Found a hosts hijack and I have a few security questions.

[REDACTED]

I got a virus a long time ago that attempted to install a rootkit pertaining to the SSL DLL. Avast stopped it, and I had to remove the remnants. As of recent I have had a problem with Skype having an odd error message. I could not find anything that may point to a virus here. I even scanned the Skype installation. A forum post told me to reset my hosts file. When I looked at it, it had several localhost (127.0.0.1) redirects. I looked up the sites that the redirects were set to on Norton Web Safe and they all were marked as unsafe. I believe these have been here a while. What confuses me is why they would redirect localhost, not Google's IP or any other. Why did they redirect 127.0.0.1? Is it possible that these redirects were somehow working in the background to steal my information? What should I do or check as a precaution?

[Pondus]

for help follow instructions  >>  https://forum.avast.com/index.php?topic=194892.0

[REDACTED]

for help follow instructions  >>  https://forum.avast.com/index.php?topic=194892.0

This is what I did after I got the virus. I did all the tasks that I was instructed to do. I was just hoping that you or someone else has some answers to my concerns. I'm not looking for anything specific to what I was infected with. Just something general.

[Pondus]

When I looked at it, it had several localhost (127.0.0.1) redirects. I looked up the sites that the redirects were set to on Norton Web Safe and they all were marked as unsafe. I believe these have been here a while. What confuses me is why they would redirect localhost, not Google's IP or any other. Why did they redirect 127.0.0.1? Is it possible that these redirects were somehow working in the background to steal my information? What should I do or check as a precaution?

Looked at what?

[polonus]

@sweeten.jacob,

Could it by any means be you are using the firefox browser?
Could it be you have a habit of misspelling urls or search queries.

That could be an explanation for the local redirects to 127.0.0.1 you see,
as it is an old function in firefox that does that on misspelling,
and that could then be flagged.

But I am not a clairvoyant and I could be wrong,
but at least this comes to mind,

polonus

[essexboy]

HOST redirect malware is quite common and is usally a result of a driveby infection

It is very old and has been used for a long time, still re-appearing ocasionally

http://www.trishtech.com/2013/03/redirect-or-block-web-sites-using-hosts-file/

[REDACTED]

When I looked at it, it had several localhost (127.0.0.1) redirects. I looked up the sites that the redirects were set to on Norton Web Safe and they all were marked as unsafe. I believe these have been here a while. What confuses me is why they would redirect localhost, not Google's IP or any other. Why did they redirect 127.0.0.1? Is it possible that these redirects were somehow working in the background to steal my information? What should I do or check as a precaution?

Looked at what?

The hosts file.

[REDACTED]

@sweeten.jacob,

Could it by any means be you are using the firefox browser?
Could it be you have a habit of misspelling urls or search queries.

That could be an explanation for the local redirects to 127.0.0.1 you see,
as it is an old function in firefox that does that on misspelling,
and that could then be flagged.

But I am not a clairvoyant and I could be wrong,
but at least this comes to mind,

polonus

I only use Google Chrome.