Safeonline and HOSTS redirect

Discussion in 'Prevx Releases' started by Baz_kasp, Aug 4, 2010.

Thread Status:
Not open for further replies.
  1. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Hi Prevx peeps,

    Installed the facebook safeonline version on an infected computer I have here...it has a number of bad entries in the HOSTS file redirecting requests to google.com etc....

    Safeonline correctly picks up on the HOSTS redirect and gives the option to close/ignore/fix, however, if I click "fix", nothing happens at all- the entries aren't removed from the HOSTS file and the HOSTS redirection warning persists....I am assuming this isn't by design and HOSTS fixing is included in the Safeonline version (meaning this may be a bug?)...just thought I'd let you know.

    I have a scan log at hand if you are interested....don't want to log into my email from here for obvious reasons, until this is cleaned up.

    Edit: There were also a few undetected items in the log, so I will forward them to Joe so that detection for them can be added.
     
    Last edited: Aug 4, 2010
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    I'm not quite sure but I think it needs a licensed paid version to repair? But Joe will confirm!

    TH
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Please send a scan log as stated in this post with the link to this thread: https://www.wilderssecurity.com/showthread.php?t=245129 or https://www.wilderssecurity.com/showpost.php?p=1662381&postcount=1

    TIA,

    TH
     
    Last edited: Aug 4, 2010
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    You are correct in that it should be cleaning them. I'm wondering if the infection could still be active if we aren't seeing every part of it? In that case, it may very well be rewriting the HOSTs file after we clean it.

    Either way, I'm definitely interested at a closer look! Thanks for the help :)
     
  5. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    Bit more information...I think you were onto something regarding the rewriting of the HOSTS file, as after I removed the bulk of active items a final click of the "fix" button removed the offending entries. I'll send you the scan log so we can get the final stragglers cleaned up. Also a query regarding a newly purchased license...everything was sent to the prevx email addy.
     
    Last edited: Aug 4, 2010
Thread Status:
Not open for further replies.