Looks fairly standard routine you’ve gone through, John.
Your computer should be clean again for now. All things going well.
However, the following suggests that you have some weaknesses in your security, which should really be sorted out once your up and running, so that this kind of thing doesn’t happen again.
I left my computer on overnight to upload a video, but when I got up this morning the avast! (home edition) icons were missing from the tray.
Don’t hesitate to ask, and the forum will help you put together an airtight defense.
Edit - sorry I posted same time as your HjT came through. Someone will attend to it before long.
Thanks, mkis, I’m really pushed for time at the moment, but is there anything I ought to do about the Hijack-this report?
During its scan, a pop-up said I had loads of entries beginning with “O1” and I should consider deleting my Hosts file.
Presumably it is safe to do that, only I’ve forgotten where its hidden (I’m sure I’ll find it somehow).
The offer on help in putting together an airtight defense sounds pretty good
I just tried the shortcut to Avast! and I’m still getting the original error. I didn’t really expect to work - I suppose I have to uninstall and reinstall again?
This is strange as I wasn’t aware of any such HJT function to alert in this way, I though it just gathered data and ‘you or others’ analysed that data.
The O1 entries redirect liveadvert.com to livetechnology.com (that is where the IP addresses are.
I would fix ‘all the O1 Hosts entries in HJT,’ I don’t know if that also clears the entries within the hosts file.
HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.
Once open you are looking for those entries that are listed in the HJT log and delete those lines. Also look for other entries with avast.com on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file
There are some things you need to do. But I would prefer that someone advised on your HjT log first. I’m not an expert on these logs, but at first glance looked like a fairly heavy infestation of spyware type malware but maybe something a bit deeper not helping things.
Edit - okay you got some help. If you look at my profile below, you will see that I protect my hosts file from intrusions.
[PS: My hosts file is too long to post in one go so I’ve split it into two (correctly, I hope)]
Hi ya,
I used HJT to delete the liveadvert.com entries and then a whole new lot of O1 entries appeared when I re-ran HJT.
I started to delete these, but when I looked at the Hosts file itself, it said they had been inserted by Spybot which I last ran 18 months ago (I had forgotten about this program).
I could put back the Spybot entries I’ve deleted, but I don’t know if I should or not. I’m guessing that the reason all the entries have the same date is because Spybot put them there.
Er, I’m not sure what to do about the Hosts file (which I’ll attach) - and should I try uninstalling/re-installing Avast! yet?
John I think you need to clear your hosts file anyway and let it reset from default.
I havent come across this kind of thing before so I’m going to run a temporary plan of attack to you and I think you should perhaps wait for a second opinion as there may be different ways to sort out the problem. My way is a basic fix-it by starting your hosts protection off all over again with mvps. I’m not going to bother looking at whats in there or what may be trying to take over if that is the case. Seems was doing an okay job back when you were also using Spybot.
This is the text you’re looking for – (where the blue color denotes hyperlinks)
To view the HOSTS file in plain text form. (597 kb) (opens in browser)
Note: The text version also makes a terrific reference for determining possible unwanted sites
Download: hosts.zip [right-click - Select: Save Target As] [Updated May-11-2009]
This download includes a simple batch file (mvps.bat) that will rename the existing HOSTS file to HOSTS.MVP then copy the included updated HOSTS file to the proper location. For more information please see the readme.txt included in the download.
You will want to download hosts.zip from the page. Extract files from the zip package and and follow directions on the readme text document closely.
You might also look at using Hostman, which should return your hosts file to the state it was in back in the days when you also had Spybot.
But for now, just hold on a moment and see if we have another opinion because I 'm not sure whether the hosts file issue is the cause of your problem or just another effect. In the event you run with mvps for hosts file protectoin then you can run another HjT scan and see what is brought up this time.