McAfee Problem

Discussion in 'Windows Desktop Systems' started by ~bk, Apr 30, 2004.

  1. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    See the attachment. It says unable to connect to the update server. =/
    Any idea?
     
  2. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    And my icons beside the clock keep on disappearing.
     
  3. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Aha! I think i found the bastardido :p

    I was scanning my computer with McAfee, and received a virus alert. The file name is configdlr.exe

    What do you guys think? Was this causing all those problems?
     
  4. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    Well it's more then possible that a virus has disabled your AV ... I would scan your system again w/ something like housecall and see if it finds anything else. If your system is then clean you might have to reinstall your AV depending on how the virus went about disabling it.
     
  5. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Yeah, certain viruses attempt to disable or cripple antivirus software in certain ways. My roommate got a virus yesterday, and it brought Norton down to its knees. Besides that, it added every major antivirus manufacturer's URL to the hosts file and mapped them all to 127.0.0.1, so he couldn't even head over to Symantec's site to find a solution until I told him what the problem was.
    Freaky...
     
  6. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
  7. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    The site is not working.
     
  8. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    I will do that in a moment.
     
  9. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Ok. I found one more virus when I scanned with Housecall.

    Name of virus: DOS_AGOBOT.HM
    Scan result: Non-cleanable
    File: C:\Windows\system32\drivers\etc\hosts

    So this is means I have to go to his particular folder and deleted that file?
     
  10. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    I'm done with the scanning. After the scan was finished, I deleted that file.
    So what do I do now?
     
  11. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    The only line that should be in the hosts file by default is

    127.0.0.1 localhost

    everything else can be removed.
     
  12. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    What is this file for? and what are the addresses in the file?
    I've got probably 2 A4 pages full of addresses in that file. :p

    Last line says "#END of KL Supertrick...."
     
  13. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    I don't get it. :confused:
     
  14. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    The host file overrides name resolution, so an entry like

    216.239.57.99 google.com

    would resolve google.com to that IP address. Some new spyware hijacks this file and points normal address [i.e. symantec.com] to a spyware site.

    now if you put in there

    216.239.57.99 yahoo.com

    Typing yahoo.com would actually take you to google.

    this is what the default hosts file looks like

    Code:
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host
    
    127.0.0.1 localhost
     
  15. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Don't know if i'm supposed to post this but that's whats in the file.
     
  16. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
  17. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Huh? :confused:
     
  18. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    I posted the default file, then you posted the same thing, yes that is what you are supposed to have in that file.
     
  19. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    sooo... what if it says something like 127.0.0.1 www.yahoo.com?? or 127.0.0.1 abcdefg?
     
  20. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Oopss!

    So that means everything is fine now?