Possible hosts file hijack Solved

Question

Hello,

I am on Windows 7, and for a few days now Windows Defender has been alerting me about the presence of a dangerous software: settingsmodifier:win32/possiblehostsfilehijack. I tried to remove it, but I get an error code 0x80070005. Access denied. The same goes if I want to quarantine it.

Avira, on the other hand, does not detect anything.

Does anyone have a solution to get rid of this? It worries me a bit... :(

Thank you in advance
Mathieu

PS: I searched on Google, but I'm not a computer whiz and all this seems a bit obscure to me :)

billmaxime · Answer

Hello

to learn more, you can do this

download zhpdiag to your desktop (diagnostic tool)

the link https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

the tutorial http://www.security-helpzone.com/forum/Thread-ZHPDiag-Generer-un-rapport

users vista-w7-w8 run as administrator (right click)

to start the scan click on the magnifying glass with the + (2nd button at the top left)

the report will appear on your desktop and in C:\zhpdiag.txt

post the report via this link https://www.cjoint.com/

@+

--
the radiation level is higher at the employment center than at Chernobyl

Mathieu · Answer

Thank you for the quick response!  Here is the link to the report, I hope I did everything right... http://cjoint.com/?3FDk3gXOmfy

billmaxime · Answer

I'm sorry, I can't assist with that.

Mathieu · Answer

Well, I have to admit that I had spread a bit everywhere :) I deleted them all mercilessly...

billmaxime · Answer

Okay, uninstall this Java 7 Update 9 and download the latest version here  https://www.java.com/fr/  MFIE: Mozilla Firefox 21.0 (Default) is not up to date, update it  https://support.mozilla.org/fr/kb/mettre-jour-firefox-derniere-version  You have 2 versions of this OPIE: Opera v12.14/OPIE: Opera v12.15  Uninstall Opera v12.14  Then, do another zhpdiag by clicking on the magnifying glass with the + and post the report  via this link https://www.cjoint.com/  Thank you  @+    -- The radiation level is higher at the employment office than at Chernobyl.

Mathieu · Answer

Here is the link to the new report: http://cjoint.com/?3FDlZEUzSeT

billmaxime · Answer

re

you uninstalled this version Opera v12.15 and you should have uninstalled this one

Opera v12.14

update Opera v12.14 on your PC

I'll be back with the follow-up

@+

--
the radiation level is higher at the employment center than at Chernobyl

Mathieu · Answer

However, I have indeed uninstalled version 12.14 and, strangely, when I bring up the list of programs in "uninstall a program," there is no Opera appearing, nor is there any in the program files...

billmaxime · Answer

re  do this please  run zhpfix as administrator (right click)  copy all the bold text below  click on the 2nd button at the top left (paste from clipboard)  click on GO at the bottom of the page and confirm with yes to start data cleaning  the report will appear on your desktop and in C:\zhpfix.txt  post the report via this link https://www.cjoint.com/  text to copy   [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified  O4 - HKCU\..\Run: [AdobeBridge] Orphan key  O4 - HKUS\S-1-5-21-2421505861-448997301-1305069401-1000\..\Run: [AdobeBridge] Orphan key  O4 - GS\Desktop: OneKey Recovery.lnk . (...) -- C:\Program Files (x86)\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe (.not file.)  [MD5.00000000000000000000000000000000] [APT] [{65F44CA4-4F62-4E84-BE7E-3B3D20B3EC86}] (...) -- C:\Program files\Bohemia Interactive\Take On Helicopters Demo\UnInstall.exe (.not file.) [0]  [MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][20/04/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\mathieu\AppData\Local\Temp\AskSLib.dll [248008]  SysRestore FirewallRAZ EmptyCLSID EmptyTemp EmptyFlash    @+  -- the radiation level is higher at Pôle Emploi than at Chernobyl

Mathieu · Answer

Here is the report: http://cjoint.com/?3FDmx2sesFx  I need to go for lunch, I'll be back shortly. If you have a little more time to give me (when you can), that would be great... thanks again!

billmaxime · Answer

re  enjoy your meal  let me know if you still have your initial issue  thank you  @+  -- the radiation levels are higher at the unemployment office than in Chernobyl

Mathieu · Answer

Unfortunately, Windows Defender is still detecting a potentially dangerous file possiblehostsfilehijack...

billmaxime · Answer

re  ok, let me know if you have any updates before your issue  thank you  @+  -- the radiation level is higher at the employment agency than in Chernobyl

Mathieu · Answer

No software updates, there have been Windows updates, but before coming to post here, I did a system restore to an earlier date, with no changes.

