10-20-2011 01:59 PM
Why doesn't Norton 360 stop programs from editing the HOST files? I opened something it said in Webroot it connected to the Internet and then I was getting redirects...
Then whenever I scan I get Securityrisk.URLRedir and it never get solved, just says Delete failed.
And sometimes Access Denied.
10-20-2011 02:28 PM
The Hosts file is not used only by malware for redirection. It can also be used legitimately to block access to known dangerous sites. You could make the file "Read Only" but some malware can still get around that. The best thing to do in your case is to eliminate the malware and reset the Hosts file to its default, which can be done with a Microsoft Fix-it tool:
10-27-2011 03:23 AM
Restart your computer in Safe Mode with Networking. Double-click Norton icon to run a full system scan, check if it detects and removes the threat. If the problem persists, then download and run the Norton Power Eraser tool in Safe Mode:
Check if it detects any threats. If you are not sure about the detections made by NPE, let us know the file details.
11-01-2011 04:10 PM - edited 11-01-2011 04:26 PM
Blocking Host file means blocking many useful features. I use Host file to develop & test web apps locally. Its also useful when you host a website in your home/corporate network. If you want to see URL-sensitive web app before DNS propagation, Host file again comes handy. Many times, you need to edit Host file programatically using a program. So, Norton 360 shouldn't stop programs from editing HOST file.
When it comes to Securityrisk.URLRedir threat, it has nothing to do with Host file. A Host file entry doesn't make anything to redirect to another page. A Host file acts like a local DNS server. Means, you can get different contents under the URL (which is in Host file) but URL redirection can't be happened because of Host file.
Securityrisk.URLRedir threats generally alter registry entry of targeted programs to redirect URLs. Norton 360 is unable to remove it because threats are running persistently with Windows system files. If it is unable to remove threats even after restart, there's atleast one rootkit involved. Rootkits generally executes with system boot even when Norton 360 is not started.
So, you need to remove Rootkit(s). Norton 360 can't do this, but Norton Power Eraser can.
Download Norton Power Eraser: http://security.symantec.com/nbrt/npe.aspx & run it (there's no need to install it). You'll need to include Rootkits in scan. Click restart & let Norton Power Eraser take care of all those threats..