Hello All,
Running Windows XP SP3 OS, NOT updated to Win7.
I run daily sweeps of Adaware and keep running into the same infection???: "Hostsfile entry mpa.one.microsoft.com (127.0.0.1)@20 " and Adaware says,
when I click on remove,
'successfully removed', and, 'reboot required'. I reboot, run the scan again, same thing over and over again. Now in the 7th cycle of this.
I ran Trend Micro yesterday and it says it found and cleaned a virus. BUT this same issue keeps coming up with each scan. I've googled it and not found a similar problem... so far. I checked the postings here, albeit briefly, and didn't see it, so hence this posting.
Help a frustrated sortanuub?
I also use Avast, Spybot, and spywareblaster.
Argh.
Thanks!
Full Version: "Reboot Required" msg
I Googled "mpa.one.microsoft.com" and apparently this is a hosts file entry which blocks connection to Microsoft's Windows Genuine Advantage (WGA) servers. It's not an infection - it prevents your PC from "phoning home" when trying to validate your Windows registration. I can only think of 2 reasons why the entry was added to the hosts file:
1. it's intentionally added by those using pirated copies of Windows (which seemed to be the topic of some of the Google hits)
2. malware added the entry to prevent Windows updates.
If neither of these is a problem, you can choose to "Ignore" with Ad-Aware. Note, if you're using Ad-Aware 8.1, some have reported a problem with Ignored items being continually redetected, so there's a chance your problem won't be solved.
If you do want to delete the hosts file entry:
1. find the hosts file at C:\WINDOWS\system32\drivers\etc
2. right-click properties and uncheck "read only."
3. open the hosts file with Notepad or Wordpad.
4. Use Ctrl-F or Edit/Find to find the entry for mpa.one.microsoft.com
5. delete the entire line 127.0.0.1 mpa.one.microsoft.com
6. Use Ctrl-S or File/Save to save the file, then close.
7. right-click properties to reset the file to "read only."
1. it's intentionally added by those using pirated copies of Windows (which seemed to be the topic of some of the Google hits)
2. malware added the entry to prevent Windows updates.
If neither of these is a problem, you can choose to "Ignore" with Ad-Aware. Note, if you're using Ad-Aware 8.1, some have reported a problem with Ignored items being continually redetected, so there's a chance your problem won't be solved.
If you do want to delete the hosts file entry:
1. find the hosts file at C:\WINDOWS\system32\drivers\etc
2. right-click properties and uncheck "read only."
3. open the hosts file with Notepad or Wordpad.
4. Use Ctrl-F or Edit/Find to find the entry for mpa.one.microsoft.com
5. delete the entire line 127.0.0.1 mpa.one.microsoft.com
6. Use Ctrl-S or File/Save to save the file, then close.
7. right-click properties to reset the file to "read only."
QUOTE(visitor @ Nov 3 2009, 04:35 PM) 
I Googled "mpa.one.microsoft.com" and apparently this is a hosts file entry which blocks connection to Microsoft's Windows Genuine Advantage (WGA) servers. It's not an infection - it prevents your PC from "phoning home" when trying to validate your Windows registration. I can only think of 2 reasons why the entry was added to the hosts file:
1. it's intentionally added by those using pirated copies of Windows (which seemed to be the topic of some of the Google hits)
2. malware added the entry to prevent Windows updates.
If neither of these is a problem, you can choose to "Ignore" with Ad-Aware. Note, if you're using Ad-Aware 8.1, some have reported a problem with Ignored items being continually redetected, so there's a chance your problem won't be solved.
If you do want to delete the hosts file entry:
1. find the hosts file at C:\WINDOWS\system32\drivers\etc
2. right-click properties and uncheck "read only."
3. open the hosts file with Notepad or Wordpad.
4. Use Ctrl-F or Edit/Find to find the entry for mpa.one.microsoft.com
5. delete the entire line 127.0.0.1 mpa.one.microsoft.com
6. Use Ctrl-S or File/Save to save the file, then close.
7. right-click properties to reset the file to "read only."
1. it's intentionally added by those using pirated copies of Windows (which seemed to be the topic of some of the Google hits)
2. malware added the entry to prevent Windows updates.
If neither of these is a problem, you can choose to "Ignore" with Ad-Aware. Note, if you're using Ad-Aware 8.1, some have reported a problem with Ignored items being continually redetected, so there's a chance your problem won't be solved.
If you do want to delete the hosts file entry:
1. find the hosts file at C:\WINDOWS\system32\drivers\etc
2. right-click properties and uncheck "read only."
3. open the hosts file with Notepad or Wordpad.
4. Use Ctrl-F or Edit/Find to find the entry for mpa.one.microsoft.com
5. delete the entire line 127.0.0.1 mpa.one.microsoft.com
6. Use Ctrl-S or File/Save to save the file, then close.
7. right-click properties to reset the file to "read only."
Thanks! I have a genuine copy, so will just set it to ignore. Funny, I could not find it when I googled. I appreciate your help!
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help 
If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.
Everyone else please begin a New Topic.
Thank you !
If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.
Everyone else please begin a New Topic.
Thank you !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.