RobinHood2024 Posted June 15 ID:1643125 Share Posted June 15 I use this program to reduce the size of Steven Black's hosts file so it will work better on Windows. When I ran a system scan using Malwarebytes, it picked it up as malware, thus: Generic.Malware/Suspicious, C:\USERS\[REDACTED]\DOWNLOADS\HOSTS\HOSTSCOMPRESS-X64.EXE, No Action By User, 0, 392686, 1.0.85890, , shuriken, , 1744795D9F41A3A2D07F2ADD046D0B9F, 360C8F169923254D1420336562AC12E15BF3B5FBF4AC0A3C1D8F17048862E1EC Ian Pride, the developer of this app, has confirmed that this is a false positive (https://github.com/Lateralus138/hosts-compress-windows/issues/3). 1 Link to post Share on other sites More sharing options...
Staff blender Posted June 15 Staff ID:1643159 Share Posted June 15 Hello, Thank you for reporting. This file should no longer be detected. As for the hosts file, I'll suggest placing it in the \windows\system32\drivers\etc directory where the HOSTS file normally lives. Some malware drop a HOSTS file in system32 and force the system to use that instead. (often to block AV/Windows/etc updates). If you don't want to do that, you can also exclude the HOSTS file in the system32 directory for your case. 1 Link to post Share on other sites More sharing options...
David H. Lipman Posted June 15 ID:1643176 Share Posted June 15 4 hours ago, RobinHood2024 said: I use this program to reduce the size of Steven Black's hosts file so it will work better on Windows. When I ran a system scan using Malwarebytes, it picked it up as malware, thus: The way to do etc/hosts file site negation so it works better is not use 127.0.0.1 but to use 0.0.0.0 instead. Example: 0.0.0.0 s0.2mdn.net 0.0.0.0 assets.lemonpi.io 0.0.0.0 cdn.rates.consumertrack.com 0.0.0.0 html5.adsrvr.org 0.0.0.0 zem.outbrainimg.com 0.0.0.0 rates.consumertrack.com 0.0.0.0 consumertrack.com 0.0.0.0 aka-cdn.adtechus.com Link to post Share on other sites More sharing options...
Lateralus138 Posted June 18 ID:1643509 Share Posted June 18 On 6/15/2024 at 2:46 PM, blender said: ...This file should no longer be detected... Thank you very much, I am the author of said software. On 6/15/2024 at 5:17 PM, David H. Lipman said: ...not use 127.0.0.1 but to use 0.0.0.0 instead... Steven Black's hosts files default to 0.0.0.0 for all blocked URLs and my software does not alter the entries in any way other than combining up to 9 urls into whatever IP it was before the software combines them (0.0.0.0 if it was already 0.0.0.0 and 127.0.0.1 if it was already 127.0.0.1). The only 127.0.0.1 entries in Steven's files are as follows: 127.0.0.1 localhost 127.0.0.1 localhost.localdomain 127.0.0.1 local 2 Link to post Share on other sites More sharing options...
David H. Lipman Posted June 18 ID:1643511 Share Posted June 18 (edited) Good, those are correct as if you TELNET, PING or PROXY on the alias 'localhost' then you are acting on the PC itself. If Steven's etc/hosts file is using 0.0.0.0 for external hosts negation, he is right on target. Edited June 18 by David H. Lipman Edited for content, clarity, spelling and/or grammar 1 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now