IPB

Welcome Guest ( Log In | Register )

3 Pages V  < 1 2 3 >  
Closed TopicStart new topic
> KIS 2012 Now Detects mvps Hosts File as a Trojan, merged.
nyderic
post 15.03.2013 22:35
Post #21


Member
**

Group: Members
Posts: 13
Joined: 17.07.2010




Update: The full scan finished and it didn't find anything.

After letting Spybot Search & Destroy modify the hosts file once again, there seemed to be nothing wrong with it. Everything redirected to 127.0.0.1 and no important update URLs or something similar were blocked by it. Kaspersky started to nag again though.

This post has been edited by nyderic: 15.03.2013 22:36
Go to the top of the page
 
+Quote Post
alex5723
post 15.03.2013 23:42
Post #22


Advanced Member I
***

Group: Members
Posts: 135
Joined: 12.06.2010




KAV 2013 Rootkit scan just flaged my HOSTs file as trojan. I have restored the file from backup.
The HOSTS file contain entries from both Spybot and mvps.

I would have though that by now Kaspersky should have been updated with a fix.


Attached File(s)
Attached File  KAV_HOSTS.jpg ( 207,06K ) Number of downloads: 14
 
Go to the top of the page
 
+Quote Post
ijen360
post 16.03.2013 01:07
Post #23


Member
**

Group: Members
Posts: 14
Joined: 24.07.2007
From: KL




QUOTE(eljay376 @ 15.03.2013 22:24) *
Ditto this, have allowed KIS2013 to "disinfect", re-boot and re-scan with negative result. Have also run Trend Micro Housecall for a second opinion and that is negative too.
Like the others, I am of the (non-expert) opinion that this is a "bug" in the latest update.

Agreed. I just download mvps host from http://winhelp2002.mvps.org/hosts.htm around 5 a.m Malaysian time but still detected as trojan by KIS2013. Still waiting for solution.

This post has been edited by ijen360: 16.03.2013 01:14
Go to the top of the page
 
+Quote Post
richbuff
post 16.03.2013 02:42
Post #24


Oldtimer
****************

Group: Moderators
Posts: 48940
Joined: 14.06.2007




Timeking:

QUOTE(the System Properties > Hosts tab of your GSI report)
#This file has been replaced with its default version by Kaspersky Lab because of possible infection
#
#
#
127.0.0.1 localhost
::1 localhost


That means it is gone. No further action is necessary.

//Edit: two topics were merged, and topic thread was de-cluttered, too.

This post has been edited by richbuff: 16.03.2013 05:21


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
otiamaria
post 16.03.2013 03:56
Post #25


Newbie
*

Group: Members
Posts: 2
Joined: 16.03.2013




QUOTE(richbuff @ 15.03.2013 14:42) *
That means it is gone. No further action is necessary.


Is Kaspersky 2013 giving false positives on this particular "trojan?"

Kaspersky proceeded to quaranteen/disinfect it, and all was supposed to be well with "no further action needed." Since then one of my programs has stopped working, and Kaspersky has alerted three more times saying it has detected Trojan.Win32.hosts.Gen in my hosts file. It keeps repeating the process, but the "trojan" just keeps reappearing. Except for the one program that can no longer open, my computer seems to be running very well.

I've wasted a day and a half worrying about this.

Here's the link I was given via "Get System Info" per your requirements.

http://www.getsysteminfo.com/read.php?file...4a306aef186e7ec

Thanks.
Go to the top of the page
 
+Quote Post
Darkness Knight
post 16.03.2013 04:14
Post #26


Advanced Member II
****

Group: Members
Posts: 391
Joined: 18.04.2010
From: Algún punto de La Tierra




The problem has been, finally, solved.


