POSSIBLE HIJACK HOST

[Guest]

Every time I boot up I get this and have removed it twice and quaranteened it
twice. What is it and what should I do with it? The item is

C:\WINDOWS\system32\drivers\etc\HOSTS

Hopefully someone can tell me what to do with this as it happens every time
I start up. Thanks in advance./

 

[Guest]

If you just go to Google and type in the following without quotation -
" Internet Connection Sharing and Network Bridge "
You should get the proper answer for your question.
Personally I would not worry about it if I am in a network.


:
..

 

[Guest]

Sorry, I forgot to inform you that you can open the 'HOSTS"
file by double clicking it, and use the Text vierer to see the content
of that file. The HOSTS file is a Microsoft product to keep track
of your local network.

 

[Guest]

I am not on a network. It is just my computer and no one else uses it.

Does that give any more info for you?

 

[Guest]

It does not matter. If you updated to SP2,
you will surely get all of the Microsoft networking
stuff automatically loaded on to your PC whether
you use it or not.

 

[Guest]

Make sure you use either Microsoft Firewall,
which only blocks entry to your PC, or use
free Zone Alarm, whick blocks both in and out
from your PC. At least with a firewall on, you
can tell what is entering or exiting from your
PC, and you have a choice to block or let it go.
Good luck.

 

[Linuxgirl]

It does not matter. If you updated to SP2,
you will surely get all of the Microsoft networking
stuff automatically loaded on to your PC whether
you use it or not.

All you get automatically is the critical "stuff". All optional and/or
hardware downloads you must do manually.

 

[Guest]

I have McAfee firewall as I get it free with Comcast. So far it has worked
very well. I only install the critical Windows updates. Like I said I have
removed it twice and quarantined it twice and so far no problem. Of course,
something could still show up as a problem. I still don't know what to do
with the darn thing.

 

[Guest]

READ THIS: http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted
Parasites with a Hosts File

 

[Guest]

READ THIS: http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted
Parasites with a Hosts File

 

[Guest]

The message indicates that your "hosts" file has been modified. If you don't
know what the file's purpose is and haven't modified it... Then the most
likely culprit is a trojan or some spyware.

View the file with notepad. The defalut contents are the following:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

This file is the "pre-cursor" or "ancestor" of the DNS server, it is still
used on private networks to record the IP adress' of devices or machines
which are static.

Typically in a "stand-alone" scenario the file is not modifed by the
owner/user unles it is for site-blocking purposes. If you didn't modiy it,
put it back to it's original state if it's different from the default.

 

[Guest]

I checked out the HOST files (in my computer) and was going to ptint them
out, till I saw it would be 12 pagaes! Also checked out the web site address
and downloaded the host files. I am afriad i don't quite understand what I am
to do with it now. Do I remove all in my HOST file and unzip the new to
replace the one I deleted? I read the whole article but am more confused now
than ever. Would it be like starting out with an brand new "clean" HOST file?

I won't do anything more until I hear from some "experts".

Thanks all.....

 

[plun]

Hi MaDonna

Im no expert but experts recommends this tool

Download and reset your hostfile to Microsoft original.

http://www.funkytoad.com/hoster.htm

Done !

 

[Guest]

Don't do anything yet. Have you ever added anything to your hosts file
yourself before? If you have not, there should only be 1 entry there, for
local host. If there are more, it could be the result of host hijacker or
malware. Two genuine and useful programs that add sites to the hosts file are
Spybot S&D and Webroot Spysweeper. If you have either of them, that may be
the reason there are host file entries. What security programs do you have
other than Windows Defender? Does anyone else has administrative account on
your PC and could have added something?
What sort of entries are showing in your hosts file?

 

[Guest]

No, I had never been in the HOST file before and I am the only one that
touches my computer.
And there are 12 pagaes of printed! I have both Spybot S&D and Spysweeper,
Is there anyway I can send a file of the Notepad with everything on it or
what?

 

[Linuxgirl]

If you added all the entries with spybot you can also clear them with Spybot
tools.

 

[Guest]

No, I had never been in the HOST file before and I am the only one that
touches my computer.
And there are 12 pagaes of printed! I have both Spybot S&D and Spysweeper,
Is there anyway I can send a file of the Notepad with everything on it or
what?

Hey, I just checked it out again and ALL of the items have #SpySweepercass
at the end of each line.

 

[Guest]

Spysweeper's Common Ads Sites shield adds many sites to your hosts file. The
purpose is to block ads from those sites from appearing on your computer.
They are harmless. Are you using Spybot S&D in Advanced Mode? If you are,
Spybot has a tool that adds dangerous sites to your host file so that you
cannot navigate to those sites and get infected by malware. These are safe to
have in the file. I would not add any others until you study more on the
subject.

The entries from Spybot should look something like this, but many more of
them:
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net


The entries from Spysweeper should look something like this, but many more:
27.0.0.1 ads.astalavista.us #SpySweeperCASS
127.0.0.1 ads.belointeractive.com #SpySweeperCASS
127.0.0.1 ads.bfast.com #SpySweeperCASS
127.0.0.1 ads.bianca.com #SpySweeperCASS
127.0.0.1 ads.bigcitytools.com #SpySweeperCASS
127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS
127.0.0.1 ads.bloomberg.com #SpySweeperCASS
127.0.0.1 ads.cashsurfers.com #SpySweeperCASS

I would suggest downloading Hoster from Funky Toad and using it to get a
better grasp on what's in there.
OR go to Spysweeper Hosts File shield and check "edit hosts file." It will
show you everything in there also.

 

[Guest]

Cut and paste the section that follows in lieu of what you have:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

All lines beginning with an '#' are comments, the only address listed is the
line:
127.0.0.1 localhost

points to the machine itself (loopback) for certain services.

You can safely remove the rest of the contents of hosts file if you cannot
verify the source (not sure?) shouldn't necessarily be trusted.In other
words, " if you are unaware of the source of these additions, get dir of
them. Some supposed anti-spyware programs are spyware masquerading..."

 

[Guest]

That is good then. Uncheck edit hosts file in Spysweeper and make sure the
hosts file shield is checked so nothing can add any thing else unless you
want it to. If any malware tries to add anything Spysweeper and Windows
Defender will alert you. Malware will try to put entries in for your
anti-virus website or for msn.com so that you cannot navigate to them for
help. Right now you are safe and they are locked out.