w32.chod.d and the hosts file

Secure Home | Search | About

Lost Password?

Anti-Virus Software

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

w32.chod.d and the hosts file

Roland

07-04-2006

Re: w32.chod.d and the hosts file

Beauregard T. S...

07-04-2006

Re: w32.chod.d and the hosts file

Roland

07-04-2006

Re: w32.chod.d and the hosts file

Beauregard T. S...

07-04-2006

Re: w32.chod.d and the hosts file

Max

07-04-2006

Re: w32.chod.d and the hosts file

David H. Lipman

07-05-2006

Re: w32.chod.d and the hosts file

David H. Lipman

07-04-2006

Re: w32.chod.d and the hosts file

James Egan

07-05-2006

Posted by Roland on July 4, 2006, 9:40 am

If you were Registered and logged in, you could reply and use other advanced thread options

My sister had this virus and I removed it according to symantecs website and
it fixed everything except the area of the browser hijack not allowing
access to security related sites(i.e. symantec, mcaffee, etc.). Symantec
says this was done by adding lines to the hosts file located in
c:\windows\system32\drivers\etc. It also said that not all computers will
have this file and of course hers doesn't. Since she doesn't have this file
where did the changes occur? She has a Dell running the XP Media Center.

http://securityresponse.symantec.com/avcenter/venc/data/w32.chod.d.html

Posted by Beauregard T. Shagnasty on July 4, 2006, 10:15 am

If you were Registered and logged in, you could reply and use other advanced thread options

Roland wrote:

> My sister had this virus and I removed it according to symantecs

> website and it fixed everything except the area of the browser hijack

> not allowing access to security related sites(i.e. symantec, mcaffee,

> etc.). Symantec says this was done by adding lines to the hosts file

> located in c:\windows\system32\drivers\etc. It also said that not all

> computers will have this file and of course hers doesn't. Since she

> doesn't have this file where did the changes occur? She has a Dell

> running the XP Media Center.

Did you make sure you have Windows set to view all files?

The HOSTS file has no extension.

--
-bts
-Warning: I brake for lawn deer

Posted by Roland on July 4, 2006, 10:59 am

If you were Registered and logged in, you could reply and use other advanced thread options

> Roland wrote:

> > My sister had this virus and I removed it according to symantecs

> > website and it fixed everything except the area of the browser hijack

> > not allowing access to security related sites(i.e. symantec, mcaffee,

> > etc.). Symantec says this was done by adding lines to the hosts file

> > located in c:\windows\system32\drivers\etc. It also said that not all

> > computers will have this file and of course hers doesn't. Since she

> > doesn't have this file where did the changes occur? She has a Dell

> > running the XP Media Center.

> Did you make sure you have Windows set to view all files?

> The HOSTS file has no extension.

> --

> -bts

> -Warning: I brake for lawn deer

We did that yesterday but I gave her a call back just now to make sure and
it worked. She checked the wrong box yesterday. Two additional files did
show up in the folder that I do not think should be there.

"1hosts" and "hosts.msn"

It is safe to delete these two files isn't it? I know the the virus came
from msn messenger.

Thanks for the help.

Posted by Beauregard T. Shagnasty on July 4, 2006, 11:05 am

If you were Registered and logged in, you could reply and use other advanced thread options

Roland wrote:

>> Roland wrote:

>>> My sister had this virus [and HOSTS file]

>> Did you make sure you have Windows set to view all files?

>> The HOSTS file has no extension.

> We did that yesterday but I gave her a call back just now to make sure

> and it worked. She checked the wrong box yesterday. Two additional

> files did show up in the folder that I do not think should be there.

> "1hosts" and "hosts.msn"

Open them with a text editor and see what is in them.

> It is safe to delete these two files isn't it? I know the the virus

> came from msn messenger.

Won't know that until you see what is their content.

(I don't use messenger programs.)

--
-bts
-Warning: I brake for lawn deer

Posted by Max on July 4, 2006, 11:33 pm

If you were Registered and logged in, you could reply and use other advanced thread options

On 7/4/2006 10:59 AM, * Roland after much thought,came up with this gem:

>> Roland wrote:

>>> My sister had this virus and I removed it according to symantecs

>>> website and it fixed everything except the area of the browser hijack

>>> not allowing access to security related sites(i.e. symantec, mcaffee,

>>> etc.). Symantec says this was done by adding lines to the hosts file

>>> located in c:\windows\system32\drivers\etc. It also said that not all

>>> computers will have this file and of course hers doesn't. Since she

>>> doesn't have this file where did the changes occur? She has a Dell

>>> running the XP Media Center.

>> Did you make sure you have Windows set to view all files?

>> The HOSTS file has no extension.

>> --

>> -bts

>> -Warning: I brake for lawn deer

> We did that yesterday but I gave her a call back just now to make sure and

> it worked. She checked the wrong box yesterday. Two additional files did

> show up in the folder that I do not think should be there.

> "1hosts" and "hosts.msn"

> It is safe to delete these two files isn't it? I know the the virus came

> from msn messenger.

> Thanks for the help.

Yes it is safe to delete them.
The hosts file should look like this:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

and is found here:
C:\WINNT\system32\drivers\etc\hosts
there is another one here:
C:\WINNT\system32\drivers\etc\lmhosts.sam

Spybot Search and Destroy has a hosts file locking feature that works
well,I have a link to it on my pages(see below)
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages:
Virus Removal Instructions
http://home.neo.rr.com/manna4u/
Keeping Windows Clean
http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help and Tools
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to gmail.com to reply.

Similar Threads	Posted
disappearing hosts file	March 27, 2006, 10:30 am
hosts file, BitDefender, AVG	September 24, 2007, 4:00 pm
Problema AVG e file "hosts"	February 1, 2008, 5:01 am
Trend Micro & HOSTS file	February 3, 2006, 4:16 pm
Virus/Trojan/Ad/Spy/Malware that modifies hosts file when any program is run?	July 20, 2006, 12:40 am
Trendmicro Sysclean deleted lines from MVPS HOSTS file - false positives?	December 26, 2008, 9:13 pm
AVG: HOSTS reading error.	May 19, 2006, 1:07 pm
Anti Virus--Hosts Files--Internet Security	September 28, 2006, 3:42 pm
RE:AVG Error Message- Reading Error c:\windows\system32\drivers\etc\hosts	January 9, 2007, 5:33 pm
What is this file??	November 19, 2005, 2:16 am

The site map in XML format XML site map