0

A very strange thing is happening on my Windows 11 installation on every reboot:

A loopback rule that points www.virtustotal.com to 127.0.0.1 (localhost) add itself on every reboot, I'm suspecting some malicious malware tool... My Windows Defender is not reporting anything.

Anyone else have this issue? I can remove the rule manually but I like a permanent solution and of course finding the perpetrator. This is the rule automatically adding itself to my Win11 hosts file:

127.0.0.1      www.virustotal.com

What can I do to further investigate this strange issue?

Edit: I found the perpetrator using free "Kaspersky Virus Removal Tool", which did a great job indicating the path of the malware file. The malware was also running in my System Memory which caused the adding of the "127.0.0.1 www.virustotal.com" line in my hosts file.

After deleting the malware disguised as "msedge.exe" and rebooting the pc, the trojan horse was out of my pc case and the hosts file found back its peace.

Kleajmp
  • 400
  • 2
    The pc is infected. Update and run Malwarebytes Free. – Gantendo Nov 25 '23 at 22:19
  • 1
    If there are important files on that pc you may want to connect the drive to a different computer and scan that way so potential hypothetical ransomware can not do more damage. – Gantendo Nov 25 '23 at 22:22
  • I'm doing this now. Thanks I already thought this was suspicious. Some malware arisen as "msedge.exe" in my system32 folder is detected, I removed it. Now lasts something in my "system memory" which could not be removed yet... I'm doing a full system disk scan now to be sure my storage is clean. I hope a reboot removes it from my system memory. – Kleajmp Nov 25 '23 at 22:49
  • msedge.exe is absolutely NOT malware – Ramhound Nov 26 '23 at 00:42
  • yes it was, not the MS-one of course but some malware disguised as "msedge.exe" somewhere deep in the %APPDATA% folder. – Kleajmp Nov 29 '23 at 23:40

0 Answers0