Message from Defender every time I reboot

[Guest]

Hello,
Every time I reboot or start up my PC, Windows Defender gives me the same
message, although I have always "allowed" the change.

Since it happens every time, I am now wondering is possibly this is a
dangerous file change continue to allow, but I really don't even know what it
is actually talking about, which is why I always allow it.

The message is as follows:
Added:
127.0.0.1 www.proxy.cs.com

file (Changed):
@S-1-5-21-3034005094-4265252152-3000229835-1003\C:\WINDOWS\system32\drivers\etc\hosts

And it asks for me to allow or deny.

Now, I will note that rather frequently my computer has been shutting down
and restarting with no warning, and I have no idea why it has happened. And
then yesterday, while trying to run a particular program (The Ultimate
Troubleshooter) I actually saw the "blue screen" with a stop error message
for the first time. From all I have read, trying to discover what is causing
this problem, I have been led to understand it is a driver problem, but what
driver I have no clue. But since this message from Defender does mention
something about drivers, could it possibly be that is what is causing the
problem, and that is why Windows Defender always asks for my permission to
allow this change?????

I sure hope someone knows something about this because I am totally confused.

 

[Guest]

Hi Sandielynne

The reason WD is flagging this entry to your registry settings is that there
is a URL which is attempting to add itself to your hostes file. This file
contains a list of sites which monitors your browsing experience and is
viewable, among other things, in your `Restricted Sites` list in IE. There
are free utilities which will regularly update your Hostes File through the
tireless efforts of the MVPs at mvps.org. Two such `freebie` applications I
paricularly recommend, are Spyware Blaster and IE-SpyAd. The fact that your
entry contains the IP address 127.0.0.1 is a good sign. Google - something
like; `There is no place like 127.0.0.1` to read more (don`t have the URL to
hand). Have you selected the option to be an `Advanced Member of Spynet`in
WD? My recommendation is : If in doubt - `Never Allow` until you have time to
investigate.

Stu

 

[Jeff]

Hi;
If this is a "change" that you know of and approve of; then you can
follow these steps; I wrote this for another person; but it applies:Copy the
path it shows for your file you want to allow: Then under
tools>Settings>options;scroll to the bottom; -Advanced Options-Do not scan
these files or locations: ADD; A window will pop up. Just drill down to the
exact path and hit ok. That will stop it. You might want to check your
Defender version as this option wasn't in the UI a while back; but it is in
v 1.1.1347.0. The path should now be in the box . Hope this helps,

Jeff

 

[Guest]

Thank you both for all your help.
I now feel safe in allowing this change to continue.