Can someone please help me? I am using McAfee Internet Security and my laptop was infected with the Antivirus Action malware. I researched a way on here to get rid of it by going to BleepingComputer.com. I was following the directions until I got to # 19 which said to delete the C:\Windows\System32\Drivers\etc\HOSTS file.
I was doing fine to that point. I don't know how to find that file. I really need some help. Can someone please help me?
Open explorer and click on windows and then system32 and drivers and etc there is host file open it with notepad.
Where are you striking trouble you may need to if you are on XP open explorer and go to view folder options and tick/untick the option re showing hidden files/folders.
Thanks, Peacekeeper. I will try that. I have Windows Vista. The directions said I need to delete that file and download the HOSTS file that corresponds with my Windows and save it to the C:\Windows\Systems32\Drivers\etc folder. I hope I get this right.
Update: Tried it. Won't let me save the file, says "You don't have permission to save in this location. Contact the administrator to obtain permission." Its my computer, therefore, it makes me the Admin. This is stopping me from finishing. Please help. I very much appreciate all the help.
Message was edited by: antBean on 12/4/10 1:45:27 PM CST
Just open the file in notepad and edit it to remove what is not in the 1 you are supposed to save. Usually it has no addresses other than 127.0.0.1 the # lines are not read by windows
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 22.214.171.124 rhino.acme.com # source server
# 126.96.36.199 x.acme.com # x client host
You have to turn off access protection first in SecurityCenter.
Double-click the taskbar icon to open SecurityCenter
Click Navigation (top right)
Click General Settings and Alerts
Click Access Protection
Uncheck it and click Apply.
You should have access now and don't forget to re-enable it.
Message was edited by: Ex_Brit on 04/12/10 2:46:50 CST PM
Ok, I tried what both of you said to do. I deleted the file like I was supposed to but I still cannot save the new file in the folder like I was told to. It asks me if I would like to save in the Tina (my name) instead? Please help. This is 1 of the last remaining steps I need to do from removing and fixing my laptop like BleepingComputer says in their instructions. Stupid antivirus action malware!
Thanks again in advance for any help.
Tried booting into safe made and try there? Ie tap F8 key during boot.
I was able to do it that way but now Windows Defender tells me Backdoor:Win32/Cycbot.B. I have no idea what that is except its been quarantined 6 times since yesterday. I have ran McAfee and Malwarebytes Anti-Malware. I am about ready to give up. Any other ideas to try? Thanks again.
Second post here http://www.bleepingcomputer.com/forums/topic354181.html says do not do any banking on this PC. There is a set of removal instructions. Not common here as you only post here re this beastie.
If you suspect you're infected and have trouble finding what is causing the infection, I'd suggest giving this handy tool a try.
"McAfee GetSusp is intended for users who suspect undetected malware on their system. By using a combination of clever heuristics and querying McAfee's online database of known clean files to gather suspicious files, GetSusp eliminates the user's need for deep technical knowledge of computer systems to isolate undetected malware. McAfee GetSusp is recommended as a tool of first choice when analyzing a suspect machine."
Once GetSusp identifies and collects the suspect files, post the logs here and we community members can help isolate the malware on your machine.