DNS or HOSTS file problem?

[Paul.]

I have a 2 month old PC (3.GHz, 512 MB RAM, XP PRO) connected to the net via
a 1Mbps ADSL connection and using a Netgear 834 Router. I use standard IE
version 6 to browse.

I have a problem where when I type in a page I want to visit, I get a pause
of about 2 seconds before the page starts to download (little windows flag
in top right corner is still until page starts). At first I thought it may
have been my ISP's DNS but others using the same ISP are not seeing this
problem.

Someone suggested looking at my HOSTS file (no extension). I know nothing
about this file but have it in the following folders:

C:\I386
C:\windows\system32\drivers\etc
and 'second stage', whatever that is.

The first two in this list have the following:

______________________________________________________________
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost.
______________________________________________________________

However, the 'second stage' one has a very long list of what seems to be
ad/spam sites
all with the address 127.0.0.1

Can anyone tell me more about this file and could this be my problem. If
not, any idea's would be appreciated.

Paul.

 

[David H. Lipman]

There is NOTHING wrong with the etc/hosts file.

Dave



| I have a 2 month old PC (3.GHz, 512 MB RAM, XP PRO) connected to the net via
| a 1Mbps ADSL connection and using a Netgear 834 Router. I use standard IE
| version 6 to browse.
|
| I have a problem where when I type in a page I want to visit, I get a pause
| of about 2 seconds before the page starts to download (little windows flag
| in top right corner is still until page starts). At first I thought it may
| have been my ISP's DNS but others using the same ISP are not seeing this
| problem.
|
| Someone suggested looking at my HOSTS file (no extension). I know nothing
| about this file but have it in the following folders:
|
| C:\I386
| C:\windows\system32\drivers\etc
| and 'second stage', whatever that is.
|
| The first two in this list have the following:
|
| ______________________________________________________________
| # Copyright (c) 1993-1999 Microsoft Corp.
| #
| # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
| #
| # This file contains the mappings of IP addresses to host names. Each
| # entry should be kept on an individual line. The IP address should
| # be placed in the first column followed by the corresponding host name.
| # The IP address and the host name should be separated by at least one
| # space.
| #
| # Additionally, comments (such as these) may be inserted on individual
| # lines or following the machine name denoted by a '#' symbol.
| #
| # For example:
| #
| # 102.54.94.97 rhino.acme.com # source server
| # 38.25.63.10 x.acme.com # x client host
|
| 127.0.0.1 localhost.
| ______________________________________________________________
|
| However, the 'second stage' one has a very long list of what seems to be
| ad/spam sites
| all with the address 127.0.0.1
|
| Can anyone tell me more about this file and could this be my problem. If
| not, any idea's would be appreciated.
|
| Paul.
|
|
|
|
|

 

[Sharon F]

Someone suggested looking at my HOSTS file (no extension). I know nothing
about this file but have it in the following folders:

C:\I386
C:\windows\system32\drivers\etc

C:\i386 is a copy of the WinXP installation file.

The copy of HOSTS is the ..\system32\drivers\etc folder is the default
HOSTS file. When first installed the only entries are those you have
posted here.

However, the 'second stage' one has a very long list of what seems to be
ad/spam sites
all with the address 127.0.0.1

Placed on the system by Kazaa Lite. Redirects calls to ad sites made
by Kazaa back to your system. If no longer using Kazaa or Kazaa Lite,
you do not need this folder or this file.


Sharon F
MS MVP - Windows XP

 

[Paul.]

Sharon,

Thank you for your prompt help.

Firstly, how do I find the folder 'second stage'? I don't have Kazaa loaded
on this PC and as it is only two months old can't actually remember putting
it on either. I must have had too much JD one night

Is there anything else that Kazaa could have left behind.

Thanks again.

Paul.

 

[Sharon F]

Sharon,

Thank you for your prompt help.

Firstly, how do I find the folder 'second stage'? I don't have Kazaa loaded
on this PC and as it is only two months old can't actually remember putting
it on either. I must have had too much JD one night

Is there anything else that Kazaa could have left behind.

Thanks again.

Paul.

To find the folder, you may need to set Folder Options> View to show
hidden files and folders. Also make the change to show system
protected files. Then use search to find "second" or "second stage."

I have never used Kazaa or Kazaa Lite so can't answer the rest of your
questions. I came across the info on the second stage hosts file via a
Google search. You may find more information at their support sites.


Sharon F
MS MVP - Windows XP

 

[Alex Nichol]

However, the 'second stage' one has a very long list of what seems to be
ad/spam sites
all with the address 127.0.0.1

Can anyone tell me more about this file and could this be my problem. If
not, any idea's would be appreciated.

That is a file that can be used to define the numeric IP address to use
rather than whatever the DNS server has for a given domain. Local host
is your own machine, with 127.0.0.1 as the standard setting for it.

The others are almost certainly spyware nasties - probably from
'CoolWebSearch'. Go to Jim Eshelman's page on parasites -
http://www.aumha.org/a/parasite.htm
and about half way down, get CW Shredder from his alternate link (the
primary one seems to be under attack just now and inaccessible, a reason
for this and other alternates)