McAfee Problem

[~bk]

See the attachment. It says unable to connect to the update server. =/
Any idea?

 

[~bk]

And my icons beside the clock keep on disappearing.

 

[~bk]

Aha! I think i found the bastardido 😛

I was scanning my computer with McAfee, and received a virus alert. The file name is configdlr.exe

What do you guys think? Was this causing all those problems?

 

[Xie]

Well it's more then possible that a virus has disabled your AV ... I would scan your system again w/ something like housecall and see if it finds anything else. If your system is then clean you might have to reinstall your AV depending on how the virus went about disabling it.

 

[NetRyder]

Yeah, certain viruses attempt to disable or cripple antivirus software in certain ways. My roommate got a virus yesterday, and it brought Norton down to its knees. Besides that, it added every major antivirus manufacturer's URL to the hosts file and mapped them all to 127.0.0.1, so he couldn't even head over to Symantec's site to find a solution until I told him what the problem was.
Freaky...

 

[j79zlr]

Another McAfee "protected" computer compromised.

http://www.grisoft.com

 

[~bk]

Another McAfee "protected" computer compromised.

http://www.grisoft.com

The site is not working.

 

[~bk]

Well it's more then possible that a virus has disabled your AV ... I would scan your system again w/ something like housecall and see if it finds anything else. If your system is then clean you might have to reinstall your AV depending on how the virus went about disabling it.

I will do that in a moment.

 

[~bk]

Ok. I found one more virus when I scanned with Housecall.

Name of virus: DOS_AGOBOT.HM
Scan result: Non-cleanable
File: C:\Windows\system32\drivers\etc\hosts

So this is means I have to go to his particular folder and deleted that file?

 

[~bk]

I'm done with the scanning. After the scan was finished, I deleted that file.
So what do I do now?

 

[j79zlr]

The only line that should be in the hosts file by default is

127.0.0.1 localhost

everything else can be removed.

 

[ming]

The only line that should be in the hosts file by default is

127.0.0.1 localhost

everything else can be removed.

What is this file for? and what are the addresses in the file?
I've got probably 2 A4 pages full of addresses in that file. 😛

Last line says "#END of KL Supertrick...."

 

[~bk]

The only line that should be in the hosts file by default is

127.0.0.1 localhost

everything else can be removed.

I don't get it. 😕

 

[j79zlr]

The host file overrides name resolution, so an entry like

216.239.57.99 google.com

would resolve google.com to that IP address. Some new spyware hijacks this file and points normal address [i.e. symantec.com] to a spyware site.

now if you put in there

216.239.57.99 yahoo.com

Typing yahoo.com would actually take you to google.

this is what the default hosts file looks like

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

 

[~bk]

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Don't know if i'm supposed to post this but that's whats in the file.

 

[j79zlr]

😉

 

[~bk]

😉

Huh? 😕

 

[j79zlr]

Huh? 😕

I posted the default file, then you posted the same thing, yes that is what you are supposed to have in that file.

 

[ming]

sooo... what if it says something like 127.0.0.1 www.yahoo.com?? or 127.0.0.1 abcdefg?

 

[~bk]

I posted the default file, then you posted the same thing, yes that is what you are supposed to have in that file.

Oopss!

So that means everything is fine now?