1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

rename hostagf to host??? svchost a virus?

Discussion in 'Virus & Other Malware Removal' started by jarp12, Apr 27, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. jarp12

    jarp12 Thread Starter

    Joined:
    Apr 27, 2004
    Messages:
    4
    My first post so if you need more info let me know. I'm getting the rename host thing when I restart my comp.

    Here's my hijack this log:

    Logfile of HijackThis v1.97.7
    Scan saved at 7:58:46 PM, on 4/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\tbctray.exe
    C:\Program Files\AdsGone\adsgone.exe
    C:\Program Files\D-Link AirPlus G\AirPlus.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Google\ggviewer81-30.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jarp\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
    O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O9 - Extra button: AdsGone (HKLM)
    O9 - Extra 'Tools' menuitem: &AdsGone Settings (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38095.9225115741
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Its a clean log..whats the exact message?

    ;)
     
  3. jarp12

    jarp12 Thread Starter

    Joined:
    Apr 27, 2004
    Messages:
    4
    When I restart my computer, a box pops up and says " Are you sure you want to rename hostagf to host?" then you click yes or no and the computer restarts.

    But no matter what you hit it always says the message at shut down and restart.

    Thanks for looking.
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
  5. jarp12

    jarp12 Thread Starter

    Joined:
    Apr 27, 2004
    Messages:
    4
    I tried all of them to be safe. :)

    I'm clean but the message still pops up. :(


    edit: Ok, wait a sec.....I have adsgone installed and I just exited it from my system tray and that folder popped up.......I hit no but I dont know what that has done......


    edit No. 2: OK!! :) I uninstalled adsgone and moved 2 read only files from the c:windows/system32/drivers/etc folder they were called "hosts" and "hostsagf_" , anytime I exited adsgone from the systray and watched that folder and the message would pop up the filename would change. Since I moved them I do not get the message anymore. Not sure what I did to get that message but it's gone for now and I'm ok with that. :|


    Thanks for all the help! And these forums are the awesome!
     
  6. TTman

    TTman

    Joined:
    Jun 19, 2001
    Messages:
    10
    so is the error from ADSGONE??? i have the same problem too & am running ADSGONE...
     
  7. jarp12

    jarp12 Thread Starter

    Joined:
    Apr 27, 2004
    Messages:
    4
    It seems it was....there was also a newer version of Adsgone 2004 ver 4.9.2 build 16 is what I have...find those files in the folder I mentioned, get rid of them and reinstall the newer adsgone if you don't have it already and it should fix it..

    Since I origanlly posted this in April I have had no such message.

    My dislcaimer: This worked for me but I don't back it up completely since I am not fully aware of what the files that I got rid of did but since it was fixed I say try it!


    Good luck!
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224511

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice