Malware | Simda.AT Infection Check

Simplified check for beginners and manual check for experts

Overview

Simda.AT is malware which infects Windows OS. It modifies hosts file contents to redirect legitimate traffic.

Simplified check for beginners

Check whether your hosts file is modified by Simda.AT

You need to enable JavaScript for simple check.

Manual check for advanced users and administrators

Open the folder "C:\Windows\System32\drivers\etc"
If you are infected, you'll find hosts.txt and hosts file with system file attribute.
Hosts file folder in clean system
Hosts file folder in infected system
Open the hosts file and go to the bottom of the file contents
If you are infected, you'll find lots of empty lines injected. Notice scrollbar on the right.
Hosts file in clean system
Hosts file in infected system
You can find injected host records at the bottom of infected hosts file contents.

References

Microsoft - How can I reset the Hosts file back to the default?

URL: http://support.microsoft.com/kb/972034

TO TOP PAGE

Partner