Not what you were looking for? Ask our experts!
Reply
Contributor
Defence
Posts: 32
Registered: ‎08-01-2011

Norton + HOST file

Why doesn't Norton 360 stop programs from editing the HOST files? I opened something it said in Webroot it connected to the Internet and then I was getting redirects...

 

Then whenever I scan I get Securityrisk.URLRedir and it never get solved, just says Delete failed.

And sometimes Access Denied.

SendOfJive
Posts: 10,813
Kudos: 4,861
Solutions: 780
Registered: ‎02-07-2009

Re: Norton + HOST file

Hi Defence,

 

The Hosts file is not used only by malware for redirection.  It can also be used legitimately to block access to known dangerous sites.  You could make the file "Read Only" but some malware can still get around that.  The best thing to do in your case is to eliminate the malware and reset the Hosts file to its default, which can be done with a Microsoft Fix-it tool:

 

http://support.microsoft.com/kb/972034

Symantec Employee
HarryP
Posts: 788
Registered: ‎07-23-2010

Re: Norton + HOST file

Restart your computer in Safe Mode with Networking. Double-click Norton icon to run a full system scan, check if it detects and removes the threat. If the problem persists, then download and run the Norton Power Eraser tool in Safe Mode:

http://security.symantec.com/nbrt/npe.aspx?

 

Check if it detects any threats. If you are not sure about the detections made by NPE, let us know the file details.

 

Thanks,

HarryP

Contributor
SachinShekhar
Posts: 21
Registered: ‎10-31-2011

Re: Norton + HOST file

[ Edited ]

@Defence

Blocking Host file means blocking many useful features. I use Host file to develop & test web apps locally. Its also useful when you host a website in your home/corporate network. If you want to see URL-sensitive web app before DNS propagation, Host file again comes handy. Many times, you need to edit Host file programatically using a program. So, Norton 360 shouldn't stop programs from editing HOST file.

 

 When it comes to Securityrisk.URLRedir threat, it has nothing to do with Host file. A Host file entry doesn't make anything to redirect to another page. A Host file acts like a local DNS server. Means, you can get different contents under the URL (which is in Host file) but URL redirection can't be happened because of Host file.

 

Securityrisk.URLRedir threats generally alter registry entry of targeted programs to redirect URLs. Norton 360 is unable to remove it because threats are running persistently with Windows system files. If it is unable to remove threats even after restart, there's atleast one rootkit involved. Rootkits generally executes with system boot even when Norton 360 is not started.

So, you need to remove Rootkit(s). Norton 360 can't do this, but Norton Power Eraser can.

Download Norton Power Eraser: http://security.symantec.com/nbrt/npe.aspx & run it (there's no need to install it). You'll need to include Rootkits in scan. Click restart & let Norton Power Eraser take care of all those threats..

NPE-rootkit-scan

Sachin Shekhar
Intel Core i7 840QM CPU, ATI Mobility Raedon HD 5470 GPU, 6GB RAM
Windows 7 Home Premium SP1 64-bit, Norton 360 v5