FraudWindowsProtectionSuite/RedirectedHosts

[Andrew Boswell]

Hi i have followed the sticky, backed up registry etc and when i try to run HJT i get the following message: For some reason your system denied write access to the hosts file. If any Hijacked domains are in this file, HijackThis my NOT be able to fix this.

The message then gives instructions on how to edit the hosts file manually by deleting certain lines that HJT reports, after clicking ok i then get an error submit message, then the first message again and finally a message saying: Your hosts file has invalid linebreaks and HJT is unable to fix this, 01 items will not be displayed. Click ok to continue the rest of the scan.

Can someone advise on what i should do next?

Thanks for your time

 

[Shaba]

Hi Andrew Boswell

Please post next spybot report

 

[Andrew Boswell]

sorry for late reply, think i might have sorted it but i ran spybot anyway and it showed no threats

 

[Shaba]

OK

Still some issues left?

 

[Andrew Boswell]

well even though spybot originally showed redirected hosts on the first scan i never really suffered as i think winpatrol stopped it, i did get repeated pop ups from winpatrol saying that my hosts file was to be changed accept or deny, so it was caught in a kind of limbo. I keep finding a few spyware entries when i do a scan with f-secure online scanner but nothing on spybot anymore...what are your thoughts?

 

[Shaba]

Then please post f-secure log next

 

[Andrew Boswell]

Scanning Report
Saturday, January 9, 2010 10:15:56 - 10:43:54
Computer name: BAGPUSS
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ J:\


--------------------------------------------------------------------------------

3 malware found
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 28908
System: 2795
Not scanned: 7
Actions:
Disinfected: 3
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

 

[Shaba]

I am very sorry but I never got any email notification from this one.

F-secure findings are cookies only, no threats.

Still some problems?

 

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.