"Tulsy Tsan" <(E-Mail Removed)> wrote in message
> Goddamn. Something had rewrittten my hosts file and set all the AV sites
> eg sophos
> avg etc
> Hence I could not browse them.
> What should my hosts look like now that I've deleted it.
> "Tulsy Tsan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Something is connecting to www.sophos.com and dowloading something.
>> rule picked it up first as Symantecs ccApp.exe then later Mozilla.
>> www.sophos.co.uk is legit but I cant browse sophos.com. Is this traffic
>> Active Connections
>> Proto Local Address Foreign Address State
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3096 ESTABLISHED
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3128 ESTABLISHED
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3139 TIME_WAIT
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3141 TIME_WAIT
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3143 TIME_WAIT
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3145 TIME_WAIT
>> TCP tinned-cc82o9yh:3039 www.sophos.com:3040 ESTABLISHED
>> TCP tinned-cc82o9yh:3040 www.sophos.com:3039 ESTABLISHED
>> TCP tinned-cc82o9yh:3096 www.sophos.com:1027 ESTABLISHED
>> TCP tinned-cc82o9yh:3128 www.sophos.com:1027 ESTABLISHED
You've been infected by a Virus.
Very common action by Virus's these days to modify the hosts file to prevent
access to antivirus updates.
Go into Safe mode.
Delete the hosts file.
Install Spybod search & destroy and use their hosts file (under advanced
Then start looking for Virus's.