CCMUA2009 Posted January 24, 2010 ID:188353 Share Posted January 24, 2010 How does one access to see what are in the host files on one's computer?Is this something that one should not mess with? Link to post Share on other sites More sharing options...
mountaintree16 Posted January 24, 2010 ID:188355 Share Posted January 24, 2010 You shouldn't mess with it unless you know what you are doing or are under the guidance of someone who knows what they are doing. Link to post Share on other sites More sharing options...
chimpy Posted January 24, 2010 ID:188358 Share Posted January 24, 2010 Host file is normally read only in vista (you can write on it but when it comes to save it it will tell you you do not have permission), so opening it should not be a problem, unless you have a hosts program you will probably find little in there apart from a sample.To look at it you will find it here C:\Windows\system32\drivers\etc\hosts Link to post Share on other sites More sharing options...
CCMUA2009 Posted January 24, 2010 Author ID:188361 Share Posted January 24, 2010 so can spyware, malware, virus, and other assorted nasties hang out in there? Can a malicious IP address be placed in there? Link to post Share on other sites More sharing options...
mountaintree16 Posted January 24, 2010 ID:188363 Share Posted January 24, 2010 the only thing I am nearly 100% sure on regarding your question about malware etc residing in there - I believe that malware can alter hosts files but not actually reside there. I'll double check with someone that might know. I'm curious too.What do you mean by a malicious IP being placed there? I'm sorry, but that doesn't' really make any sense to me.Do you use a program such as HostsMan to manage your HOSTS files, or are you taking about the HOSTS that are already on the computer, with SpyBot or? Link to post Share on other sites More sharing options...
ShanOw Posted January 24, 2010 ID:188364 Share Posted January 24, 2010 Malware can make changes to your hostfile to do a variety of things:- It can point URL's to "Localhost" effectively blocking them. (This is what Spyware Blaster and Spybot S&D do, only they block malicious sites using the HOSTS file.)This allows them to block access to anti-virus websites, microsoft updates etc.- Allows you to redirect a url to the wrong IP address; Example:Having this line in your hosts file will redirect Yahoo.com to google.com:74.125.67.100 yahoo.comMalware can use this to hijack your browser and point it to malicious URL's.I hope this helps your understanding of the HOSTS file Link to post Share on other sites More sharing options...
CCMUA2009 Posted January 24, 2010 Author ID:188372 Share Posted January 24, 2010 yes, what I was wondering is if one accidentally visits a malicous or unsafe website, can that cause the host files to get messed with? I think we may have accidentally visisted a malicious website. But all my security scans ( Norton my real time security, SpyBOT, Malwarebytes, and windows defender - all on demand scanners) all scan cleanso if there were something that messed with my hostfiles, the scans would detect that right? Link to post Share on other sites More sharing options...
chimpy Posted January 24, 2010 ID:188374 Share Posted January 24, 2010 Hopefully they would but no scanner is ever 100% so the only way you would know if something bad wrote its self to your hosts is if by browser redirects you when visiting a good site or if you want check your hosts and make sure that the web addys in there have this IP 127.0.0.1 thats your local one that everyone has, that addys loops back to your computer so you do not get a redirect. http://en.wikipedia.org/wiki/Localhost Link to post Share on other sites More sharing options...
YoKenny1 Posted January 24, 2010 ID:188380 Share Posted January 24, 2010 Read about the HOSTS file:Blocking Unwanted Parasites with a Hosts Filehttp://www.mvps.org/winhelp2002/hosts.htmOn XP the HOSTS file is monitored by Windows Defender and will alert you if it is modified.HostsMan is good for managing the HOSTS file and I use hpHosts and MVPS HOSTS file:http://www.abelhadigital.com <== I use HostsMan 3.2.71 Beta7The browser speedup proxy that comes with HostsMan is HostsServer and has a logging function to see the effectiveness of the HOSTS file.I do not used the Spybot S&D HOSTS file as it is not as well maintained as the 2 I use. HostsMan has to Run as administrator on Vista and Windows 7 and can be set to check for updates automatically. Link to post Share on other sites More sharing options...
CCMUA2009 Posted January 24, 2010 Author ID:188382 Share Posted January 24, 2010 Chimpy- what do you mean bycheck your hosts and make sure that the web addys in there have this IP 127.0.0.1 thats your local one that everyone has, that addys loops back to your computer so you do not get a redirect. so if I went in the host files would there be all the web addresses that I recently visited? hope you don't mind me asking, But woudl these be considered a browser redirect:1.You go to a web page that you intend to visit, but then get one of those rouge antivirus pop ups?2. you go to a web page you intended to visit then you get what appears to be a Windows box pop up tha says "Internet Explorer cannot open this page" Link to post Share on other sites More sharing options...
