Strange looking Host found?

Page 1 of 3 123 LastLast

  1. Posts : 31
    Windows 7 Home, 64 bit
       #1

    Strange looking Host found?


    I ran a small check with the "MiniToolBox," and this is what I found in the Hosts content:

    54.204.28.26 imfpmncmbojnbdhnogcegojocabhpbnh. What is this, is it Ad-ware? I would appreciate it if someone could let me know. I can find it and delete it if necessary, I have no problem with that. But It just seems that it doesn't belong? I ran: Hitman Pro, Malwarebytes Pro, and Avast, but they never caught it.



    MiniToolBox by Farbar Version: 18-12-2013
    Ran by Dan (administrator) on 26-01-2014 at 23:34:06
    Running from "C:\Users\Dan\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************
    ========================= Hosts content: =================================

    54.204.28.26 imfpmncmbojnbdhnogcegojocabhpbnh
    127.0.0.1 localhost


    Thanks for your time.

    dwdraw2
      My Computer


  2. Posts : 7,379
    Windows 7 ultimate x64
       #2

    It seems like Adware to me. You can use SuperAntiSpyware to remove it.
      My Computer


  3. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #3

    The easiest solution might be to simply reset the hosts file and flush the DNS cache.

    Run this .bat file as administrator to do that - it will automatically reboot your computer when its completed.

    flush.bat
      My Computer


  4. Posts : 10,485
    W7 Pro SP1 64bit
       #4

    The IP address resolves to:
    Code:
    ec2-54-204-28-26.compute-1.amazonaws.com
    The letters...
    imfpmncmbojnbdhnogcegojocabhpbnh
    ...look very much like a Chrome extension ID.

    I've never seen a Chrome extension ID in the HOSTS file.

    Google returns a few hits on those letters...
    ...but you should be careful if you research this.
    Dr.Web Anti-virus - How To Remove Virus (Adware.Downware.2032) - [DRWEBHK.COM]

    Look in Programs and Features for StartSavin or Start Savin

    Remove any Chrome extensions with the same name and/or any extension that you don't want. But they might come right back. If you do have an extension written by the grey hats at 215apps, you might be in for a long thread like this one Instant Savings App
      My Computer


  5. Posts : 31
    Windows 7 Home, 64 bit
    Thread Starter
       #5

    Thanks everybody for your suggestions. I will embark on them to see what works or, what happens? I appreciate your help.

    Thanks for your time.

    dwdraw2
      My Computer


  6. Posts : 1,653
    Windows 10 Pro. EFI boot partition, full EFI boot
       #6

    Were you using any Amazon Web / Cloud services?
      My Computer


  7. Posts : 31
    Windows 7 Home, 64 bit
    Thread Starter
       #7

    Thanks for the reply.

    I don't actively use any web/cloud services, other than Hitman Pro, which uploads to the cloud to check on a potential virus. Sometimes I watch a movie from Netflix, but there, I get hit with "PUP's from time to time. I have no problem getting them out. The other day, I just removed a virus called "pcreg." That's been on my computer for a few months. I thought that was a legit function. It wouldn't let me open it, so I just let it be until I decided to check it out on the web the other day. Turned out to be a virus. I used SuperSpyHunter to browse to it then pried it out, I then took SuperSpyHunter off because it is a memory hog. I used the trial version.

    Lately, I have reading that the Host files can be updated? I have been looking around to figure out how to do that. I haven't got a solid grip on that yet. So, I haven't done anything with the files. From what I understand thus far, the files may or may not be needed, depending on the programs one has in their computer. The files can be used to re-direct ad's, from what I read. So, they can be used in your favor. But, a hacker can use them against you too.

    Some of these sites say it's easy to work with Host files. For me, easy is when you understand it-I don't yet. So I haven't made a move on them. So, for now, I just stare (glare) at them from time to time.

    If you can find out, if I need only one file, the 127.0.0.1 Localhost, for my computer to keep running the associated programs, then I can delete the other host (54.204.28.26 imfpmncmbojnbdhnogcegojocabhpbnh). I would appreciate your help here.

    Thanks for your time.

    dwdraw2
      My Computer


  8. Posts : 10,485
    W7 Pro SP1 64bit
       #8

    The HOSTS file that comes with Windows 7 is shown in the code box below.

    Every line that starts with a # character is a remark line (comment line).

    As you can see, all lines are comments. You do not need a HOSTS file at all.

    The zipped (compressed) file attached to this post contains all of the (unmodified) files that are normally found in this folder: C:\Windows\System32\drivers\etc

    Code:
    # Copyright (c) 1993-2009 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    #      102.54.94.97     rhino.acme.com          # source server
    #       38.25.63.10     x.acme.com              # x client host
    
    # localhost name resolution is handled within DNS itself.
    #    127.0.0.1       localhost
    #    ::1             localhost
    Strange looking Host found? Attached Files
      My Computer


  9. Posts : 31
    Windows 7 Home, 64 bit
    Thread Starter
       #9

    Thanks for the reply.

    I will check this out. I will either delete both or just the one.

    I appreciate your help.

    Thanks for your time.

    dwdraw2
      My Computer


  10. Posts : 10,485
    W7 Pro SP1 64bit
       #10

    The HOSTS file (and the other files in the folder) are protected. You can copy the HOSTS file to the desktop, change it and then copy it back. Or, just copy the one that I attached.

    Do you have the Chrome browser installed?
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:39.
Find Us