Host File

Discussion in 'malware problems & news' started by DX2, Feb 1, 2015.

  1. DX2

    DX2 Guest

    First, not sure where to post this. Feel free to move.

    When a virus corrupts the host file, how does it do it? Does it use cmd prompt or what? Just trying to figure out how to protect the host file without installing an AV. I know Webroot has a host file tamper setting.

    Regards
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    If a corrupted Hosts file is suspected - assume a full infestation. As I'm not a malware researcher, I can't say what the mechanism of infecting a Hosts file specifically is.

    Assume the worst - scan with all PAID AV - AS Apps.

    You can also use ESET's Online Scanner and use an activated trial of Malwarebytes
     
  3. DX2

    DX2 Guest

    Yes, It's not corrupted. Just looking for prevention. Thanks :)
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    If you have Windows 7 or 8 you will need to elevate your privileges to write to file. Turning on UAC would protect or notify you if something would try to write to file.
    You can also block right to change a file for your username.
     
  5. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    438
    Location:
    The Outer Limits
    Why not use a HIPS ?

    Regards Eck:)
     
  6. DX2

    DX2 Guest

    I'm running what's in my sig. Doesn't CFW have hips?
     
  7. DX2

    DX2 Guest

    I turned UAC back on. Thanks
     
  8. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    438
    Location:
    The Outer Limits
    Oh yeah didn`t see that.:rolleyes:

    So what`s all the fuss about your host file then as CFW certainly has HIPS + some ?

    Regards Eck:)
     
  9. DX2

    DX2 Guest

    LOL, wasn't sure if it would protect it or not. :) just making sure. And asking about CFW, it was a actual question, not rhetorical lol. Thanks. :D
     
  10. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    438
    Location:
    The Outer Limits
    Rest easy DX2,your as tight as a drum considering Comodo has cloud file protection features as well as everything else:thumb:.

    Regards Eck:)
     
  11. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    No need to launch cmd.exe unless the malware is .bat or .cmd file.
    If you have admin priv, you can modify hosts via notepad or any drd party text editor, right? Malware can do the same if it have admin rights.
    Checking "Read Only" in the hosts file's property can add a bit of complexity to attack against hosts, tho far from absolute.
     
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Glad to help.
     
  13. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,049
    Location:
    USA
    All true, and you can modify it with vbscript, which can be a standalone script or embedded into any executable. The same script could also easily change your DNS server to whatever it wants. A HIPS of some type would probably be the best prevention.
     
Loading...