn't make any difference, windows updates will not enable and when visiting windows update website i receive an error message as stated above.
When i disable the service as you suggested, the site just reports that the background intelligence transfer service has been disabled and cannot continue, offering a suggestion how to re enable it before windows updates can continue, however as you may have guessed once re enabled, it makes no difference, updates will not happen.
As far as i can tell i do not have any infections on the PC, after performing multiple scans with spybot SD and Adaware pro 2007 and Mcafee 2008 pro.
All scans now come back clean.
So i hope that i got all infections off now, but just have to sort this updates issue, else It's quickly looking like a full reboot. which i really do not want to entertain.
The only thing i can offer you is to try googling suggestions for the error you are receiving, and possible solutions for this windows error. Make sure the site is safe before you click it though. I suggest Mcafee site advisor, or yahoo search, it has that built in. :)
Puniksem
2008-09-17, 03:31
I just did a bit of searching and found a fix that worked like a charm. Turns out the problem occurred because I needed to re-install my Windows Update Agent. Hopefully this fix will be helpful to you folks.
1) First, I created a folder in my C:\ drive called 'WUAGENT'. Its address was:
C:\WUAGENT
I used this directory to store the Windows Update Agent file (see next step).
2) I went to the link below, and downloaded 'WindowsUpdateAgent30-x86.exe' to my C:\WUAGENT directory:
http://download.windowsupdate.com/v7/windowsupdate/redist/standalone/WindowsUpdateAgent30-x86.exe
3) I opened the Command Prompt and forced a re-install of the Windows Update Agent with the following command:
C:\WUAGENT\WindowsUpdateAgent30-x86.exe /wuforce
4) The re-install worked fine, and after that Windows Update worked perfectly.
I hope this is helpful.
CONSIDER RESOLVED! Thanks for all your help.:)
thank you so much for posting a solution that worked for you! :) Glad i was able to help :)