LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 12-07-2004, 08:14 AM   #1
rabeea
Member
 
Registered: Aug 2004
Location: Pakistan
Posts: 52

Rep: Reputation: 15
Hosts file unknown entries


hi All,

I work on Windows 2000 professional. And i use windows 2000 norton client for virus protection.
For the past few days i have not been able to download virus definitions from norton's site bcoz whenver i tried accessing their site to download, it showed me page not accessible. Today i noticed that it takes it to 127.0.0.1 for opening the page and then displays it unaccessible.

Bcoz of that i checked my host file and find that all the security sites like norton, mcafee etc have been resolved by 127.0.0.1 which surprised me.
I deleted the entries but still i am unable to access norton site updates for virus definition updation.
Can u help me to remove this (may be its a virus)?

thnx
Rabeea
 
Old 12-07-2004, 09:44 AM   #2
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
yeah... i saw the same thing once...

gotta be a virus, though i didn't determine which one... couldn't dig up enough info from syamtec's security response...

i think all i did was straighten out the hosts file get the virus defs updated, and run some sweeps, and sure enough, there were viruses on the system... i don't think i had to do anything complex for removal.
 
Old 12-07-2004, 02:37 PM   #3
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Sometimes a virus/malware will add an entry but first it will add a bunch of blank lines so you can't see it. Check for that. Also, unless you are using the host file for something specific you can just rename it to hosts.old. You don't really need one. Also reboot your computer after doing that.
 
Old 12-07-2004, 07:02 PM   #4
Glas
Member
 
Registered: Aug 2004
Location: Atlanta, GA
Distribution: Slackware, PC-BSD v0.6, FreeBSD v5.3
Posts: 82

Rep: Reputation: 15
It sounds like W32.gaobot or one of its variants. I know when my company go hit with it that was one of the main issues that it was causing. There a removal tool that you can download that will get rid of it.
 
Old 12-08-2004, 12:01 AM   #5
rabeea
Member
 
Registered: Aug 2004
Location: Pakistan
Posts: 52

Original Poster
Rep: Reputation: 15
hi All,

thnx for taking out time to help me solve this issue.
But the thing is that i already have removed those lines from hosts file but still my browser doesnt let me go to norton's site rather it shows
connecting on 127.0.0.1 -> page cannot be displayed.

where else do i have to remove the entry.
waiting for ur response.
Rabeea
 
Old 12-08-2004, 12:03 AM   #6
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
should just be a matter of changing/saving the hosts file (and restarting the browser?)
 
Old 12-08-2004, 04:40 AM   #7
scuzzman
Senior Member
 
Registered: May 2004
Location: Hilliard, Ohio, USA
Distribution: Slackware, Kubuntu
Posts: 1,851

Rep: Reputation: 47
Quote:
Originally posted by benjithegreat98
Sometimes a virus/malware will add an entry but first it will add a bunch of blank lines so you can't see it. Check for that. Also, unless you are using the host file for something specific you can just rename it to hosts.old. You don't really need one. Also reboot your computer after doing that.
 
Old 12-08-2004, 01:09 PM   #8
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
I'd check out this thread. They seem similar

http://www.linuxquestions.org/questi...hreadid=263182

Sometimes you just have to bit the bullet and re-install windows. There might be a way to fix your problem, but you can very easily spend so much time tracking down the scum-ware or fixing the problem that you could've re-installed faster. I work on PC's in a Windows environment and I have had times where that was the case. Back up all your files and make a list of all the programs you need to re-install and go for it. Also write down all of your hardware too. This will help when looking for drivers.
 
Old 12-08-2004, 01:21 PM   #9
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
to get slightly off topic--

Quote:
but you can very easily spend so much time tracking down the scum-ware or fixing the problem that you could've re-installed faster.
hence my support stance for the last couple months: if i can't get spyware/junkware/whatever cleaned off your system within 20 minutes, you should reinstall windows.

i know where to find most of this junk, but seems to be that some junk has become very persistant. even with utilities, i can't make the system any cleaner than i can by hand... and if i can't get it done in 20 minutes...

so my stance is move into recovery mode, and salvage what you can, then reinstall. and teach users best practices for safe internet use which includes step one: ONLY use IE for things like windows update!

and back on topic--
your problem, however, baffles me with its apparent complexity. i didn't expect you to have any problem. have you tried "shut up and reboot?"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] nslookup, host, dig not resolving entries in /etc/hosts MensaWater Linux - Networking 12 11-01-2012 08:25 AM
fstab file entries what do they mean? bgagnon Suse/Novell 2 11-12-2004 02:23 PM
Entries for sudoers configuration file Hikito Linux - Newbie 5 09-17-2004 12:42 PM
does the /etc/hosts file work same as the M$ hosts file? Lleb_KCir Linux - Software 6 04-03-2004 04:33 PM
Weird entries in log file KennyK Linux - Security 4 10-17-2003 08:28 PM


All times are GMT -5. The time now is 04:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration