Need help fast

jay47jay47 Member Posts: 17 ■□□□□□□□□□
Earlier today i installed the newest windows defender signatures.I run Vista Ultimate.Norton internet security 2008 on both this and a XP machine.Have used my Technet+ subscription tonight to no use.Defender comes upp with this message:SettingsModifier:Win32/PossibleHostFileHijack.
Norton does not se any problems.
Defender wont let me delete it.
Working on 642-845ONT

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Did you install any new software/updates?
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    no i did not
    Working on 642-845ONT
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    just the defefender signature updates.could these be givving me a false positive?Have talked to MS.Took some time.No answer.
    Working on 642-845ONT
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    What a dramatic first post for me.I'm not often at a lost but i am now.Perhaps i have been attacked?On the 27 og February i saw in the log a portscan.I am starting to question my own abilities.I am nat'ing on one device.A fw on the next.I also use fw/av on all my machines.
    Working on 642-845ONT
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    Some more info:
    Category:
    Settings Modifier
    Description:
    This program has potentially unwanted behavior.
    Advice:
    Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.
    Resources:
    file:
    C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\hosts
    Working on 642-845ONT
  • DanielHughesDanielHughes Member Posts: 54 ■■□□□□□□□□
    I had the same this morning No software has been installed etc for a few days, Defender has scanned since the last time I installed something new.

    Description:
    This program has potentially unwanted behavior.

    Advice:
    Permit this detected item only if you trust the program or the software publisher.

    Resources:
    file:
    C:\Windows\system32\drivers\etc\hosts

    Category:
    Not Yet Classified

    http://www.microsoft.com/security/portal/Entry.aspx?name=SettingsModifier%3aWin32%2fPossibleHostsFileHijack&threatid=1758608427027806866
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    The same link as the MS employee gave me.Did you fix it?Why fix it if there is nothing wrong?The first one i talked to said that i should dissable my antivirus.Got a good laught there
    Working on 642-845ONT
  • undomielundomiel Member Posts: 2,818
    Have you checked your hosts file to see if there is anything worrisome in there? If not then I wouldn't worry about it.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    i find the whole file worrisome.havent worked much with windows since w2k.cisco guy now.can you help?do not like the winsxs file.sounds strange.
    Working on 642-845ONT
  • TalicTalic Member Posts: 423
    Try a online scan? I'm a Cisco guy myself but I thought I would throw that out there.

    Kaspersky and some others have online scanners.
  • DanielHughesDanielHughes Member Posts: 54 ■■□□□□□□□□
    undomiel wrote: »
    Have you checked your hosts file to see if there is anything worrisome in there? If not then I wouldn't worry about it.

    There were only two entries. One was 127.0.0.1 Localhost, the other one was one of my client servers that I put there a while back for testing.

    I figured it must have not been a real alert and have allowed it. Will keep you posted if something bad happens
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    vista f....up my understandig of windows
    Working on 642-845ONT
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    have to install active x and java.do not like that
    Working on 642-845ONT
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    i think there is a failure on the MS part with regards to the new signatures.One of the people i talked to also said it was not possible to run norton/symantec with defender.
    Working on 642-845ONT
  • tierstentiersten Member Posts: 4,505
    Can you put spaces into your Certifications list instead of periods? Its screwing up the formatting of your threads.
  • jay47jay47 Member Posts: 17 ■□□□□□□□□□
    As i suspected.Faulty deffinitions from MS.New updates today and everyrhing is back to normal.
    Working on 642-845ONT
  • AndretiiAndretii Member Posts: 210
    Up all morning for this lol
    XBL: Andretii

    "I have 16 Millions different ways of pinging myself. Sounded kind of dirty but that's not how I meant it." J. Conrad

    Working on:
    VCP4 » 0%
    LPIC-1 » 0%
  • tierstentiersten Member Posts: 4,505
    jay47 wrote: »
    As i suspected.Faulty deffinitions from MS.New updates today and everyrhing is back to normal.
    Good. Not the first time that an antivirus/malware package has made a false positive. There are horror stories about software that mistakenly decided that some essential system files were infected and automatically quarantined/deleted them.
Sign In or Register to comment.