|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
August 4th 09, 06:30 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
Hosts file keeps changing every second
Hi There.
Since a while ago, I am having an issue with the hosts file located in c:\windows\system32\drivers\etc, it keeps changing every second with weird information. Here is the information: 201.114.35.200 bancomer.com 201.114.35.200 bancomer.com.mx 201.114.35.200 www.bancomer.com 201.114.35.200 www.bancomer.com.mx 192.193.230.100 www.banamex.com 192.193.230.100 banamex.com 192.193.230.100 www.banamex.com.mx 192.193.230.100 banamex.com.mx 200.76.36.117 www.bb.com.mx 200.76.36.117 bb.com.mx I tried to use several antivirus and anti-spyware software, tried to stop the DNS service but still the issue. It would be great if you can provide me any help in this regarding. Thanks Alejandro. 
|
| Ads |
|
#2
August 4th 09, 07:18 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Hosts file keeps changing every second
Your computer is infected with malware.
Ordinarily, I do not counsel users to attempt to recover from malware infections unless they feel comfortable with advanced repair procedures. Better to show the computer to a professional. --- Leonard Grey Errare humanum est Alejos wrote: Hi There. Since a while ago, I am having an issue with the hosts file located in c:\windows\system32\drivers\etc, it keeps changing every second with weird information. Here is the information: 201.114.35.200 bancomer.com 201.114.35.200 bancomer.com.mx 201.114.35.200 www.bancomer.com 201.114.35.200 www.bancomer.com.mx 192.193.230.100 www.banamex.com 192.193.230.100 banamex.com 192.193.230.100 www.banamex.com.mx 192.193.230.100 banamex.com.mx 200.76.36.117 www.bb.com.mx 200.76.36.117 bb.com.mx I tried to use several antivirus and anti-spyware software, tried to stop the DNS service but still the issue. It would be great if you can provide me any help in this regarding. Thanks Alejandro.
|
|
#4
August 5th 09, 07:29 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Hosts file keeps changing every second
http://threatinfo.trendmicro.com/vin...AN%2EC&VSect=T This looks like a phishing Trojan which redirects accesses to bancomer.com websites to a malicious site. If you are a Bancomer customer and have entered any passwords into these pages, you should immediately change your online passwords and inform your bank that your account may have been compromised. "Alejos" wrote: Hi There. Since a while ago, I am having an issue with the hosts file located in c:\windows\system32\drivers\etc, it keeps changing every second with weird information. Here is the information: 201.114.35.200 bancomer.com 201.114.35.200 bancomer.com.mx 201.114.35.200 www.bancomer.com 201.114.35.200 www.bancomer.com.mx 192.193.230.100 www.banamex.com 192.193.230.100 banamex.com 192.193.230.100 www.banamex.com.mx 192.193.230.100 banamex.com.mx 200.76.36.117 www.bb.com.mx 200.76.36.117 bb.com.mx I tried to use several antivirus and anti-spyware software, tried to stop the DNS service but still the issue. It would be great if you can provide me any help in this regarding. Thanks Alejandro.
|
|
#5
August 5th 09, 04:34 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Hosts file keeps changing every second
Alejos wrote:
Hi There. Since a while ago, I am having an issue with the hosts file located in c:\windows\system32\drivers\etc, it keeps changing every second with weird information. Here is the information: 201.114.35.200 bancomer.com 201.114.35.200 bancomer.com.mx 201.114.35.200 www.bancomer.com 201.114.35.200 www.bancomer.com.mx 192.193.230.100 www.banamex.com 192.193.230.100 banamex.com 192.193.230.100 www.banamex.com.mx 192.193.230.100 banamex.com.mx 200.76.36.117 www.bb.com.mx 200.76.36.117 bb.com.mx I tried to use several antivirus and anti-spyware software, tried to stop the DNS service but still the issue. It would be great if you can provide me any help in this regarding. Use SysInternals' FileMon to see what malware process is accessing the hosts file. Obviously whatever were the unidentified antivirus and anti-malware software doesn't include HIPS (host intrustion protection system) features to alert when a process is modifying the hosts file and prompt you to allow or block that action.
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
