Haha
I like my icon too,I only hope when I get better at Understanding PC's as you described.Norton will have a tiger icon to note the transformation!!!
I couldn't think of a better expression
Message Edited by mo on 03-09-2009 06:38 AM
Alas, you won't believe it, but I've been delayed again - this time by Windows Defender finding what it calls a "settings modifier". It just updated itself a little while ago, and it has come up with this:
SettingsModifier: Win32/PossibleHostsFileHijack. Alert level: Medium
file: C:\Windows\system32\drivers\etc\hosts
I don't know whether this is a false positive and whether I should quarantine, ignore or clean it.
I clicked on the link Windows Defender supplied:
http://www.microsoft.com/security/po...08427027806866
I ran a QuickScan with NIS 2007, it didn't find anything, now I'm running a full scan, it hasn't found anything so far. I find this very odd and I wonder if the above is a false positive, I'm posting in another forum...Has anyone else got this symptom after the latest Windows Defender update? Until then, I will certainly not remove any security software in case there really IS something nasty lurking on my laptop.
Update: NIS full system scan has finished - it didn't find anything. I'm still wondering if what Windows Defender found is not a false positive...?
I would like to swear, but I am supposed to use clean language. One of my linguistic lecturers told me that a language without swear words is not a real language at all :-)
Message Edited by Moby_Duck on 03-09-2009 04:49 PM
Okay, at the risk of sounding like I’m talking/writing at a wall, since this seems to be a Windows Defender issue…I was told in the other forum I am subscribed (cybertechhelp) to run Norton’s scanner online. I had already run a scan with my NIS 2007 software, so I went online to use the online Norton scanner. It didn’t find anything. I think it very unlikely that both NIS scans (by NIS 2007 and then by the online scanner) would fail to find something. Anyway, I’m still squatting here feeling a nitwit and with no idea in the world what to do. 
Back again, exhausted and droopy-eyed.
It was not a false positive and Norton simply didn't catch the bug (!). Anyway, problem solved. For now. I went to chat with a Microsoft expert, Jem, and s/he accessed my computer via remote connection, stated that there was a baddie in the hosts file, and re-created the hosts file. After that, the computer was rebooted, Windows Defender run again...and the scan came up clean. Jem sent me the summary of the action taken in an e-mail, here it is:
---
Problem Description: Browser Hijacker Troubleshooting Performed: Action: Check host file Result: Delete the old host file then created a new host file Action: On Windows Defender Result: Clicked remove all infections Action: Restart computer, run Windows Defender
---
Symantec folks, please add the name of the following baddie to your virus definition files:
Win32/PossibleHostsFileHijack
It seems to like to reside in: C:\Windows\system32\drivers\etc\hosts
Windows Defender considers it a "settings modifier".
Risk: Medium.
The Path stated is a legit file "C:\Windows\system32\drivers\etc\hosts"
Either Malware Replaced the legit "Hosts" file with it's own, or there was a bad entry in the "Hosts" file.
For people reading and thinking "C:\Windows\system32\drivers\etc\hosts" is bad and they have one.
Quads
Possible false positve. See this thread:
http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=37891
To see if there are any entries inside the "Hosts" file you can open it with Notepad, and see what entries have 127.0...........
Or use a program like Hostsxpert from I think off the top of my head funkytoad.
Spybot S&D also uses the Hosts file and inserts entries.
Quads
I would like to say "Windows Defender kick-in-the-bottom" (come on, that languge is still clean, just the semantics is vaguely insulting), but I must also say that the Microsoft analyst was very patient with me. S/he created a new hosts file for me. I hope that hasn't/won't damage anything?
Nice to know that I, a computer nitwit, was right about the false positive, though...It gives me a vague feeling of useless satisfaction :-)
Message Edited by Moby_Duck on 03-10-2009 09:06 AM
I am linking this thread to my second thread over here - they belong together:
http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39088
I thought this thread had been accidentally deleted a few months ago. It resurfaced after a few hours - and I had already opened a second thread, which is the continuation of this one :-)
Computer specs: Sony-Vaio laptop running on Windows Vista Home Premium SP1, about 11 months old.
Security software: Windows Defender and NIS 2007.
I am currently being offered a free upgrade to NIS 2009 and have already downloaded the installer from the LiveUpdate Notice link. I've chatted to a few Symantec experts about removing NIS 2007, and there seem to be two methods:
install NIS 2009 over NIS 2007, during which the former will remove the latter, or download the removal tool and run it directly (without previous deinstallation via add/remove programs) and run it twice, rebooting after each run; then install NIS 2009.
I am not sure which method is better/safer. Also, I would like to disconnect from the internet during the deinstallation and installation, but the NIS 2009 installer looks tiny (about 667 KB), so I guess it will have to connect to the internet to downloaded the whole package?
All in all: which is the best method to remove NIS 2007 to clear the premises for a problem-free NIS 2009 installation? Can someone please give me precise steps? Thank you in advance 
Message Edited by Moby_Duck on 02-19-2009 11:22 AM
Message Edited by Moby_Duck on 02-19-2009 11:23 AM