Need help fast
Earlier today i installed the newest windows defender signatures.I run Vista Ultimate.Norton internet security 2008 on both this and a XP machine.Have used my Technet+ subscription tonight to no use.Defender comes upp with this message:SettingsModifier:Win32/PossibleHostFileHijack.
Norton does not se any problems.
Defender wont let me delete it.
Norton does not se any problems.
Defender wont let me delete it.
Working on 642-845ONT
Comments
-
jay47 Member Posts: 17 ■□□□□□□□□□just the defefender signature updates.could these be givving me a false positive?Have talked to MS.Took some time.No answer.Working on 642-845ONT
-
jay47 Member Posts: 17 ■□□□□□□□□□What a dramatic first post for me.I'm not often at a lost but i am now.Perhaps i have been attacked?On the 27 og February i saw in the log a portscan.I am starting to question my own abilities.I am nat'ing on one device.A fw on the next.I also use fw/av on all my machines.Working on 642-845ONT
-
jay47 Member Posts: 17 ■□□□□□□□□□Some more info:
Category:
Settings Modifier
Description:
This program has potentially unwanted behavior.
Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.
Resources:
file:
C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\hosts
Working on 642-845ONT -
DanielHughes Member Posts: 54 ■■□□□□□□□□I had the same this morning No software has been installed etc for a few days, Defender has scanned since the last time I installed something new.
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
file:
C:\Windows\system32\drivers\etc\hosts
Category:
Not Yet Classified
http://www.microsoft.com/security/portal/Entry.aspx?name=SettingsModifier%3aWin32%2fPossibleHostsFileHijack&threatid=1758608427027806866 -
jay47 Member Posts: 17 ■□□□□□□□□□The same link as the MS employee gave me.Did you fix it?Why fix it if there is nothing wrong?The first one i talked to said that i should dissable my antivirus.Got a good laught thereWorking on 642-845ONT
-
undomiel Member Posts: 2,818Have you checked your hosts file to see if there is anything worrisome in there? If not then I wouldn't worry about it.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
-
jay47 Member Posts: 17 ■□□□□□□□□□i find the whole file worrisome.havent worked much with windows since w2k.cisco guy now.can you help?do not like the winsxs file.sounds strange.Working on 642-845ONT
-
Talic Member Posts: 423Try a online scan? I'm a Cisco guy myself but I thought I would throw that out there.
Kaspersky and some others have online scanners. -
DanielHughes Member Posts: 54 ■■□□□□□□□□Have you checked your hosts file to see if there is anything worrisome in there? If not then I wouldn't worry about it.
There were only two entries. One was 127.0.0.1 Localhost, the other one was one of my client servers that I put there a while back for testing.
I figured it must have not been a real alert and have allowed it. Will keep you posted if something bad happens -
jay47 Member Posts: 17 ■□□□□□□□□□have to install active x and java.do not like thatWorking on 642-845ONT
-
jay47 Member Posts: 17 ■□□□□□□□□□i think there is a failure on the MS part with regards to the new signatures.One of the people i talked to also said it was not possible to run norton/symantec with defender.Working on 642-845ONT
-
tiersten Member Posts: 4,505Can you put spaces into your Certifications list instead of periods? Its screwing up the formatting of your threads.
-
jay47 Member Posts: 17 ■□□□□□□□□□As i suspected.Faulty deffinitions from MS.New updates today and everyrhing is back to normal.Working on 642-845ONT
-
Andretii Member Posts: 210Up all morning for this lolXBL: Andretii
"I have 16 Millions different ways of pinging myself. Sounded kind of dirty but that's not how I meant it." J. Conrad
Working on:
VCP4 » 0%
LPIC-1 » 0% -
tiersten Member Posts: 4,505As i suspected.Faulty deffinitions from MS.New updates today and everyrhing is back to normal.