Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Who is Sophos.com

Reply
Thread Tools

Who is Sophos.com

 
 
PC
Guest
Posts: n/a
 
      12-27-2005
"Tulsy Tsan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Goddamn. Something had rewrittten my hosts file and set all the AV sites
> to
> 127.0.0.1
> eg sophos
> symantec
> avg etc
>
> Hence I could not browse them.
> What should my hosts look like now that I've deleted it.
>
>
> "Tulsy Tsan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Something is connecting to www.sophos.com and dowloading something.

> Firewall
>> rule picked it up first as Symantecs ccApp.exe then later Mozilla.
>> www.sophos.co.uk is legit but I cant browse sophos.com. Is this traffic
>> legit?
>>
>>
>> C:\>netstat
>>
>> Active Connections
>>
>> Proto Local Address Foreign Address State
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3096 ESTABLISHED
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3128 ESTABLISHED
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3139 TIME_WAIT
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3141 TIME_WAIT
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3143 TIME_WAIT
>> TCP tinned-cc82o9yh:1027 www.sophos.com:3145 TIME_WAIT
>> TCP tinned-cc82o9yh:3039 www.sophos.com:3040 ESTABLISHED
>> TCP tinned-cc82o9yh:3040 www.sophos.com:3039 ESTABLISHED
>> TCP tinned-cc82o9yh:3096 www.sophos.com:1027 ESTABLISHED
>> TCP tinned-cc82o9yh:3128 www.sophos.com:1027 ESTABLISHED
>>
>>
>>

>
>




You've been infected by a Virus.
Very common action by Virus's these days to modify the hosts file to prevent
access to antivirus updates.
Go into Safe mode.
Delete the hosts file.
Install Spybod search & destroy and use their hosts file (under advanced
tools)
Then start looking for Virus's.

Cheers
Paul.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments