Find the file on your computer named hosts (note that it has no extension and is not the hosts.sam file). Normally the hosts file is located in the C:\Windows\System32\Drivers\etc folder. Once you find the file, open it with notepad. Are any of the sites that you cannot get to listed in that file? If so, rename the file and try to get to those sites through Internet Explorer. Let me know what you find.
This is a copy of what I found in HOST and opened with notepad:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
P.S. I just uninstalled and reinstalled winsock and still see 'the page cannot be displayed' when going into sites like: paypal.com, ebay.com, amazon.com. Only these 3, everything else is working fine. My cepher strengh is 128 bit.
I am wondering if this caused either by windows SP2, or the lastest Flashing the BIOS, or the removal of some spywares.
Immediately rename the hosts file or delete it completely. Some malicious software/parasite/malware/virus has altered your hosts file preventing you from getting to the sites you mention as well as most antivirus and antispyware sites. You are probably infected with some malicious software that altered your hosts file.
The hosts file has a useful purpose. That is it can be used to speed up internet connections by allowing Windows to look in the hosts file to translate a URL into an IP address. When it is used this way, it can speed up the internet connection because Windows will not have to go the DNS server at your ISP to make the translation. Something has altered your system so that URLs you might want to get to are directed to 127.0.0.1 which is your computer. Since none of those sites exist on your computer, you cannot get to the web sites.
Either rename it to hosts.old or simply delete the file. Note that if the malicious software that made these modifications to the host file is still on your computer, it could create a new hosts file even after you delete or rename the current one. It would be worth your while to make sure you are running antivirus software with up to date virus definitions and to find a good spyware removal program to get rid of any other garbage that may still be there.
Note to delete the file, just highlight the file in Windows Explorer or My Computer and hit the delete key. To rename the file, find it in Windows Explorer or My Computer, right-click on the file and choose Rename from the drop down menu. Then just add the .old extension to the filename.
The most likely way that could have happened is if you have a trojan or if you responded to one of those phishing emails that say something like your account will be suspended unless go to some website and enter your personal information. Changing the Hosts file would not cause this, but I would be concerned about whatever it was the changed your hosts file. It means that your security has been compromised.
Go
Here and follow the directions to download and run the analysis tool called HijackThis. Generate a log file, then open it and copy and paste the text of the log file in a message in the
HijackThis forum where a HijackThis expert can offer advice on how to fix the problem.
volcano11
2 Intern
•
28K Posts
0
October 24th, 2005 14:00
See if the following helps:
http://support.microsoft.com/?kbid=813444
Steve
volcano11
2 Intern
•
28K Posts
0
October 25th, 2005 19:00
Find the file on your computer named hosts (note that it has no extension and is not the hosts.sam file). Normally the hosts file is located in the C:\Windows\System32\Drivers\etc folder. Once you find the file, open it with notepad. Are any of the sites that you cannot get to listed in that file? If so, rename the file and try to get to those sites through Internet Explorer. Let me know what you find.
Steve
Tiger-sea
79 Posts
0
October 25th, 2005 19:00
Tiger-sea
79 Posts
0
October 25th, 2005 20:00
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 mcafee.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 kaspersky-labs.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 us.mcafee.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 pandasoftware.com
127.0.0.1 www.pandasoftware.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.grisoft.com
127.0.0.1 www.microsoft.com
127.0.0.1 microsoft.com
127.0.0.1 www.virustotal.com
127.0.0.1 virustotal.com
127.0.0.1 www.amazon.com
127.0.0.1 www.amazon.co.uk
127.0.0.1 www.amazon.ca
127.0.0.1 www.amazon.fr
127.0.0.1 www.paypal.com
127.0.0.1 paypal.com
127.0.0.1 moneybookers.com
127.0.0.1 www.moneybookers.com
127.0.0.1 www.ebay.com
127.0.0.1 ebay.com
volcano11
2 Intern
•
28K Posts
0
October 25th, 2005 20:00
Immediately rename the hosts file or delete it completely. Some malicious software/parasite/malware/virus has altered your hosts file preventing you from getting to the sites you mention as well as most antivirus and antispyware sites. You are probably infected with some malicious software that altered your hosts file.
The hosts file has a useful purpose. That is it can be used to speed up internet connections by allowing Windows to look in the hosts file to translate a URL into an IP address. When it is used this way, it can speed up the internet connection because Windows will not have to go the DNS server at your ISP to make the translation. Something has altered your system so that URLs you might want to get to are directed to 127.0.0.1 which is your computer. Since none of those sites exist on your computer, you cannot get to the web sites.
Steve
volcano11
2 Intern
•
28K Posts
0
October 25th, 2005 21:00
Either rename it to hosts.old or simply delete the file. Note that if the malicious software that made these modifications to the host file is still on your computer, it could create a new hosts file even after you delete or rename the current one. It would be worth your while to make sure you are running antivirus software with up to date virus definitions and to find a good spyware removal program to get rid of any other garbage that may still be there.
Note to delete the file, just highlight the file in Windows Explorer or My Computer and hit the delete key. To rename the file, find it in Windows Explorer or My Computer, right-click on the file and choose Rename from the drop down menu. Then just add the .old extension to the filename.
Steve
Tiger-sea
79 Posts
0
October 25th, 2005 21:00
Tiger-sea
79 Posts
0
October 25th, 2005 21:00
Steve,
what did you mean by rename the HOST file?
Should I delete all the information in there, and keep the Host folder as is?
Or should I delete the whole folder? Thanks again Steve.
Tiger-sea
79 Posts
0
October 25th, 2005 22:00
Steve,
My credit card was cloned by criminal recently. Could it be this is how they had obtained my ID through ebay or paypal account? Thanks.
Dean.
volcano11
2 Intern
•
28K Posts
0
October 26th, 2005 00:00
The most likely way that could have happened is if you have a trojan or if you responded to one of those phishing emails that say something like your account will be suspended unless go to some website and enter your personal information. Changing the Hosts file would not cause this, but I would be concerned about whatever it was the changed your hosts file. It means that your security has been compromised.
Steve
volcano11
2 Intern
•
28K Posts
0
October 31st, 2005 15:00
Tiger-sea
79 Posts
0
October 31st, 2005 15:00
Tiger-sea
79 Posts
0
October 31st, 2005 18:00
Cheers Steve !
Dean.
Tiger-sea
79 Posts
0
October 31st, 2005 18:00
volcano11
2 Intern
•
28K Posts
0
October 31st, 2005 19:00