honeypalace.cn

[Broni]

Won't that accomplish the same thing as restoring the hosts file to a previous date using Spybot like I've already done?

Probably. Just run HJT again, and see, if O1 entry is there.

As for blocking sites, unfortunately, hosts file doesn't support wildcard characters (*).

[Syzich]

I just used HostsXpert to restore the hosts file. Then I immunized with Spybot again to add Spybot's hosts entries and then I added my own. After scanning with HijackThis, the 01 entry is no longer present . Thanks, Broni.

Why do you think the 01 entry was showing in the HijackThis log anyway? Do you think my hosts file was somewhat corrupted, like Fink said?

[Broni]

Some malwares will edit "hosts" file entries.

If you want to be on a safe side....

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to screw_you.exe

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under [b]General and Startup" tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies can be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

[Syzich]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/02/2009 at 08:18 AM

Application Version : 4.24.1004

Core Rules Database Version : 3693
Trace Rules Database Version: 1669

Scan type : Complete Scan
Total Scan Time : 01:00:49

Memory items scanned : 174
Memory threats detected : 0
Registry items scanned : 4193
Registry threats detected : 0
File items scanned : 35348
File threats detected : 33

Adware.Tracking Cookie
C:\Documents and Settings\Syzich\Cookies\syzich@atwola[4].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@interclick[2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][3].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][3].txt
C:\Documents and Settings\Syzich\Cookies\syzich@crossmediaservices[2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][3].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@nextag[1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@insightexpressai[1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@tacoda[1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@kontera[2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][3].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\syzich@collective-media[1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@revsci[1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\syzich@atwola[2].txt
C:\Documents and Settings\Syzich\Cookies\syzich@atwola[3].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt

[Syzich]

Malwarebytes' Anti-Malware 1.31
Database version: 1596
Windows 5.1.2600 Service Pack 3

1/2/2009 9:23:03 AM
mbam-log-2009-01-02 (09-23-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 76610
Time elapsed: 18 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[fink]

It all looks ok. The hosts file entry was apparently just an anomoly or some corruption.