disappearing hosts file

[news.rcn.com]

Does anyone know what causes a hosts file (which I have been keeping updated
for the last 5 years to prevent ads appearing) to disappear? An almost
completely empty hosts.sam file has replaced it in my /etc directory where
it used to be.

At the same time, one of the same size has mysteriously appeared in my
spybot directory and I cant open it without merely invoking the program. I
am of course trying to open it in notepad to see what is in it.

Does spybot change the location of the hosts file or is this some malware
which has figured out how to access it and empty it?

 

[Don Kelloway]

Does anyone know what causes a hosts file (which I have been keeping
updated for the last 5 years to prevent ads appearing) to disappear? An
almost completely empty hosts.sam file has replaced it in my /etc
directory where it used to be.

At the same time, one of the same size has mysteriously appeared in my
spybot directory and I cant open it without merely invoking the program. I
am of course trying to open it in notepad to see what is in it.

Does spybot change the location of the hosts file or is this some malware
which has figured out how to access it and empty it?

It is the design of some anti-spyware applications to rename/delete the
HOSTS file as a precautionary measure to ensure unsafe applications
(spyware, viruses, trojans, etc.) do not pollute it with erroneous entries.
I suspect whatever you are using is responsible for the missing HOSTS file.

 

[Duane Arnold]

Does anyone know what causes a hosts file (which I have been keeping
updated for the last 5 years to prevent ads appearing) to disappear? An
almost completely empty hosts.sam file has replaced it in my /etc
directory where it used to be.

At the same time, one of the same size has mysteriously appeared in my
spybot directory and I cant open it without merely invoking the program. I
am of course trying to open it in notepad to see what is in it.

Does spybot change the location of the hosts file or is this some malware
which has figured out how to access it and empty it?

Well there is malware that will target the host file if it makes it to the
machine and is executed.

If you have been running Sbybot all this time and it has never done
something like this before, then I would question what is going on as it
just doesn't happen by itself out of nowhere.

Duane



Duane

 

[David H. Lipman]

From: "Don Kelloway" <[email protected]>


| It is the design of some anti-spyware applications to rename/delete the
| HOSTS file as a precautionary measure to ensure unsafe applications
| (spyware, viruses, trojans, etc.) do not pollute it with erroneous entries.
| I suspect whatever you are using is responsible for the missing HOSTS file.

Yep this includes my utilities which will copy hosts to hosts.bak and then delete the hosts
file.

 

[news.rcn.com]

If you have been running Sbybot all this time and it has never done
something like this before, then I would question what is going on as it
just doesn't happen by itself out of nowhere.

Yes, I suspected that this was the case but that I hadnt noticed spybot
doing this before. In any event I have restarted the hosts file with
everything in it along with some new data
(http://www.mvps.org/winhelp2002/hosts.htm) and will see what has happened.
I have no reason to think that this is a hijack attempt just yet.

 

[Duane Arnold]

Yes, I suspected that this was the case but that I hadnt noticed spybot
doing this before. In any event I have restarted the hosts file with
everything in it along with some new data
(http://www.mvps.org/winhelp2002/hosts.htm) and will see what has
happened. I have no reason to think that this is a hijack attempt just
yet.

To be honest, I don't use spybot nothing against it. I was into the host
file long ago, but once I found out what to do from this NG and a couple of
others on how to protect the machine, then I didn't need the Host file
anymore. And besides if malware hits the machine and is using an IP and not
a URL, the Host file is useless. But I got nothing against the Host file and
what's being used for as some kind of security measure.

Duane

 

[Bob Davis]

Does anyone know what causes a hosts file (which I have been keeping
updated for the last 5 years to prevent ads appearing) to disappear? An
almost completely empty hosts.sam file has replaced it in my /etc
directory where it used to be.

At the same time, one of the same size has mysteriously appeared in my
spybot directory and I cant open it without merely invoking the program. I
am of course trying to open it in notepad to see what is in it.

Does spybot change the location of the hosts file or is this some malware
which has figured out how to access it and empty it?

I have a batch file that updates the HOSTS file, and one command is to make
it read-only, hidden, and system using this command:

attrib +r +h +s %SystemRoot%\system32\drivers\etc\HOSTS

 

[Duane Arnold]

I have a batch file that updates the HOSTS file, and one command is to
make it read-only, hidden, and system using this command:

attrib +r +h +s %SystemRoot%\system32\drivers\etc\HOSTS

And on the same token, malware that attacks the HOSTS file can issue the
same commands and reverse it on root based Win 9'x, ME and NT based O/S with
user running with Admin rights.

Duane