Jump to content

mvps Hosts file detected as Trojan.Win32.Host2.gen


Go to solution Solved by Wesly.Zhang,

Recommended Posts

Seems like this was an issue before, and claims to be resolved but I do not see “how” it was resolved. Kaspersky keeps flagging my HOSTS file, then disinfecting it by deleting it and replacing it with an empty HOSTS file. I’ve run the updates, run the full scans, yet every time I try to add even 1 line to the HOSTS file, immediately flagged and the red box appears to “disinfect and reboot”. Help. Anyone?

Link to comment
Share on other sites

Yes, once Kaspersksy disinfects the HOSTS file and replaces it with a blank one, I’ve tried to add new entries to the blank one AND tried to use the MS default one. As long as it is blank or default there is no problem. As soon as I try to add ANY entries to it, it is flagged as the trojan again. I have backups of my HOSTS files saved as *.txt files and they are also not flagged until I rename them to just HOSTS (with no extension). As I’ve said, the full scan has been run with no virus or trojan detected. 

Thank you for the link - I have submitted the problem ticket there also.

I am hoping that whatever resolution was discovered back a few years ago can applied to this issue. The title of my post is the exact same as the one on your older forums, for reference.

Link to comment
Share on other sites

Hello @Wesly.Zhang,

All of the following:

 

 

  • ❓ &, how are the Google entries causing the “Trojan.Win32.Host2.gen”, error when a new domain is added? 

Please let us know?

Thank you🙏

Flood🐳


Hello @Zac 

  • What domain has been added when the “Trojan.Win32.Host2.gen” error occurs? 

Please let us know?

Thank you🙏 

Flood🐳

Link to comment
Share on other sites

Hello @Wesly.Zhang,

All of the following:

 

 

  • ❓ &, how are the Google entries causing the “Trojan.Win32.Host2.gen”, error when a new domain is added? 

Please let us know?

Thank you🙏

Flood🐳

Hello @Zac 

  • What domain has been added when the “Trojan.Win32.Host2.gen” error occurs? 

Please let us know?

Thank you🙏 

Flood🐳


Hello, @FLOOD 

As I see, There are lots of rules for google or related websites . So the only solution to this issue is that adding this file to exclusion rule in KL Product.

Regards.

Link to comment
Share on other sites

Hello @Wesly.Zhang,

  • So don’t remove exclude the google entries? Is that what you mean now? 

Please let us know?

Thank you🙏 

Flood🐳


 @Zac,

  • Have you actually added a File Antivirus exclusion for the modified Hosts file? If “no”, you’ll need to Pause KIS protection before modifying the file, add the FAV exclusion, resume protection, recheck the issue🤔
  • And, please provide an example domain that’s been added, that’s causing KIS to generate “Trojan.Win32.Host2.gen” alert, as I’ve modified the MVPS source file & not had any detections🤔

Please let us know?

Thank you🙏 

Flood🐳

Link to comment
Share on other sites

Hello @Wesly.Zhang,

  • So don’t remove exclude the google entries? Is that what you mean now? 

Please let us know?

Thank you🙏 

Flood🐳

 @Zac,

  • Have you actually added a File Antivirus exclusion for the modified Hosts file? If “no”, you’ll need to Pause KIS protection before modifying the file, add the FAV exclusion, resume protection, recheck the issue🤔
  • And, please provide an example domain that’s been added, that’s causing KIS to generate “Trojan.Win32.Host2.gen” alert, as I’ve modified the MVPS source file & not had any detections🤔

Please let us know?

Thank you🙏 

Flood🐳


Hello, @FLOOD 

Yes, It is.

Link to comment
Share on other sites

@Wesly.Zhang

I’ve paused protection, removed the entries listed, and resumed protection. So far no pop-ups or warnings. (fingers crossed).

