Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: malware?

03 Aug 2010   #1
Anderson2

Windows 7
 
 
malware?

I am running W 7 home Premium 64 bit and have the firewall enabled, use a router, have Avast, A2, etc. None show any problems.

But when perusing my registry file I find under EscDomains a whole list of sites that look like bad sites. I suspect these may be there to protect me from them but I am not sure if that is true or they mean I am infected with all these things.

Examples: kaaweb.it kacero.net karaweb.it

Suggestions for a second AV to use beside Avast (and microsoft's own ..I forget its name with updates every two weeks or so)? I tried to install Kaspersky but it took forever and would not install correctly on my system. So I removed it.


My System SpecsSystem Spec
.

03 Aug 2010   #2
Petey7

Windows 7 Professional SP1 64-bit
 
 

All you really need it is one real-time AV and one on-demand only AV such as MalwareBytes. Have you tried deleting all your cookies through your web browser?
My System SpecsSystem Spec
03 Aug 2010   #3
The Howling Wolves

Windows 7 Home Premium 64bit
 
 

1. Run MBAM to see what's going on.
2. MSE is a free AV program that I use and updates daily.
Let us know if we can provide more help!

Slow typist here! Petey
My System SpecsSystem Spec
.


03 Aug 2010   #4
Dwarf

Windows 8.1 Pro RTM x64
 
 

These are the only entries I have under that key:

-capture.png

I would delete all other entries apart from those. Remember to log on as each user and repeat this operation.


My System SpecsSystem Spec
03 Aug 2010   #5
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Restore Microsofts Host file with HostXpert


Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Now, go here and download a good Hosts file http://www.mvps.org/***********/hosts.htm
My System SpecsSystem Spec
03 Aug 2010   #6
Anderson2

Windows 7
 
 

Cookies in both my main browser (Firefox) and IE which I use occasionally are all deleted.

I will download HostsXpert 4.3 and try it.

I am the only user on the system so with everyone else saying they do not have anything else under that registry key, I am now really worried. Also worried to just delete all this stuff from the registry. I suppose I would be safe if I backed the registry first.

For AV I have Avast running constantly and occasionally I run Malwarebytes. Neither find anything and yes I do update MB before running it. I also have run Spybot which found a couple of cookies but nothing anymore.

If a create a new hosts file I can always re-run Spybot to "immunize" it but I am worried about what else I need to add to it so as not to lose my internet connection. It was a real hassle getting that to work the first time around. Thanks everyone for helping.
My System SpecsSystem Spec
03 Aug 2010   #7
Anderson2

Windows 7
 
 

Quote   Quote: Originally Posted by Jacee View Post
Restore Microsofts Host file with HostXpert


Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Now, go here and download a good Hosts file Blocking Unwanted Parasites with a Hosts File
Is this hosts file for W 7 64 bit or does it not matter? Where does it go?
My System SpecsSystem Spec
03 Aug 2010   #8
Anderson2

Windows 7
 
 

Quote   Quote: Originally Posted by The Howling Wolves View Post
1. Run MBAM to see what's going on.
2. MSE is a free AV program that I use and updates daily.
Let us know if we can provide more help!

Slow typist here! Petey
Ran Malwarebytes: nothing found
Ran Spybot: nothing found.

I could create a new hosts file but what about all these registry entries?

Anyone know what the EscDomains key is about? The name suggests its entries (a long list of bad and porn sites) may actually be there to bypass these domains or does it mean they are "trusted zones"?
My System SpecsSystem Spec
03 Aug 2010   #9
Anderson2

Windows 7
 
 

Where is the active hosts file in W 7 64 bit?

If it is the one in C:\Windows\System32\drivers\etc\hosts
Then on my PC it has right at the top:

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 007guard.com - 007guard and Windows Vista
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com

and yet as the nslookup showed, 007Guard is still getting through!

Could that not be the right hosts file?
My System SpecsSystem Spec
03 Aug 2010   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This is mine also
# 127.0.0.1 localhost
# ::1 localhost

Spybot s&d inserted it's Hosts files, so yes, re-immunize now.
You should be fine.
Read this for peace of mind hosts immunisation. www.007guard.com - Safer-Networking Forums
My System SpecsSystem Spec
Reply

 malware?




Thread Tools





Similar help and support threads
Thread Forum
Changing File Decription for link to Malware Bytes Anti-Malware
Have been using Win 7 Ultimate x64 for quite a while but tonight ran into a small problem. I like to keep the titles for links very short and want to rename "Malwarebytes Anti-Malware" (I am a registered, paid user) to simply "Malwarebytes". I am listed as an Administrator and I used LockHunter to...
System Security
Malware-splosion: 2013 Will be Malware's Biggest Year Ever
http://i41.tinypic.com/dnykcl.jpg Source A Guy
Security News
need help getting rid of malware
hello everyone i recently started getting some errors in various places and antivirus notifications about some files that were quarantined immediately. than i found out my firewall (windows) is turned off and cant be turned on again, when trying to do so i get 'error code 0x8007042c' i tried...
System Security
Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Read more at: Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Security Basics
Malware help...
Im running Win7 professional edition and I believe I have some sort of malware though Avast, Malewarebytes, spybot search and distroy, and microsoft security essentials pic up nothing... the reason i know i have something is that regedit is running as a process and regedit 32 on occasion... any...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:26.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App