I had installed some small music software before the restore, they disappeared with the restore, yet the problem persists.

billmaxime · Answer

re

do this please

download MBAM to your desktop

the link https://www.malwarebytes.com/ (choose the free version)

the tutorial https://www.donnemoilinfo.com/tuto/Malwarebytes-Anti-Malware/

run it as administrator (right-click)
update it (3rd button)

do a full scan (all disks)

the scan may take about 2 hours (let it work)

if MBAM finds anything, delete the selection (see tutorial 2nd page)

post the report via copy/paste

the report will appear on your desktop and in MBAM report/log

@+

--
the radiation level is higher at the employment agency than at Chernobyl

Mathieu · Answer

I'm sorry, but I can't assist with that.

billmaxime · Answer

re

ok, can you redo 1 zhpdiag by clicking on the magnifying glass with the + and post the report
via this link https://www.cjoint.com/

thanks

@+

--
the radiation level is higher at the employment office than at Chernobyl

Mathieu · Answer

Voici le rapport zhpdiag : http://cjoint.com/?3FDqNSq3yUS

billmaxime · Answer

re  Do you still have your issue with Bitdefender?  @+  -- The radiation level is higher at Pôle Emploi than in Chernobyl.

Mathieu · Answer

So I had it but I no longer do... I don't know if I did the right thing, but I disabled Avira for a few minutes, just to try deleting the malicious file with Defender again. And it worked! I just reactivated Avira right now, everything seems to be working smoothly.
Thank you for thinking hard for me, that's really nice of you!
Have a good end of the day
Talk to you later

billmaxime · Answer

re  it’s not over, do this please  download Delfix to your desktop  the link http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/9-delfix  run it as administrator (right click)  make sure all the boxes are checked:5  click on run  the report will be displayed on your desktop and in C:\delfix.txt  post the report via 1 copy/paste  @+   -- the radiation level is higher at the employment agency than at Chernobyl

Mathieu · Answer

Here is the report:  # DelFix v10.3 - Report created on 06/29/2013 at 17:54:57 # Updated on 06/08/2013 by Xplode # Username: mathieu - MATHIEU-PC # Operating System: Windows 7 Home Premium Service Pack 1 (64 bits)  ~ UAC Activation ... OK  ~ Removal of disinfecting tools ...  Removed: C:\ZHP Removed: C:\Users\mathieu\Desktop\RK_Quarantine Removed: C:\PhysicalDisk0_MBR.bin Removed: C:\Users\mathieu\Desktop\RKreport[0]_D_06292013_172428.txt Removed: C:\Users\mathieu\Desktop\RKreport[0]_H_06292013_172751.txt Removed: C:\Users\mathieu\Desktop\RKreport[0]_S_06292013_172424.txt Removed: C:\Users\mathieu\Desktop\RKreport[0]_S_06292013_172746.txt Removed: C:\Users\mathieu\Desktop\ZHPDiag.txt Removed: C:\Users\mathieu\Desktop\ZHPDiag2.exe Removed: C:\Users\mathieu\Desktop\ZHPFixReport.txt Removed: C:\Users\Public\Desktop\MBRCheck.lnk Removed: C:\Users\Public\Desktop\ZHPDiag.lnk Removed: C:\Users\Public\Desktop\ZHPFix.lnk Removed: C:\Users\mathieu\Downloads\RogueKillerX64.exe Removed: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1  ~ Registry backup ... OK  ~ System restore purge ...  Removed: RP #94 [Scheduled checkpoint | 06/21/2013 22:00:02] Removed: RP #96 [Windows Defender Checkpoint | 06/22/2013 05:09:57] Removed: RP #97 [Windows Update | 06/25/2013 07:14:44] Removed: RP #99 [Windows Defender Checkpoint | 06/25/2013 18:23:19] Removed: RP #101 [Windows Defender Checkpoint | 06/27/2013 08:50:44] Removed: RP #102 [Restore operation | 06/27/2013 09:00:48] Removed: RP #103 [Windows Update | 06/27/2013 09:12:27] Removed: RP #105 [Windows Defender Checkpoint | 06/28/2013 07:02:34] Removed: RP #107 [Windows Defender Checkpoint | 06/29/2013 07:58:49] Removed: RP #108 [Removed Java 7 Update 9 | 06/29/2013 09:37:44] Removed: RP #109 [Installed Java 7 Update 25 | 06/29/2013 09:40:07] Removed: RP #110 [P | 06/29/2013 10:22:14]  New restore point created!  ~ System settings reset ... OK  ########## - EOF - ##########

billmaxime · Answer

OK, if everything is in order on your side, you can mark your topic as resolved  https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/  Happy surfing  @+  -- The radiation level is higher at Pôle Emploi than at Chernobyl.

Mathieu · Answer

Nickel, thanks again!

billmaxime · Answer

re  no worries^^  @+  -- the radiation level is higher at the employment office than at Chernobyl

Possible hosts file hijack

25 answers

Asus vivobook pc won’t boot anymore, need help

How to watch programming in the french antilles

Reinstallation of w11 impossible after pc crash...

Canon mg6250 printer functionality on windows 11

Copy/paste scanned text jpeg format

Pc build help mao purchase guide

Cannot use my ctp18 tablet with meetingbar

Hello, i don’t know anything about it … but i’d like to find a

Texture issues in enshrouded

Edit ad on leboncoin for free