Side note - when I added the HOSTS file to my exclusions, Kas still deleted and replaced it (before I got your notes) without any prompt. This is only day 3 of my first time trying their software… is there an option to silently fix issues? Can I turn off the “silent part” so I know what is happening?

============

@FLOOD

The entries I was trying to add were google and doubleclick related (all but one in the list Wesly provided). Again, fingers crossed this is the fix. 

Too good to be true?

=========

If this is the fix - Kas’ tech team needs an update. The instructions they sent to “diagnose” the issue is quite lengthy. Overkill actually.

 

I’ll update after a full day’s run and a reboot or two.

Thanks !!

 

Link to comment
Share on other sites

Hello @Zac,

  1. I provided the list - it’s directly from most recent MVPS source file - unmodified
  2. I also used the same unmodified MVPS source file, with all the Google entries intact - in the system, instead of the original Hosts file, Kaspersky did not detect at all.
  3. We’re not sure what’s meant by “If this is the fix - Kas’ tech team needs an update. The instructions they sent to “diagnose” the issue is quite lengthy. Overkill actually”, did you actually contact Kaspersky Technical Support? 

Thank you🙏 

Flood🐳

Link to comment
Share on other sites

Hi @FLOOD ,

Since I’m new to Kaspersky, yes, I did contact tech support and posted on the forums here.

Sorry, I didn’t mean to indicate I doubted you or to insult you. I really appreciate the feedback and so far the hosts file is not being flagged as a Trojan.

I was just mentioning that when I explained the issue to tech support in pretty much the same way I posted here, they had me run thru all kinds of steps and still seem quite perplexed on what to do with this particular issue. I’ll be sure to close out that ticket with them.

Believe me, I am thankful if the hosts file issue is done now. :)

Again, apologies for any misunderstanding.

Thanks,

Zac

 

Link to comment
Share on other sites

  1. I explained the issue to tech support in pretty much the same way I posted here, they had me run thru all kinds of steps and still seem quite perplexed on what to do with this particular issue. I’ll be sure to close out that ticket with them.
  2. Can I turn off the “silent part” so I know what is happening?

 

Hello @Zac

Additional:

  1. When you update Kaspersky Technical Support, please tell them the solution that’s worked. 
  2. Also, please explain/provide more detail  for “silent part” so we can assist? 

Thank you🙏

Flood🐳

Link to comment
Share on other sites

@FLOOD ,

Oh, what I meant about the “silent part”…

Kaspersky changed the hosts file by deleting the “infected” one and replacing it with a blank one. It did this without any type of notification. Is there a way to turn these notifications back on so that I know when the program is doing this type of change again in the future? Hope that makes more sense. Once I get past the trial period and am more familiar with how Kaspersky works, I probably won’t need as many notifications. Just want to know what’s being changed for now. :)

Thanks!

Link to comment
Share on other sites

Hello @Zac,

Thank you👌 !

  • Check Notifications settings, if there are any hidden notifications, it will show x (x = number) hidden notifications, select Reset all hidden notifications

 

 

  • If you wish to receive Notifications, make sure On-screen notifications is checked.
  • & check Quarantine, to see if there’s any files🤔

Thank you🙏

Flood🐳

Link to comment
Share on other sites

 

 

Kaspersky changed the hosts file by deleting the “infected” one and replacing it with a blank one. It did this without any type of notification. 

Please share this Issue with K-Lab Technical Support before closing your Ticket.

 

Link to comment
Share on other sites

  • Solution

@FLOOD@Wesly.Zhang  Just following up… 2 reboots later and hosts file is still intact. Removing the google references did the trick. 

Thank you!

PS: Let me know if anything in that KTS file needs attention.

:)

 


Hello @Zac

You could add a exclusion for the hosts file avoiding KL scan it by two method, you can choose one of them to config:

When you choose the second one -- use “*” for all the files in the “etc” folder. You should add a threats name into object, this is the best way to avoid other malware existed in the folder in order to avoid escaping scanning. I think you could add google rule as well.

Regards.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...