ShanOw Posted January 24, 2010 ID:188384 Share Posted January 24, 2010 That would be a browser hijack I think.. Link to post Share on other sites More sharing options...
chimpy Posted January 24, 2010 ID:188385 Share Posted January 24, 2010 If you look in your hosts file and you have entries in it, look at the number next to the entry, it should be the number I posted, if not then yes something is wrong in the hosts file. But you will only have entries in it if you have something like Spybot or Spywareblaster or Hosts man that writes things to your hosts file, otherwise it remains blank unless you want to manually enter address's to it.Question one I am not sure as I have never had that happen touch wood.Question two IE or FF sometimes can not connect you to the page for many reasons, maybe your bandwidth at the time was being drained on something else like streaming YT vids or the page in question was down for maintainance, I would give it 30 mins or a hour and try again on that one. Link to post Share on other sites More sharing options...
mountaintree16 Posted January 24, 2010 ID:188389 Share Posted January 24, 2010 I am not sure if you saw my reply to some of your other posts, so I apologize if I am repeating myself, but, you seem very concerned that you are infected soPLEASE get your system checked. 1.You go to a web page that you intend to visit, but then get one of those rouge antivirus pop ups? This can happen due to outdated programs and plugins, a hacked website and.or Facebook application, or getting redirected by an infection you already have. I may be missing a few, but these are the most common.2. you go to a web page you intended to visit then you get what appears to be a Windows box pop up tha says"Internet Explorer cannot open this page" That can mean that your internet isn't on/is temporarily not working, that the website doesn't exist, or that your HOSTS file is blocking it, depending on the HOSTS setup that you have, or it could be an infection if you are trying to to to an Anti-Virus or other security-minded website. Link to post Share on other sites More sharing options...
CCMUA2009 Posted January 24, 2010 Author ID:188392 Share Posted January 24, 2010 Cool thanks all we have had that happen where we go to a website like facebook, and then as we click to pages sometimes ( like not every day) the Internet Explorer cannot open this web page message pops up. So to be safe we close out using task manager. then click on IE7 againa nd have no problems. So maybe that is IE7 blocking malicious content by not allowing it to open? Link to post Share on other sites More sharing options...
mountaintree16 Posted January 24, 2010 ID:188394 Share Posted January 24, 2010 Welcome. Might be your hosts file blocking it. Wait, you clicking on random links in Facebook?As for Facebook, just directly type www.facebook.com into the browser, that way you KNOW its correct Same goes for other websites that you regularly visit, type them directly in or click on the link in your favorites Link to post Share on other sites More sharing options...
CCMUA2009 Posted January 24, 2010 Author ID:188397 Share Posted January 24, 2010 Cool thanks all we have had that happen where we go to a website like facebook, and then as we click to pages sometimes ( like not every day) the Internet Explorer cannot open this web page message pops up. So to be safe we close out using task manager. then click on IE7 againa nd have no problems. So maybe that is IE7 blocking malicious content by not allowing it to open?No not the ad links on facebook, but like friends pages, etc Link to post Share on other sites More sharing options...
mountaintree16 Posted January 24, 2010 ID:188399 Share Posted January 24, 2010 Well a friends profile is fine, as are the links to leave a comment or something, but be EXTREMELY cautious of video links and other links your friends might post. Sometimes these can contain the Koobface worm and other malware, and they post them a lot because they're infected and its not REALLY them posting it.Basically, be very careful on Facebook and don't use applications and whatnot. Link to post Share on other sites More sharing options...
CCMUA2009 Posted January 24, 2010 Author ID:188404 Share Posted January 24, 2010 thanks allSo the fact that I use my computer as a limited user account where I can't even update malwarebytes with out running as admin, or I can't even delete programs without using the admin passcode ( so what I'm saying is as the limited user i can't make any changes without the admin pass code)So that fact, would that alos keep changes from happening to the host files? Link to post Share on other sites More sharing options...
YoKenny1 Posted January 24, 2010 ID:188405 Share Posted January 24, 2010 IE8 is much safer than IE7:Stay Safer Onlinehttp://www.microsoft.com/windows/internet-...ures/safer.aspxYou need to read Blocking Unwanted Parasites with a Hosts File to understand how a HOSTS file works. Link to post Share on other sites More sharing options...
chimpy Posted January 24, 2010 ID:188407 Share Posted January 24, 2010 @CCMUAS2009 no a limited account would not stop something writing itself to the hosts, a limited account will protect you by asking for permission before installing a download like MBAM but a drive by DL through flash or a pdf exploit is something that does not need permission to DL, it just does it. Link to post Share on other sites More sharing options...
CCMUA2009 Posted January 24, 2010 Author ID:188410 Share Posted January 24, 2010 thanks againSo then that is where things like intrusion prevention (by my Norton) and the spyware scans like with malwarebytes come into play to either stop ( intrusion prevention) or detect (malwarebytes, spybot, windows defender)So again if those scans are all rather clean, then chances are pretty good ( nothing is 100%) that all is ok Link to post Share on other sites More sharing options...
chimpy Posted January 24, 2010 ID:188411 Share Posted January 24, 2010 I would say if you scan with a few things and they all comeback clean then your pretty good to go, but like someone else mentioned if you are worried still you can always click the links in that post and post in the HJT part. Link to post Share on other sites More sharing options...
mountaintree16 Posted January 24, 2010 ID:188414 Share Posted January 24, 2010 Yes, chances are you're fine, but like I and others have said before, if you are unsure, get checked and no scanner is 100%.Also, if you can afford it, it would be well-worth your money to purchase Malwarebytes - that way you'd have the realtime protection as well as the scanner, and its just $24.95 for a LIFETIME license for a single, home computer. Link to post Share on other sites More sharing options...
CCMUA2009 Posted January 24, 2010 Author ID:188415 Share Posted January 24, 2010 not finding on here where to get the HJT log? Link to post Share on other sites More sharing options...
ShanOw Posted January 24, 2010 ID:188417 Share Posted January 24, 2010 http://www.malwarebytes.org/forums/index.php?showforum=7 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now