Re: Hosts file/NAV cannot repair
From: Frustrated (Frustrated_at_discussions.microsoft.com)
Date: 01/21/05
- Next message: Roger Abell: "Re: Services snap in & Security"
- Previous message: Patrick J. LoPresti: "Re: Reporting Hackers"
- In reply to: Malke: "Re: Hosts file/NAV cannot repair"
- Next in thread: Malke: "Re: Hosts file/NAV cannot repair"
- Reply: Malke: "Re: Hosts file/NAV cannot repair"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Jan 2005 16:03:02 -0800
Thank you Malke, your info is most helpful.
I have the hosts fixed, I think, and am trying to work through the rest of
the steps. I am now receiving, both in Safe Mode and regular, a low memory
error, windows is changing page faults. This is happening after being on for
1/2 hour or so. It stalls whatever I am doing. Can't finish the online
Windows updates.
I NAV2005 has also found W32.Korgo.AB and reports unable to repair/access
denied to eytujq.dll.
Any suggestions??
"Malke" wrote:
> Frustrated wrote:
>
> > I am trying to clean up a friends computer. Groan. In attempting to
> > use live update for NAV 2005, I receive the message that
> > 255.255.255.255
> > ar.atwola.com is already listed in the hosts file. I tell the program
> > yes
> > delete it. It does not delete. Searching this site and others, I
> > have
> > attempted to edit the hosts file, but it does not stick. One advise
> > was to
> > rename the file, and Windows XP would add a new hosts file. Guess
> > what...it
> > is for 255.255.255.255! Not the one I wanted!
> >
> > Can anyone help???
> > Frustrated in Florida
>
> Clean up the hosts file in Safe Mode. Do all your scanning and cleaning
> in Safe Mode.
>
> 1. In XP's Search preferences, set the files and folders handling to
> Advanced, and then check the box that will make Search look in hidden
> files/folders.
> 2. Now enter the search term "hosts" without the quotes.
> 3. You may get several hosts and lmhosts files. Usually you are only
> concerned with hosts, but it doesn't hurt to check any others you might
> get from the search. Double-click each one to open it. When you do
> this, you'll get a Windows dialog box saying that Windows cannot open
> this file, do you want to use the web or select from a list to find the
> proper program. Choose "select from a list" and highlight Notepad. Make
> sure the box to always use this program to open this type of file is
> not checked.
> 4. Now carefully examine the file. Lines that begin with a # are
> comments and don't count. Leave them alone. Unless you know you use a
> proxy server to get to the Internet or you added entries yourself, the
> only uncommented entry that should be there is:
>
> 127.0.0.1 localhost
>
> If you see any other entries, delete them and Save the file. Make sure
> you scroll all the way down to the bottom of the window if there is a
> scrollbar. Do this for each file you found. Now you should be able to
> get to antivirus and spyware-fighting websites.
>
> Let us know if you need more help. Remember that you will also need to
> clean non-viral malware. Here are general removal instructions:
>
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix (or WinSockFix for XP which you
> can get from MajorGeeks) - see links below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See below for
> HijackThis links, including sites where you can post your HJT logs. A
> combination of HijackThis and About:Buster works well in removing the
> About:Blank homepage hijacker. Again, this is an expert tool and
> novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore because malware will be in the Restore Points. With ME, you
> must disable System Restore completely. With XP, you can delete all but
> the most recent (presumably clean) System Restore point from the More
> Options section of Disk Cleanup (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_download.html
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> removing spyware
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://forum.aumha.org/
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
>
> General:
> http://forum.aumha.org/ - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>
- Next message: Roger Abell: "Re: Services snap in & Security"
- Previous message: Patrick J. LoPresti: "Re: Reporting Hackers"
- In reply to: Malke: "Re: Hosts file/NAV cannot repair"
- Next in thread: Malke: "Re: Hosts file/NAV cannot repair"
- Reply: Malke: "Re: Hosts file/NAV cannot repair"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