--------------------
Portátil Intel ® Core i7 (1ª Generación) CPU Q 720 1.60 GHz. 8 GB Ram DDR3 HDD 500 GB Nvidia Geforce GT 230M with CUDA (1 GB de memoria dedicada)
Windows 8.1 U1 Pro 64 bits with Media Center
KIS 2014 - Versión 14.0.0.4651 (g)
Go to the top of the page
 
+Quote Post
richbuff
post 16.03.2013 05:09
Post #27


Oldtimer
****************

Group: Moderators
Posts: 48940
Joined: 14.06.2007




Welcome. Good question. If the Hosts file is modified, this Generic detection can happen. Why suddenly today. when the last time this issue came up was a while ago? Maybe because new detection thingies were added.

Spybot is modifying your Hosts file. Not to worry.

Anyway, please uninstall Spybot > reboot, then revert to the default host file: http://support.microsoft.com/kb/972034 You should be all good after that.

Name of Mystery unopenable program?


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
nyderic
post 16.03.2013 05:58
Post #28


Member
**

Group: Members
Posts: 13
Joined: 17.07.2010




QUOTE(Darkness Knight @ 16.03.2013 01:14) *
The problem has been, finally, solved.


You're acting like it took them 5 years to fix it... rolleyes.gif

You're right though, they fixed it. I'm using the modified version from Spybot Search & Destroy again.

This post has been edited by richbuff: 16.03.2013 08:16
Reason for edit: Or 510 204.08 years? Anyway, Closed as Fixed.
Go to the top of the page
 
+Quote Post
Doop
post 16.03.2013 10:09
Post #29


Newbie
*

Group: Members
Posts: 7
Joined: 15.03.2013






I may get yelled at for posting this but as I still have this issue occurring then I still need a fix. KIS 2011 is still deleting/disinfecting Host file whenever I try to replace it.

The last thread about this issue said it was solved and closed the topic but as of posting this I still have the problem recurring each time I replace the host file. I keep the

downloaded copy from http://winhelp2002.mvps.org/hostswin7.htm on a flash drive and turn off KIS whilst I copy and paste the host file to replace the one KIS wipes out each time.

I then reboot and as soon as I go onto Google KIS detects it and removes it, it doesn't even ask for a preferred way to deal with it.

It is now deleting it before I log onto the net and doesn't even inform me of a detection, I have to search the detailed report to find what it's done. I've tried to put it under exceptions, no luck there

it just ignores any attempt to bypass the Host file.

So no, this has not been solved for everyone, maybe those with current 2013 KIS, I updated twice in the last couple of hours and still this issue persists.

Doop
Go to the top of the page
 
+Quote Post
alex5723
post 16.03.2013 10:53
Post #30


Advanced Member I
***

Group: Members
Posts: 135
Joined: 12.06.2010




QUOTE(Doop @ 16.03.2013 10:09) *
I may get yelled at for posting this but as I still have this issue occurring then I still need a fix. KIS 2011 is still deleting/disinfecting Host file whenever I try to replace it.

The last thread about this issue said it was solved and closed the topic but as of posting this I still have the problem recurring each time I replace the host file. I keep the

downloaded copy from http://winhelp2002.mvps.org/hostswin7.htm on a flash drive and turn off KIS whilst I copy and paste the host file to replace the one KIS wipes out each time.

I then reboot and as soon as I go onto Google KIS detects it and removes it, it doesn't even ask for a preferred way to deal with it.

It is now deleting it before I log onto the net and doesn't even inform me of a detection, I have to search the detailed report to find what it's done. I've tried to put it under exceptions, no luck there

it just ignores any attempt to bypass the Host file.

So no, this has not been solved for everyone, maybe those with current 2013 KIS, I updated twice in the last couple of hours and still this issue persists.

Doop


+1

I too don't understand why the topic has been closed. Nothing has been solved, and Kaspersky's inserted lines are a joke for those who need blocking sites via the HOSTS file.
I use KAV 2013.
Go to the top of the page
 
+Quote Post
richbuff
post 16.03.2013 11:06
Post #31


Oldtimer
****************

Group: Moderators
Posts: 48940
Joined: 14.06.2007




Please update databases > reboot. Any better?



