Hosts file/IP address problem

happyoutscan

Please excuse me if this is in the wrong place, I did search and this was the closest thread to my problem (I hope).

Anyway, last few weeks my Local area connection has not been able to find my IP address. I ran a DrWeb scan a short while ago and this came up:

"Windows operating systems use the HOSTS file to map text hostnames to IP addresses. Modifications to the HOSTS file indicate possible operation of malicious software. Do you want to restore the default HOSTS file?

A copy of existing HOSTS file will be stored in the Dr.Web Quarantine directory."

I pressed No and did a complete scan which did not show up any virus etc.

Can anyone shed any light on what this may mean, did a Google on it but not very specific I'm afraid. Should I rescan and press Yes to the above when prompted?

Thanks again. Happyoutnoob

Spear

happyoutscan wrote: »

Please excuse me if this is in the wrong place, I did search and this was the closest thread to my problem (I hope).

Anyway, last few weeks my Local area connection has not been able to find my IP address. I ran a DrWeb scan a short while ago and this came up:

"Windows operating systems use the HOSTS file to map text hostnames to IP addresses. Modifications to the HOSTS file indicate possible operation of malicious software. Do you want to restore the default HOSTS file?

A copy of existing HOSTS file will be stored in the Dr.Web Quarantine directory."

I pressed No and did a complete scan which did not show up any virus etc.

Can anyone shed any light on what this may mean, did a Google on it but not very specific I'm afraid. Should I rescan and press Yes to the above when prompted?

Thanks again. Happyoutnoob

Check the hosts files and have a look for yourself first.

C:\windows\system32\drivers\etc\hosts

allybhoy

Ok. think Spear could have been more specific, although in fairness so could the OP. You dont really pinpoint what the problem is OP and if your loosing connectivity this probably wouldnt be the fault of the Host file, anyways ill give you a quick breakdown for future reference.

The hosts file is a text file, that basically can be used to point a web address to an IP and vice versa, it can be used for more complicated stuff aswell but thats basically what it does. As Spear said its located at C:\Windows\System32\drivers\etc and is usually hidden so you will have to make sure you can see hidden files and folders. When you open it, open it up with notepad and it should look like very similar to this...
____________________________________________________________
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

____________________________________________________________

If you have anything under the last line well then it is more than likely that you have malware or spyware. If for example after the last line, you have the following:-

127.0.0.1 www.girosoft.com
127.0.0.1 www.microsoft.com

This means that the virus has tried to block access to AVG (antivirus updates) and to microsoft for system updates. As it is pointing both sites to the localhost.

You can also use the hostfile as a basic and simple type of content filtering, to block access to bebo or facebook for example all you would do is add in the following lines....

127.0.0.1 www.bebo.com
127.0.0.1 www.facebook.com

But seeing as though you have never manipulated this file well then it stands to reason that a virus or malware of some sort has altered it, so the first thing I would do would be to run a full system scan using multiple antivirus programs, AVG, Avira etc, there are loads of free ones out there. Once the scan is completed, replace the host file (backup the original beforehand by naming it host_OLD or something) with a known good one, once you have changed it, reboot your machine and then open up the hosts file and see if its changed. Hope this helps.....

happyoutscan

Thanks for the replies, I'll take a look at it now and see what I can find.

dublinpd

Just adding that I recently was infected with some malware that changes the hosts file preventing you to access security sites for example.

Alun

On the other hand, some anti spyware programs (such as SpyBot SD's Immunize feature) deliberately populate the hosts file with entries to prevent access to known malware sites, so it doesn't have to be malware that caused this. It all comes down to what entriesa are in there.