Host File Hijack Question

[Guest]

Windows Defender is telling me that C:\WINDOWS\system32\drivers\etc\hosts
is spyware.
IS this true? What should I do

 

[plun]

Hi

Spysweeper installed ? Other blocklist installed ?

Easiest way if you only using Windows Defender is to
reset your hostfile to "Microsoft original". The hosts
file can be hijacked from malware, it can also be a blocklist
from for example Spysweeper.

Use this tool to reset your hosts file:
http://www.funkytoad.com/hoster.htm

Reference:
http://www.mvps.org/winhelp2002/hosts.htm

 

[Guest]

Windows Defender kept alerting to my Host file everytime I rebooted. The
cause was Spysweeper. Apparently every time I reboot, Spysweeper reloads
host file entires from its "common ads sites" shield. I solved that problem
using Funky Toad's Hoster. I used Hoster to backup my host file with the
Spysweeper entries included. Then I turned off Spysweepers ad sites shield,
removing those entries from my hosts file. Then I replaced the missing
entires using the backup from Hoster and made them read only. Hoster's
entries are stable and do not have to reload with every reboot, so Windows
Defender no longer alterts to my custom hosts file. Of course, Defender
alerted at every step I took during this process, but I clicked "allow" each
time until I was through. I may need to do this every time Spsweeper had a
definition update - not sure of that. But it beats having to mess with it at
every reboot. Hoster is a very useful program. I recommend it.

 

[Guest]

Hi there, Old Rebel

I have the same issue. Your workaround looks good. But it's simply not
worth the aggravation. I'm going to turn off Defender and wait until Webroot
and Microsoft sort it and peacefully coexist without requiring users to
resort to hacks. With Spysweeoer, AdAware, and Spybot I think I'll be OK.

Thanks, John

 

[Guest]

Hi John,

You may well be OK with those 3 very dependable programs, but I am intent on
following through with my test on Windows Defender. It's potential is so much
greater that I look forward to seeing it develop. The host file edit tools
provided by Spybot, Spysweeper and Windows Defender are quite limited, and I
find the display of the host file entires in Defender to be pathetic: they
all run together with multiple entries across each line. My vision is not
what it used to be so I find that very bothersome. I wouldn't call using
Hoster a "hack" although I'm not quite sure what you mean. It is a respected
tool, just like Hijack This, and both of them provide better formats and
displays for reading, inspecting, and editing the host file. It's a
subjective choice depending mostly on how much you are willing to "tweak"
your host file.

 

[DaveD]

As has been noted, Spysweeper modifies the host file if "common ad sites shield" is enabled, and Defender complains. I see no need for an elaborate workaround. Next time Defender complains, just select the "always allow" option. Since SpySweeper itself has a comprehensive host file monitor, there's no need to duplicate this function in Defender.

Windows Defender kept alerting to my Host file everytime I rebooted. The
cause was Spysweeper. Apparently every time I reboot, Spysweeper reloads
host file entires from its "common ads sites" shield. I solved that problem
using Funky Toad's Hoster. . . .
>