C:\WINDOWS\system32\drivers\etc\y2

[Guru]

This folder seems to have some virus infected files in

Norton something
and ret.bat

There is also a file called kill.bat in there and some other dubious ones.

What is this folder? Can I just delete the lot?

I had 6 viruses and this is where the mostly were.

Cheers,

G

 

[garyh]

Yes, its completely safe to delete all the folders within this directory as it should only contain the following files;

HOSTS
LMHOSTS
networks
protocol
services

This area is often used to disguse malware as it is heavily hidden down in the Windows folder structure.

You may also wish to check the HOSTS file with a text viewer such as notepad to make sure it has not been altered to poison your DNS records for anything.. it should only have the following record;

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost