Jump to content

Host Files


CCMUA2009
 Share

Recommended Posts

Host file is normally read only in vista (you can write on it but when it comes to save it it will tell you you do not have permission), so opening it should not be a problem, unless you have a hosts program you will probably find little in there apart from a sample.

To look at it you will find it here C:\Windows\system32\drivers\etc\hosts

Link to post
Share on other sites

the only thing I am nearly 100% sure on regarding your question about malware etc residing in there - I believe that malware can alter hosts files but not actually reside there. I'll double check with someone that might know. I'm curious too.

What do you mean by a malicious IP being placed there? I'm sorry, but that doesn't' really make any sense to me.

Do you use a program such as HostsMan to manage your HOSTS files, or are you taking about the HOSTS that are already on the computer, with SpyBot or?

Link to post
Share on other sites

Malware can make changes to your hostfile to do a variety of things:

- It can point URL's to "Localhost" effectively blocking them. (This is what Spyware Blaster and Spybot S&D do, only they block malicious sites using the HOSTS file.)

This allows them to block access to anti-virus websites, microsoft updates etc.

- Allows you to redirect a url to the wrong IP address; Example:

Having this line in your hosts file will redirect Yahoo.com to google.com:

74.125.67.100 yahoo.com

Malware can use this to hijack your browser and point it to malicious URL's.

I hope this helps your understanding of the HOSTS file :)

Link to post
Share on other sites

yes, what I was wondering is if one accidentally visits a malicous or unsafe website, can that cause the host files to get messed with? I think we may have accidentally visisted a malicious website. But all my security scans ( Norton my real time security, SpyBOT, Malwarebytes, and windows defender - all on demand scanners) all scan clean

so if there were something that messed with my hostfiles, the scans would detect that right?

Link to post
Share on other sites

Hopefully they would but no scanner is ever 100% so the only way you would know if something bad wrote its self to your hosts is if by browser redirects you when visiting a good site or if you want check your hosts and make sure that the web addys in there have this IP 127.0.0.1 thats your local one that everyone has, that addys loops back to your computer so you do not get a redirect. http://en.wikipedia.org/wiki/Localhost

Link to post
Share on other sites

Read about the HOSTS file:

Blocking Unwanted Parasites with a Hosts File

http://www.mvps.org/winhelp2002/hosts.htm

On XP the HOSTS file is monitored by Windows Defender and will alert you if it is modified.

HostsMan is good for managing the HOSTS file and I use hpHosts and MVPS HOSTS file:

http://www.abelhadigital.com <== I use HostsMan 3.2.71 Beta7

The browser speedup proxy that comes with HostsMan is HostsServer and has a logging function to see the effectiveness of the HOSTS file.

I do not used the Spybot S&D HOSTS file as it is not as well maintained as the 2 I use.

HostsMan has to Run as administrator on Vista and Windows 7 and can be set to check for updates automatically.

Link to post
Share on other sites

Chimpy- what do you mean by

check your hosts and make sure that the web addys in there have this IP 127.0.0.1 thats your local one that everyone has, that addys loops back to your computer so you do not get a redirect.

so if I went in the host files would there be all the web addresses that I recently visited?

hope you don't mind me asking, But woudl these be considered a browser redirect:

1.You go to a web page that you intend to visit, but then get one of those rouge antivirus pop ups?

2. you go to a web page you intended to visit then you get what appears to be a Windows box pop up tha says

"Internet Explorer cannot open this page"

Link to post
Share on other sites

If you look in your hosts file and you have entries in it, look at the number next to the entry, it should be the number I posted, if not then yes something is wrong in the hosts file. But you will only have entries in it if you have something like Spybot or Spywareblaster or Hosts man that writes things to your hosts file, otherwise it remains blank unless you want to manually enter address's to it.

Question one I am not sure as I have never had that happen touch wood.

Question two IE or FF sometimes can not connect you to the page for many reasons, maybe your bandwidth at the time was being drained on something else like streaming YT vids or the page in question was down for maintainance, I would give it 30 mins or a hour and try again on that one.

Link to post
Share on other sites

I am not sure if you saw my reply to some of your other posts, so I apologize if I am repeating myself, but, you seem very concerned that you are infected so

PLEASE get your system checked. :)

1.You go to a web page that you intend to visit, but then get one of those rouge antivirus pop ups?

This can happen due to outdated programs and plugins, a hacked website and.or Facebook application, or getting redirected by an infection you already have. I may be missing a few, but these are the most common.

2. you go to a web page you intended to visit then you get what appears to be a Windows box pop up tha says

"Internet Explorer cannot open this page"

That can mean that your internet isn't on/is temporarily not working, that the website doesn't exist, or that your HOSTS file is blocking it, depending on the HOSTS setup that you have, or it could be an infection if you are trying to to to an Anti-Virus or other security-minded website.

Link to post
Share on other sites

Cool thanks all

we have had that happen where we go to a website like facebook, and then as we click to pages sometimes ( like not every day) the Internet Explorer cannot open this web page message pops up. So to be safe we close out using task manager. then click on IE7 againa nd have no problems. So maybe that is IE7 blocking malicious content by not allowing it to open?

Link to post
Share on other sites

Welcome. :)

Might be your hosts file blocking it.

Wait, you clicking on random links in Facebook?

As for Facebook, just directly type www.facebook.com into the browser, that way you KNOW its correct :) Same goes for other websites that you regularly visit, type them directly in or click on the link in your favorites :)

Link to post
Share on other sites

Cool thanks all

we have had that happen where we go to a website like facebook, and then as we click to pages sometimes ( like not every day) the Internet Explorer cannot open this web page message pops up. So to be safe we close out using task manager. then click on IE7 againa nd have no problems. So maybe that is IE7 blocking malicious content by not allowing it to open?

No not the ad links on facebook, but like friends pages, etc

Link to post
Share on other sites

Well a friends profile is fine, as are the links to leave a comment or something, but be EXTREMELY cautious of video links and other links your friends might post. Sometimes these can contain the Koobface worm and other malware, and they post them a lot because they're infected and its not REALLY them posting it.

Basically, be very careful on Facebook and don't use applications and whatnot.

Link to post
Share on other sites

thanks all

So the fact that I use my computer as a limited user account where I can't even update malwarebytes with out running as admin, or I can't even delete programs without using the admin passcode ( so what I'm saying is as the limited user i can't make any changes without the admin pass code)

So that fact, would that alos keep changes from happening to the host files?

Link to post
Share on other sites

@CCMUAS2009 no a limited account would not stop something writing itself to the hosts, a limited account will protect you by asking for permission before installing a download like MBAM but a drive by DL through flash or a pdf exploit is something that does not need permission to DL, it just does it.

Link to post
Share on other sites

thanks again

So then that is where things like intrusion prevention (by my Norton) and the spyware scans like with malwarebytes come into play to either stop ( intrusion prevention) or detect (malwarebytes, spybot, windows defender)

So again if those scans are all rather clean, then chances are pretty good ( nothing is 100%) that all is ok

Link to post
Share on other sites

Yes, chances are you're fine, but like I and others have said before, if you are unsure, get checked and no scanner is 100%.

Also, if you can afford it, it would be well-worth your money to purchase Malwarebytes - that way you'd have the realtime protection as well as the scanner, and its just $24.95 for a LIFETIME license for a single, home computer.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.