First, not sure where to post this. Feel free to move. When a virus corrupts the host file, how does it do it? Does it use cmd prompt or what? Just trying to figure out how to protect the host file without installing an AV. I know Webroot has a host file tamper setting. Regards
If a corrupted Hosts file is suspected - assume a full infestation. As I'm not a malware researcher, I can't say what the mechanism of infecting a Hosts file specifically is. Assume the worst - scan with all PAID AV - AS Apps. You can also use ESET's Online Scanner and use an activated trial of Malwarebytes
If you have Windows 7 or 8 you will need to elevate your privileges to write to file. Turning on UAC would protect or notify you if something would try to write to file. You can also block right to change a file for your username.
Oh yeah didn`t see that. So what`s all the fuss about your host file then as CFW certainly has HIPS + some ? Regards Eck
LOL, wasn't sure if it would protect it or not. just making sure. And asking about CFW, it was a actual question, not rhetorical lol. Thanks.
Rest easy DX2,your as tight as a drum considering Comodo has cloud file protection features as well as everything else. Regards Eck
No need to launch cmd.exe unless the malware is .bat or .cmd file. If you have admin priv, you can modify hosts via notepad or any drd party text editor, right? Malware can do the same if it have admin rights. Checking "Read Only" in the hosts file's property can add a bit of complexity to attack against hosts, tho far from absolute.
All true, and you can modify it with vbscript, which can be a standalone script or embedded into any executable. The same script could also easily change your DNS server to whatever it wants. A HIPS of some type would probably be the best prevention.