hostfile

Discussion in 'Windows Desktop Systems' started by Tuffgong4, Nov 17, 2004.

  1. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    how do you clear your hostfile
     
  2. vivid_vibe

    vivid_vibe OSNN Senior Addict

    Messages:
    406
    Go to your windows directory. Open the file called 'HOSTS' using notepad and delete all the text contained in it, then save.

    vivid
     
    Tuffgong4 likes this.
  3. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    The windows host file is located in

    C:\Windows\system32\drives\etc\hosts

    the only line in there by default is:

    127.0.0.1 localhost
     
  4. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    thanks guys. I got bad case of spyware. Me letting people use my computer. And right now I am totally against a reformat and reinstall except the programs I am using to get rid of everything just aren't doing the job and I'm trying to manually get rid of everything
     
  5. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    also I can't keep things out of my hostfile and I don't know what the hell to do
     
  6. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    Well if lines keep apearing in your host file your still "infected". I would try running both spybot & adaware. Also perhaps post a hijackthis log would be helpful. :)
     
  7. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    oh I know I'm still infected but I can't find the root. Ran Adaware and SB and D and no help...will post a log in a bit
     
  8. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    calsp.dll anyone know what the hell that is...says I need lspfix but the website with it is gone or not loading for me
     
  9. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    Logfile of HijackThis v1.98.2
    Scan saved at 8:28:51 PM, on 11/16/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Documents and Settings\Ed\Desktop\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - Startup: speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1091641017781
     
  10. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    calsp.dll is a malware LSP hijacker, don't see it in your log, you probably can't get to the website because it is blocked in your hosts file.

    I've attached LSPFix to this post, run it and move all instances of calsp.dll to the remove pane and hit finish. Reboot and post a new HJT log.
     

    Attached Files:

  11. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    thanks j79zlr and the rest that was it and I got rid of it...the weird thing is that I couldn't get to the website in Firefox but I could get to it when I ran IE...I got rid of calsp.dll and have watched everything and it is good to go.

    The weird thing is that I know the person that started this problem only uses IE and that was the browser I had to use to get the fix. Looks like I'm going to lock my puter up when I'm not using it.
    and here is the new hijack this log
    Logfile of HijackThis v1.98.2
    Scan saved at 12:02:09 AM, on 11/17/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ed\Desktop\hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - Startup: speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1091641017781
     
  12. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    looks clean, just lock down the permissions on IE and you shouldn't have any problems ;)

    Also checkout Spyware Blaster, it blocks a lot of malicious sites from even loading in IE, and blocks tracking cookies in IE and Mozilla/Firefox.
     
  13. bush dogg

    bush dogg OSNN Senior Addict Political User

    Messages:
    433
    Location:
    Kansas
    There's some nice reading on the host file and also has batch files to lock or unlock the host file

    Here
     
  14. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    downloaded spyware blaster last night and hid every quick way to get to IE on my computer so the people using it have only Firefox to use

    Thanks again guys!!
     
  15. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,333
    Location:
    new york
    why don't you block ie from accessing the internet, put a password on your firewall
     
  16. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,333
    Location:
    new york
    tee heee

    then put an ie icon on your firebird shortcut and make the toolbar resemble ie...also keep a firebird icon shortcut, and keep that toolbar looking like firebird

    should be a laugh at the very least
     
  17. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    Yeah I was thinking why not just change all your IE shortcut paths to FF :)
     
  18. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    that is a great idea but some people that use my computer know how to use IE and for some reason prefer to use it. The ones that know how to use it I don't mind using it. And they know how to get to it without any blatant shortcuts around...but those are great ideas
     
  19. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    If you use NTFS permissions on the IE executable, only the allowed users can run it.