This is the first time I've posted an enquiry, so I wll try my best to keep it clear and understandable.
Infection was detected a few days ago on my girlfriends Laptop while she was on a genuine British newspaper website. The Virus protection which is always kept up to date (Dr.Web) threw up a window suggesting a file is infected.
Unfortunately she doesn't remember exactly what happened after this point. She succesfully Quarantiened/blocked this file at the time by one of the options Dr.Web offers.
I was away, so when I returned a couple of days later, I ran a full Dr.Web Scan and AdAware scan, and little more was found than a few tracking cookies etc. (Dr.Web didn't find anything).
My Girlfriend had noticed that when she goes to Login to Natwest the page which ask for specific numbers of her PIN (either first, third or fourth etc digit) was also requesting the full PIN too. I took a look at this page and it looked identical to the proper Natwest page, but just had one extra box requesting full PIN.
I don't know if this was redirecting the browser (IE7), as the whole page supported geniune links to other parts of Natwest, and the web address was identical to what it should be.
I then ran the various checks/scans suggested on this page inc:
1. Ran the Microsoft® Windows® Malicious Software Removal Tool (found nothing)
2. Ran ATF-Cleaner
3. Ran Malwarebytes' Anti-Malware (and this detected a number of infections and removed them)
4. Ran the ESET Online scanner (found nothing)
After doing all this, IE still showed the page incorrectly with this extra box present. Firefox (and Google Chrome that I was trying out the other day) didn't have this issue, they displayed the page correctly.
I then looked into HOSTS file related topics, which whatever I have done, seems to have sorted out the issue, and this is where my question lies...
I really don't understand how to manage HOSTS file utilities yet, however I downloaded HostsMan (abelhadigital.com) and 'Updated' the HOSTS file. Merely doing this seems to have fixed the issue.
When I view the HOSTS file in C:/Windows/Sys32/Drivers/etc/hosts it is huge ! And has hundreds of entries within it. Is this correct ?
Would someone be able to advise what I should to to ensure this issue does not occur again.
Also, I have finally made a decision to always use FireFox (which may have been the first suggestion!)
Thanks for reading, and any logs or reports needed, ask away.