Hosts file question

[C Tate]

I think my hosts file may have been altered by malicious means because
Winpatrol sprang up and said so.

There were a lot of entries on it which I deleted. But I want to make sure
my hosts file is back to the standard Windows default. How can I do this?

 

[Malke]

I think my hosts file may have been altered by malicious means because
Winpatrol sprang up and said so.

There were a lot of entries on it which I deleted. But I want to make sure
my hosts file is back to the standard Windows default. How can I do this?

Without knowing what Winpatrol found I can't comment on that, but the
standard XP hosts file is in %systemroot%\Windows\System32\Drivers\Etc and
you can open it in Notepad. The default one has some comments and only
127.0.0.1 localhost in it.

Malke

 

[gls858]

I think my hosts file may have been altered by malicious means because
Winpatrol sprang up and said so.

There were a lot of entries on it which I deleted. But I want to make sure
my hosts file is back to the standard Windows default. How can I do this?

Malke has already given you the default. Another possible source of entries
is Spybot Search and Destroy. It will put MANY entries into your
hosts file. I would venture to say that other anti spyware programs may do
the same. This activity is sometimes reported by other programs as suspicious.

gls858

 

[N. Miller]

C Tate wrote:

Malke has already given you the default. Another possible source of entries
is Spybot Search and Destroy. It will put MANY entries into your
hosts file. I would venture to say that other anti spyware programs may do
the same. This activity is sometimes reported by other programs as suspicious.

I have not seen that behavior in Spybot S&D. Could it be that you have to
change some setting before it does that?

 

[JoAnne]

Monday, January 15 2007, @8:35 AM (-0800 GMT)

You will find info and useful utilities here:

http://www.HostsFile.info/

 

[gls858]

I have not seen that behavior in Spybot S&D. Could it be that you have to
change some setting before it does that?

I thought when you did the immunize function it put entries in the
hosts file to stop known problems. I hadn't used the program for quite
some time so I updated it and it's quite a bit different now.
I did not get any entries in the hosts file.

gls858

 

[Wesley Vogel]

In the future, set the HOSTS file to Read-only.

Paste the following line into Start | Run and click OK...

%systemroot%\system32\drivers\etc

Right click HOSTS and click Properties.
On the General tab place a checkmark in the box next to Read-only.
Click OK.

Read-only: specifies whether this file is read-only, which means that it
cannot be changed or accidentally deleted.
-------------

There is a copy of the original HOSTS file on your XP CD.

\I386\HOSTS

This is the contents of the original HOSTS file from the XP CD...
Everything is remmed out except 127.0.0.1 localhost

------------below the line---------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host


127.0.0.1 localhost

---------------above the line----------------

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[JoAnne]

Tuesday, January 16 2007, @8:51 AM (-0800 GMT)

Setting the Hosts file to 'read only' may make you feel better, but
will not solve the problem. All viruses worth anything at all easily
un-lock the file and do what they want.

The only REAL protrection against re-direction is to check your hosts
file everyday. I have a free utility for that named HJ.exe where 'HJ'
is short for HostsJacker.

Right now it works, and does what needs doing, but it needs
improvement. Soon I'll do a re-write of it so that it will actually
'flag' WHICH 'bad guys' have been re-directed. right now it only says
that 'changes have been made to your hosts file.'

JoAnnre
Webmistress: http://www.HostsFile.info/

 

[Wesley Vogel]

I feel better and I have no viruses.

I keep my AV software up to date and perform a Complete Test (AVG) daily.

P.S. You misspelled your name. ;-)

JoAnnre
Webmistress: http://www.HostsFile.info/

Either in this message or @ http://www.HostsFile.info/ JoAnne???

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In