AVG Error Message- Reading Error c:\windows\system32\drivers\etc\hosts
in [Anti-Virus]
|
Prev: LGKodiak Cruise Window
Next: MULTI_AV v4.05
From: ICU on 12 Jan 2007 10:33 "Beauregard T. Shagnasty" <a.nony.mous(a)example.invalid> wrote in news:m3Aph.370031$Fi1.109910(a)bgtnsc05-news.ops.worldnet.att.net: > ICU wrote: > >> BTW I have already discovered It doesn't tell you it's changed if you >> replace it with the original host file. > > Logic (<g>) would indicate that it should no longer tell you it was > changed. If it does, can you trust the program for complex things? > ('cause there's sure nothing complex about the hosts text file.) > > Maybe it thinks that any entry other than the must-have > 127.0.0.1 localhost > is a problem. If so ... see above about trust. > Well this morning's scan gave me the "changed" message again, so how can I trust it? I'm just being rhetorical, logic prevails.(G) Thanks for the reply. ICU
From: Beauregard T. Shagnasty on 12 Jan 2007 11:22 ICU wrote: > "Beauregard T. Shagnasty" <a.nony.mous(a)example.invalid> wrote: > <snip> > > Well this morning's scan gave me the "changed" message again, so how > can I trust it? I'm just being rhetorical, logic prevails.(G) Thanks > for the reply. Just thought of something. Earlier you said "Did that...tried yours and and one from the MVPS site, both give a warning/alert "HOSTS " changed when doing a scan." When you copied in the text from the second file, did you remove all the text from the previous attempt? IOW, did you overwrite or append? You should overwrite. I'm not certain if this will make a difference with your scanner, but it was a thought. Maybe you need to ask AVG why it alerts (I don't use it). -- -bts -Motorcycles defy gravity; cars just suck
From: rich on 12 Jan 2007 11:27 On Wed, 10 Jan 2007 17:26:22 GMT, ICU <ICU(a)Nowhere.com> wrote: >"Beauregard T. Shagnasty" <a.nony.mous(a)example.invalid> wrote in >news:rD8ph.361530$Fi1.166372(a)bgtnsc05-news.ops.worldnet.att.net: > >> ICU wrote: >> >>> I'm also now left with the question of why do I not have >>> c:\windws\system32 \drivers\etc\hosts or am I even supposed to have >>> it. >> >> S'far as I know, a HOSTS file is not required by any version of .. any >> OS. >> >> But why not create one? Make an empty text file in the folder >> c:\windows\system32\drivers\etc\ >> named: HOSTS [no extension] >> >> Copy this text into it: >> http://k75s.home.att.net/hostsfile.txt >> >> See: http://k75s.home.att.net/tips.html#hosts >> > >Thanks for the reply, links stc. >After a quick scan/read of the info you posted I looked again at c:\windows >\system32\drivers\etc\ >There were two files there with "hosts" in the name, one was hosts.bak and >another with Imhosts.sam, I decided to copy hosts.bak to "hosts" no >extension. >BTW readng the hosts.bak file showed me it was the original sample hosts >file, why or how it was renamed to hosts.bak is beyond me, the date on the >file was back in Feb. >Anyway everything so far is now running correctly, AVG (free) is no longer >producing an error message. >Thanks again for steering me in the right direction, it's much appreciated. This is very weird. I had the exact same thing happen to me. My AVG had been running fine until yesterday when I got the same error message as you. I removed the .bak and when I ran AVG instead of "error" it said "change". Normally whenever I would run AVG I would get the "change" message in that dialog section. Btw, the exploit situation seems to have resolved itself. I downloaded the scanner, ran it in normal mode, and it did not find any viruses. Since I ran the scan I have not seen the exploit threat listed. Rich > >ICU. >
From: Beauregard T. Shagnasty on 12 Jan 2007 11:40 rich(a)notyahoo.com wrote: > This is very weird. I had the exact same thing happen to me. My AVG > had been running fine until yesterday when I got the same error > message as you. I removed the .bak and when I ran AVG instead of > "error" it said "change". Normally whenever I would run AVG I would > get the "change" message in that dialog section. Aha. So now a good guess would be that AVG has added something to their latest definitions or program, and is now issuing a false positive. Time to ask them about it - why is it alerting on anything other than the default hosts file? -- -bts -Motorcycles defy gravity; cars just suck
From: rich on 12 Jan 2007 11:51
On Fri, 12 Jan 2007 16:40:03 GMT, "Beauregard T. Shagnasty" <a.nony.mous(a)example.invalid> wrote: >rich(a)notyahoo.com wrote: > >> This is very weird. I had the exact same thing happen to me. My AVG >> had been running fine until yesterday when I got the same error >> message as you. I removed the .bak and when I ran AVG instead of >> "error" it said "change". Normally whenever I would run AVG I would >> get the "change" message in that dialog section. > >Aha. So now a good guess would be that AVG has added something to their >latest definitions or program, and is now issuing a false positive. > >Time to ask them about it - why is it alerting on anything other than >the default hosts file? Now every time I run AVG it says change. But come to think of it, AVG has been saying change for that file for a while now. It switched from change to error yesterday. I was just ignoring that change message not realizing that it may be a result of some malicious activity. My computer illiteracy is showing. I think I will hang out in this group for a while as it appears that there are a bunch of experts who hang out here. Thanx for the help. Rich |