--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
tradnav
post 16.03.2013 12:25
Post #32


Member
**

Group: Members
Posts: 35
Joined: 31.01.2006




Using KIS 2013 here. Yesterday morning KIS 2013 hit on the MVPS Hosts file on my laptop and disinfected it. However, I noticed that it did not hit on my desktop. Being curious as to why I noticed that my desktop had the MVPS Hosts of 9 January - I had forgotten to update it. So the problem lies with the 25 February version.

I have just visited mvps.org to d/l and replace the one on my laptop. Couldn't - Kasperky hits on that and stops it in its tracks. I have now replaced the laptop one with the 9 January version and all is well - Kaspersky doesn't see anything wrong with it.

Not the answer of course but it will do until Kaspersky gets it sorted. These are the only Hosts on my PC's - I do not have Spybot .

This post has been edited by tradnav: 16.03.2013 12:27
Go to the top of the page
 
+Quote Post
Darkness Knight
post 16.03.2013 14:29
Post #33


Advanced Member II
****

Group: Members
Posts: 391
Joined: 18.04.2010
From: Algún punto de La Tierra




QUOTE(Darkness Knight @ 16.03.2013 01:14) *
The problem has been, finally, solved.


At least in KIS 2013 with both Spybot modified HOSTS and MVPS HOSTS.

Update databases and reboot your system.

Regards.

This post has been edited by Darkness Knight: 16.03.2013 14:31


--------------------
Portátil Intel ® Core i7 (1ª Generación) CPU Q 720 1.60 GHz. 8 GB Ram DDR3 HDD 500 GB Nvidia Geforce GT 230M with CUDA (1 GB de memoria dedicada)
Windows 8.1 U1 Pro 64 bits with Media Center
KIS 2014 - Versión 14.0.0.4651 (g)
Go to the top of the page
 
+Quote Post
tradnav
post 16.03.2013 15:34
Post #34


Member
**

Group: Members
Posts: 35
Joined: 31.01.2006




QUOTE(Darkness Knight @ 16.03.2013 10:29) *
At least in KIS 2013 with both Spybot modified HOSTS and MVPS HOSTS.

Update databases and reboot your system.

Regards.


Gracias Darkness Knight. Had tried that earlier and it didn't work but just updated databases/rebooted and all working well.

Much obliged, thanks.


Go to the top of the page
 
+Quote Post
Darkness Knight
post 16.03.2013 15:43
Post #35


Advanced Member II
****

Group: Members
Posts: 391
Joined: 18.04.2010
From: Algún punto de La Tierra




QUOTE(richbuff @ 16.03.2013 08:06) *
Please update databases > reboot. Any better?


You´re welcome... but it´s richbuff´s advice.

After important changes/modifications it´s always a good idea to reboot the system.

Glad you´ve solved your problem. Your nightmare has ended laugh3.gif

Regards.

This post has been edited by Darkness Knight: 16.03.2013 16:02


--------------------
Portátil Intel ® Core i7 (1ª Generación) CPU Q 720 1.60 GHz. 8 GB Ram DDR3 HDD 500 GB Nvidia Geforce GT 230M with CUDA (1 GB de memoria dedicada)
Windows 8.1 U1 Pro 64 bits with Media Center
KIS 2014 - Versión 14.0.0.4651 (g)
Go to the top of the page
 
+Quote Post
kickstart
post 16.03.2013 16:04
Post #36


Newbie
*

Group: Members
Posts: 2
Joined: 16.03.2013




Kaspersky Lab Forum > English User Forum > Protection for Home Users > Kaspersky Internet Security & Anti-Virus > KIS 2012 Now Detects mvps Hosts File as a Trojan
QUOTE(mfn @ 14.03.2013 22:19) *
Starting a couple of hours ago, KIS 2012 has detected my HOSTS file as a "Trojan.Win32.Hosts2.gen". I've been using the mvps hosts file for years without any problems from Kaspersky. (I use the mvps file found here: http://winhelp2002.mvps.org/hosts.htm).

