DreamScene looks legit:

http://www.castlecops.com/o22list-85.html

As do the other entries.

The analyser I used did not highlight them:

http://www.hijackthis.de/logfiles/93ffc21a4bfc91df95b71499b8eee690.html

I’d say leave them.

Are you still being re-directed to malicious web sites?

no redirects since the last one i had yesterday.

is this what you wanted tech?

Copyright (c) 1993-2006 Microsoft Corp.

This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

This file contains the mappings of IP addresses to host names. Each

entry should be kept on an individual line. The IP address should

be placed in the first column followed by the corresponding host name.

The IP address and the host name should be separated by at least one

space.

Additionally, comments (such as these) may be inserted on individual

lines or following the machine name denoted by a ‘#’ symbol.

For example:

102.54.94.97 rhino.acme.com # source server

38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

This line shouldn’t be there. You can safely remove it and save the hosts file again (you must be logged as an administrator to do so).

how do i do that?

ty

I think that line is OK - well I just checked 2 Vista laptops and it is present on both.

The line is probably ok where it is

But for the future, if you ever have to edit the host file, open the file with note pad delete the offending entry and save.

so i should leave it? im at the threshold of deletion

yea thanks i googled to figure out the host thing. ok i’ll leave it for now

What does it mean?

I’m still learning Vista so at this point I’m just saying I think its normal/common. I know its not the best answer …

The list of tools that will run on Vista is rather short. Runscanner may help.

Download http://www.runscanner.net/download.aspx and install it.
Double click the Runscanner icon to run the program and choose Expert Mode.
Choose a Full Scan and click Start Scan. If internet access is requested allow it through your firewall.

When the scan is complete click Export .run File. Name it Runscan.run and attach that file to your next response. Also post the contents of the txt file log.

may help

http://en.wikipedia.org/wiki/Localhost

The host line is a legit vista file 1::

thanks …

and thanks …

Thanks oldman, living and learning.
localhost always translates to the loopback IP address 127.0.0.1 in IPv4, or ::1 in IPv6.

the trojan is called the JS:Agent Q{tr} the url which i did not elect to go to but loaded up in tandem were at first http: //80.93.48.74/opiwecowebowi/ & http: //80.93.56.229/xurrvyqvswqcwq

I just got the same sort of detection while viewing a junk mail:

Hey man, check out these pics I took of my Ex-Wife. Man she was hot.

I knew this was going to be a page with a link to a virus, obviously!!

Agent Q seems to be some sort of exploit on the page, which has a download link not to naughty pictures, but to a malware file, msdataaccess.exe: the latest ‘Storm’ worm.

This one was not detected by avast! - emailed from the chest.

Good that avast! caught the exploit, though.

http://donaldbroatch.users.btopenworld.com/agentq.png

The moral here is don’t open junk mails which offer naughty pictures- the file will be a virus and the download page will try to nail you with an exploit.

If that is what happened, of course.

no but ty