• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Something is trying to clear my hosts file

Gustavus

Golden Member
WinPatrol is reporting -- every minute or so -- that it has detected an operation to clear my hosts file. It can provide no information about the program that is trying to do this. I can select no and it blocks the attempt, but it will pop up again in a minute or so. It has rendered the computer essentially unusable. Scanning with Malwarebytes Anti-malware and with Superantispyware doesn't turn up any malware. A virus scan also comes up clean. I realize this isn't much information to go on, but on the chance someone has seen a similar behavior I am asking for help.

Is there some way to detect the program that is causing the problem?

I cannot go on net with the affected machine since when I try to connect to the net, WinPatrol pops up the warning box and the connection is never made, even if I stop the attempt to clear the hosts file.

Thanks for any suggestions or help.
 
Thanks masteryoda for the reply. Windows task manager doesn't show any applications running. There is a long list of services -- most of which I know should be there and none that appear odd.
 
Thanks Absolution

I downloaded the Sysinternals Suite and used it. Great bit of software.

SuperAntispyware had found the culprit, GSF83IUJID.DLL

null

and removed it. The persistant problem was that GSF83IUJID.DLL had set in motion a command to clear the hosts file which WinPatrol was intercepting and popping up the alert box asking if I wished to permit the hosts file to be changed. Once I determined for sure what was happening I decided to physically disconnect from the net, copy the contents of the existing hosts file (which has quite a few entries I have made to control net access), allow the command to execute and then to rewrite the hosts file to its state before it was cleared by the pending command. The problem was that I could not clear the pending command which survived reboots etc. I then verified that the hosts file was no longer being changed -- WinPatrol didn't pop up the warning box and I went to and examined the contents after rebooting -- before I reconnected to the net. Malware scans now come up clean, the hosts file isn't being cleared and WinPatrol sees nothing suspect going on. I have rebooted several times with no reemergence of the problem.

Saved by WinPatrol and SuperAntispyware from infection by a new trojan.
 
Back
Top