I compared my HOSTS file with a backup, and no changes have been made to this file since February 25, which is when I updated the file to the current latest mvps file.

Because I do regular full system image backups, I allowed KIS to "disinfect" and quarantine what it wanted to do. The result was that KIS overwrote the file to put it back to its Windows XP default version and did not make a quarantine file copy for restoration if needed.

For the moment, I have added the HOSTS file to KIS's exclusion list, but I would prefer KIS to monitor the file as it always has before without issues.

I also noticed a similar post made today in the Kaspersky PURE forum found here: Kaspersky PURE Forum Post.

My question is - is anybody else having this problem?



I experiences the same porblem last evening went through tha same process you seemed to follow. including the exclusion although I believe the
exclusion is no longer necessary with the KIS devault in place of the MVPS. Will continue to monitor this forum
Go to the top of the page
 
+Quote Post
kickstart
post 16.03.2013 16:15
Post #37


Newbie
*

Group: Members
Posts: 2
Joined: 16.03.2013




Kaspersky Lab Forum > English User Forum > Protection for Home Users > Kaspersky Internet Security & Anti-Virus > KIS 2012 Now Detects mvps Hosts File as a Trojan

It appears most here are dealing with SBS&D, I am seeing the same thing in ZoneAlarm Free AntiVirus and Firewall. HAve take the same actions aod gotton
similar results. I am going with Restore and Exclude and will watch closely

Go to the top of the page
 
+Quote Post
mfn
post 17.03.2013 07:59
Post #38


Advanced Member I
***

Group: Members
Posts: 75
Joined: 13.10.2006




Hello all. I am the original poster of this thread.

As of today, March 16, my mvps hosts file being detected as a trojan problem in KIS 2012 seems to have been fixed with a KIS update. After deleting my exclusion rule for the hosts file, having KIS scan the file, and launching and using a browser and email client, all seems to be well.

Thank you all for your input.
Go to the top of the page
 
+Quote Post
edge10
post 17.03.2013 08:58
Post #39


Advanced Member I
***

Group: Members
Posts: 70
Joined: 29.04.2007




Same here, KIS no longer detecting a Trojan after a recent database update and removal of the Exclusion with MVPS Host file 2/25/2013. No report back yet from KIS on my Hosts file virus analysis submission, but I think we can assume it was FP cause by the update file.
Go to the top of the page
 
+Quote Post
otiamaria
post 17.03.2013 10:01
Post #40


Newbie
*

Group: Members
Posts: 2
Joined: 16.03.2013




Hey all. Just wanted to report back to this post and mention that I uninstalled Spybot S&D, and have not had the scary red Kaspersky alert go off since. wink.gif
I had a feeling that this was what was causing the issue (incompatibility between KIS2013 and SS&D) and it seems, so far, to be resolved.

I may as well mention that DANGGGG S S&D was pissed off when I uninstalled, lol. At first, I actually thought they weren't going to let me uninstall the software. During the uninstall, it asked the reason why I was taking this measure and a drop down box of reasons appeared. (Not kidding). I chose the "incompatibilities with Kaspersky" option, and immediately afterwards I got a pop-up box that was a bit like a break up letter, and I was the hated dumper.

I looked online to see what the heck crawled up Spybot's butt, lol. Discovered that there's a whole soap opera going on that I wasn't aware of, lol.
Anyway. Kaspersky? Spybot is really, REALLY MAD. icon22.gif
I wish you two could get along. There's no reason why the two of you shouldn't co-exist together on the same hard drives. Oh well. I payed for Kaspersky, so Spybot has to go for now. (Damn, I do feel bad. Kinda....guilty. Like I ate meat on fish Friday and my Italian Roman Catholic mom found the McDonald's cheeseburger in my hand.)

Anyway...
Thanks for the help.

PS.
The mystery program that isn't working anymore is Corel PaintShop Pro X4.
Go to the top of the page
 
+Quote Post

3 Pages V  < 1 2 3 >
Closed TopicStart new topic

 



Lo-Fi Version Time is now: 3.09.2014 06:06