I have noticed that my computer,internet connection in specific is super slow the last few days(Internet connection normal, but traffic is NOT). I checked everything concerning the service and sp33d of connection and nothing was wrong. I also checked with my ISP and nothing was wrong...
I also noticed that the Hosts file in win sys. dir is CHANGED. The ip address that was supposed to be 127.0.0.1 is always changes when I change it back to 127.0.01.

Note the IPs change only for these sites for some reason:



127.0.0.1 easymusicdownload.com
127.0.0.1 ikazaa.net
127.0.0.1 kazaagold.com
127.0.0.1 kazaa-plus.net
127.0.0.1 music-download-world.com
127.0.0.1 song-download-world.com
127.0.0.1 www.download-doctor.com
127.0.0.1 www.easymusicdownload.com
127.0.0.1 www.edonkey.com
127.0.0.1 www.flixs.net
127.0.0.1 www.ishareit.com
127.0.0.1 www.ishareit.net
127.0.0.1 www.kazaa-download.de
127.0.0.1 www.kazaa-file-sharing-downloads.com
127.0.0.1 www.kazaagold.com
127.0.0.1 www.kazaaplatinum.com
127.0.0.1 www.kazaa-plus.com
127.0.0.1 www.kazaa-plus.net
127.0.0.1 www.k-lite.com
127.0.0.1 www.madeformusic.com
127.0.0.1 www.monstershare.com
127.0.0.1 www.mp3downloadhq.com
127.0.0.1 www.mp3madeeasy.com
127.0.0.1 www.mp3specialty.com
127.0.0.1 www.mp3u.com
127.0.0.1 avmailserverlocal


I also noticed that there are alot of email veruses that are coming out these days.

Anyways, I'm not that stupid not to have any protection. I have Sygate PF pro. With H+BEDV antivir workstation(I update everyday).

I used different antiviruses to try to find that "thing", by uninstalling an AV and installing the other, and using online scan.

I used MSDOS(C prompt) to netstat and found that the computer is connecting to LOCAL HOST (itself) from different ports for some reason. I also noticed many connections when using the internet, which indicates that there is something connecting wihout my knowledge.

I also use adaware and spybot and other shit to try to find that "thing" but there is not hope. I know it's there, may be a virus or a trojan or something, but nothing can find it.

I also recieve emails from my sister's and other's hotmail and yahoo accounts, where my sis is actually living in the same house and not using the internet. I also changed all my pa$$words, beause I know that there is something going on. The emails contain viruses and worms and such stuff. Of course I am not stupiid enough to open these attachments, but I know that I have a virus that is not...

I check almost every single program for h!jurking and if these programs are doing something stupid, but no hope.
PLEEEEAAAAAAASE HELP ME. Why can't I find this Virus/worm or whatever?Did I miss something?Is is just me?


Specs and PC info:
A PIIIE computer runing on 1.00GHz
with WinXp pro with no SPs
Using ADSL that is setup and running properly
No router(s)
standalone(no netwok)

Sonic you sound like you have all base's coverd Slow ISP or mabey they have a problem? On a hub? or router?

What p2p you using? Kazza gold? Host file is probly a good start to check

127.0.01 isn't a valid ip.
127.0.0.1 is.
Why are you changing it?

First off I mentioned that I checked with the ISP and nothing is really wrong, according to my measurements, because the traffic is going grazy that is what makes me worry. 2nd of all, the local host is 127.0.0.1 (was a typo in my post)
I change it from for ex 65.xx.xx.xxx back to local host (127.0.0.1) and some "thing" changes it back to that ha#ker's or maleware website IPs. Does that make sense?
No, no routers no nothing. I use the ol' klite 2.4.3e and Shareaza. BTW: I check these applications and figured out that they are not causing the problem.
The speed of the internet connection is like usual, BUT there is more traffic than usual. For ex. Ddos attacks and that scares me :blink:

Have you locked down your HOSTS file with SpyBot-S&D?

No! how do I do that? btw: my goal is to FIND that sh!t , not only blocking the HOSTS, whch is a temp. solution.

Originally posted by supersonic@21 February 2004 - 06:42
First off I mentioned that I checked with the ISP and nothing is really wrong, according to my measurements, because the traffic is going grazy that is what makes me worry. 2nd of all, the local host is 127.0.0.1 (was a typo in my post)
I change it from for ex 65.xx.xx.xxx back to local host (127.0.0.1) and some "thing" changes it back to that ha#ker's or maleware website IPs. Does that make sense?
No, no routers no nothing. I use the ol' klite 2.4.3e and Shareaza. BTW: I check these applications and figured out that they are not causing the problem.
The speed of the internet connection is like usual, BUT there is more traffic than usual. For ex. Ddos attacks and that scares me :blink:
OK. Sorry, I misunderstood the problem, thinking you'd changed the ips to 127.0.01 and they were being corrected. :)

Anyway... When do you notice the change happening? If it's after a reboot then you've got very little chance of finding what's doing it but if it's happening during a windows session you should be able to track down the culprit.
Change the ips you want then save and close the file, but keep it's directory open viewing in detail mode, then sort by name and scroll to the bottom of the window.
Leaving that window open, start opening suspected applications until you see the hosts file appear at the bottom of the list. When a file's properties are changed, it's removed from the list and added again, which makes it appear at the end of a list in an open window.

I actually did that. I tested every lil application I have, but nothing happened, so I think it is happening during a reboot. I dont have many apps in my comp. They are just eh pop. essensials, like sygate pf,AV,IE,Photoshop,Msn,Klite,Shareaza,Download accelerator and acrobat reader.