malware?

Page 1 of 2 12 LastLast

  1. Posts : 187
    Windows 7
       #1

    malware?


    I am running W 7 home Premium 64 bit and have the firewall enabled, use a router, have Avast, A2, etc. None show any problems.

    But when perusing my registry file I find under EscDomains a whole list of sites that look like bad sites. I suspect these may be there to protect me from them but I am not sure if that is true or they mean I am infected with all these things.

    Examples: kaaweb.it kacero.net karaweb.it

    Suggestions for a second AV to use beside Avast (and microsoft's own ..I forget its name with updates every two weeks or so)? I tried to install Kaspersky but it took forever and would not install correctly on my system. So I removed it.
      My Computer


  2. Posts : 2,963
    Windows 7 Professional SP1 64-bit
       #2

    All you really need it is one real-time AV and one on-demand only AV such as MalwareBytes. Have you tried deleting all your cookies through your web browser?
      My Computer


  3. Posts : 9,537
    Windows 7 Home Premium 64bit
       #3

    1. Run MBAM to see what's going on.
    2. MSE is a free AV program that I use and updates daily.
    Let us know if we can provide more help!

    Slow typist here! Petey
      My Computer


  4. Posts : 9,582
    Windows 8.1 Pro RTM x64
       #4

    These are the only entries I have under that key:

    malware?-capture.png

    I would delete all other entries apart from those. Remember to log on as each user and repeat this operation.
      My Computer


  5. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #5

    Restore Microsofts Host file with HostXpert


    Download the HostsXpert 4.3 - Hosts File Manager.
    • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
    • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click Restore Microsoft's Hosts file and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    Now, go here and download a good Hosts file http://www.mvps.org/winhelp2002/hosts.htm
      My Computer


  6. Posts : 187
    Windows 7
    Thread Starter
       #6

    Cookies in both my main browser (Firefox) and IE which I use occasionally are all deleted.

    I will download HostsXpert 4.3 and try it.

    I am the only user on the system so with everyone else saying they do not have anything else under that registry key, I am now really worried. Also worried to just delete all this stuff from the registry. I suppose I would be safe if I backed the registry first.

    For AV I have Avast running constantly and occasionally I run Malwarebytes. Neither find anything and yes I do update MB before running it. I also have run Spybot which found a couple of cookies but nothing anymore.

    If a create a new hosts file I can always re-run Spybot to "immunize" it but I am worried about what else I need to add to it so as not to lose my internet connection. It was a real hassle getting that to work the first time around. Thanks everyone for helping.
      My Computer


  7. Posts : 187
    Windows 7
    Thread Starter
       #7

    Jacee said:
    Restore Microsofts Host file with HostXpert


    Download the HostsXpert 4.3 - Hosts File Manager.
    • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
    • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click Restore Microsoft's Hosts file and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    Now, go here and download a good Hosts file Blocking Unwanted Parasites with a Hosts File
    Is this hosts file for W 7 64 bit or does it not matter? Where does it go?
      My Computer


  8. Posts : 187
    Windows 7
    Thread Starter
       #8

    The Howling Wolves said:
    1. Run MBAM to see what's going on.
    2. MSE is a free AV program that I use and updates daily.
    Let us know if we can provide more help!

    Slow typist here! Petey
    Ran Malwarebytes: nothing found
    Ran Spybot: nothing found.

    I could create a new hosts file but what about all these registry entries?

    Anyone know what the EscDomains key is about? The name suggests its entries (a long list of bad and porn sites) may actually be there to bypass these domains or does it mean they are "trusted zones"?
      My Computer


  9. Posts : 187
    Windows 7
    Thread Starter
       #9

    Where is the active hosts file in W 7 64 bit?

    If it is the one in C:\Windows\System32\drivers\etc\hosts
    Then on my PC it has right at the top:

    # localhost name resolution is handled within DNS itself.
    # 127.0.0.1 localhost
    # ::1 localhost
    # Start of entries inserted by Spybot - Search & Destroy
    127.0.0.1 007guard.com - 007guard and Windows Vista
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com

    and yet as the nslookup showed, 007Guard is still getting through!

    Could that not be the right hosts file?
      My Computer


  10. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #10

    This is mine also
    # 127.0.0.1 localhost
    # ::1 localhost

    Spybot s&d inserted it's Hosts files, so yes, re-immunize now.
    You should be fine.
    Read this for peace of mind hosts immunisation. www.007guard.com - Safer-Networking Forums
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:45.
Find Us