Windows Host File+quarantine Question

Yorick
edited August 2007 in General talk

Greetings, new to this forum and i have 2 questions.


1. the simple one i think, I have some files in the quarantine, of wich i know they are virusses, but i don't like to have them on my PC,even if they are unable to run.


How do i not only remove them from quarantine, but also from my HD?( so far i use a rather aggresive scan each 2 weeks, wich has ''delete'' as first actian, but mostly at night )


2. ive just took a look at my windows host file, don't know why actually, probaly 'cause i got infected with some silly virusses(they where actually blocked though :D )


But i found some stuff wich i don't trus, see the list below (the upper part is in dutch, but it is all about the list)


List from windows Host file:


# Copyright © 1993-1999 Microsoft Corp.


#


# Dit is een voorbeeld HOSTS-bestand dat wordt gebruikt door Microsoft TCP/IP for Windows.


#


# Dit bestand bevat de toewijzingen van IP-adressen naar hostnamen. Elke vermelding


# moet op een afzonderlijke regel staan. Het IP-adres dient in de eerste kolom te worden


# geplaatst, gevolgd door de bijbehorende hostnaam. Het IP-adres en de hostnaam dienen


# gescheiden te zijn door ten minste één spatie.


#


# Daarnaast kunnen opmerkingen (zoals deze) worden toegevoegd op extra


# regels of gevolgd door de computernaam, voorafgegaan door een #.


#


# Bijvoorbeeld:


#


# 102.54.94.97 rhino.acme.com # bronserver


# 38.25.63.10 x.acme.com # x clienthost


127.0.0.1 localhost


127.0.0.1 www.newsleecher.com


127.0.0.1 newsleecher.com


127.255.255.255 serial.alcohol-soft.com


127.255.255.255 www.alcohol-soft.com


127.255.255.255 images.alcohol-soft.com


127.0.0.1 bin.errorprotector.com ## added by CiD


127.0.0.1 br.errorsafe.com ## added by CiD


127.0.0.1 br.winantivirus.com ## added by CiD


127.0.0.1 br.winfixer.com ## added by CiD


127.0.0.1 cdn.drivecleaner.com ## added by CiD


127.0.0.1 cdn.errorsafe.com ## added by CiD


127.0.0.1 cdn.winsoftware.com ## added by CiD


127.0.0.1 de.errorsafe.com ## added by CiD


127.0.0.1 de.winantivirus.com ## added by CiD


127.0.0.1 download.cdn.drivecleaner.com ## added by CiD


127.0.0.1 download.cdn.errorsafe.com ## added by CiD


127.0.0.1 download.cdn.winsoftware.com ## added by CiD


127.0.0.1 download.errorsafe.com ## added by CiD


127.0.0.1 download.systemdoctor.com ## added by CiD


127.0.0.1 download.winantispyware.com ## added by CiD


127.0.0.1 download.windrivecleaner.com ## added by CiD


127.0.0.1 download.winfixer.com ## added by CiD


127.0.0.1 drivecleaner.com ## added by CiD


127.0.0.1 dynamique.drivecleaner.com ## added by CiD


127.0.0.1 errorprotector.com ## added by CiD


127.0.0.1 errorsafe.com ## added by CiD


127.0.0.1 es.winantivirus.com ## added by CiD


127.0.0.1 fr.winantivirus.com ## added by CiD


127.0.0.1 fr.winfixer.com ## added by CiD


127.0.0.1 go.drivecleaner.com ## added by CiD


127.0.0.1 go.errorsafe.com ## added by CiD


127.0.0.1 go.winantispyware.com ## added by CiD


127.0.0.1 go.winantivirus.com ## added by CiD


127.0.0.1 hk.winantivirus.com ## added by CiD


127.0.0.1 instlog.errorsafe.com ## added by CiD


127.0.0.1 instlog.winantivirus.com ## added by CiD


127.0.0.1 instlog.winfixer.com ## added by CiD


127.0.0.1 jsp.drivecleaner.com ## added by CiD


127.0.0.1 kb.errorsafe.com ## added by CiD


127.0.0.1 kb.winantivirus.com ## added by CiD


127.0.0.1 nl.errorsafe.com ## added by CiD


127.0.0.1 se.errorsafe.com ## added by CiD


127.0.0.1 secure.drivecleaner.com ## added by CiD


127.0.0.1 secure.errorsafe.com ## added by CiD


127.0.0.1 secure.winantispam.com ## added by CiD


127.0.0.1 secure.winantispy.com ## added by CiD


127.0.0.1 secure.winantivirus.com ## added by CiD


127.0.0.1 support.winantivirus.com ## added by CiD


127.0.0.1 trial.updates.winsoftware.com ## added by CiD


127.0.0.1 ulog.winantivirus.com ## added by CiD


127.0.0.1 utils.errorsafe.com ## added by CiD


127.0.0.1 utils.winantivirus.com ## added by CiD


127.0.0.1 utils.winfixer.com ## added by CiD


127.0.0.1 winantispyware.com ## added by CiD


127.0.0.1 winantivirus.com ## added by CiD


127.0.0.1 winfixer.com ## added by CiD


127.0.0.1 winfixer2006.com ## added by CiD


127.0.0.1 winsoftware.com ## added by CiD


127.0.0.1 www.drivecleaner.com ## added by CiD


127.0.0.1 www.errorprotector.com ## added by CiD


127.0.0.1 www.errorsafe.com ## added by CiD


127.0.0.1 www.systemdoctor.com ## added by CiD


127.0.0.1 www.utils.winfixer.com ## added by CiD


127.0.0.1 www.win-anti-virus-pro.com ## added by CiD


127.0.0.1 www.win-virus-pro.com ## added by CiD


127.0.0.1 www.winantispam.com ## added by CiD


127.0.0.1 www.winantispy.com ## added by CiD


127.0.0.1 www.winantispyware.com ## added by CiD


127.0.0.1 www.winantivirus.com ## added by CiD


127.0.0.1 www.winantiviruspro.com ## added by CiD


127.0.0.1 www.windrivecleaner.com ## added by CiD


127.0.0.1 www.windrivesafe.com ## added by CiD


127.0.0.1 www.winfixer.com ## added by CiD


127.0.0.1 www.winfixer2006.com ## added by CiD


127.0.0.1 www.winsoftware.com ## added by CiD


Strange it sure is, a couple months ago i had a look as well, and there was only one in the list,and that was the local host one,so is this the work of a virus?or can i simply ignore this?


The most strange thing is, i never use those apps listed, like winantivirus, so it is kinda weird, might be because it is late here, ###### virusses mess up my night sleep :P


Im using Bitdefender Anti virus v10 plus.


Agnitum outpost firewall pro (newest)


WEbroot Spy Sweeper(newest)


Windows XP Home SP2


C2D E6400 2.14Ghz


2GB RAM 667 Mhz


Dear regards,


Yorick Peterse

Comments

  • 1. if you delete the files from the quarantine they are removed from hdd.


    2. as for the host file , you have either used or you are using illegal copies of some software programs. shame on you...

  • Hello Yorick Peterse


    Your first question is already answered correctly by claudiu.


    Did you use a kind of security program? Such as spywareblaster,spybot search & destroy, ... Because these programs add these changes to your host file so you can't visit these risk sites. If you don't have enable that feature delete all references except 127.0.0.1 and save the hosts file under the same name. Also keep the examples. Also malware can misuse your host file to redirect you to any site they want.


    Regards


    Niels


    Hello claudiu


    That is not true security programs make also these changes so you can't access these websites. The immunization function of spybot search & destroy has this feature also spywareblaster,....


    This has nothing to do with illegal copies of something. Malware uses this also so they can redirect you to any website they want. Here some information: hostsfile and here : Hosts file


    Regards


    Niels

  • Niels posted a link to MVPS host file, i suggest to use it, it will block a lot of adds and "bad" sites.

  • Thanks guys, that helped a lot.now i can delete those virusses, i used a custom scan wich had ''delete'' as first actian, but it sad ''Archive repackaging failed'' and the virus was still there, now deleted it manually, and deleting those in the Quarantine.


    @Claudio.


    And if i am using illegal software, that would be none of youre buisness.


    This is probaly the work of one of my Security programs, i had many of the past months.


    Thanks a lot!

  • Hello Yorick Peterse


    Glad that we could help you. If you still have problems to remove several viruses please make a topic in the malware section. Archives you have always to delete manually that is also the case when an infection is found in a installer.


    Regards


    Niels

  • claudiu
    edited August 2007

    Niels , i know what the host file is along with the fact that some security tools do modify it


    I also know how to recognize an auth server check bypass of some known virtual cd/dvd tool meaning


    ”127.255.255.255 serial.alcohol-soft.com


    127.255.255.255 www.alcohol-soft.com


    127.255.255.255 images.alcohol-soft.com!”


    ”This is probaly the work of one of my Security programs, i had many of the past months.”


    Indeed. <img class=" /> Must be that ###### Bitdefender Antivirus :)