Possible Host File Hijack

[Guest]

Upon first run of Windows Defender, it marked the following file as a High
Alert.

\wondows\system32\drivers\etc\hosts

This appears to be a text database file of suspicious urls. Can you verify
that this is actually something to be removed or saved as it may be part of
another program. I can uploaded or transmit the file in question upon request.

Thank you

 

[Guest]

I have the same problem. I would like to know how to handle this in Defender.
I do not understand...
1. Do mean remove with Defender?
Should I remove the file completely, or1. Do you mean remove with Defender?
2. Where are these additional urls for 127.0.01?

Assuming the URLs in hosts were not put there by user or an anti-malware

tool (e.g., SpywareBlaster, IE-SpyAds, Spybot), you restore hosts to its
default state:

1. How do I determine if urls in hosts are from SpywareBlaster?
2. Should I determine this before I run your link to:
Download Hoster from http://www.funkytoad.com/download/hoster.zip > Extract

contents of zip file to desktop & run it > Press "Restore Original Hosts" >
Press "OK" > Exit the program.

Sorry for the lack of knowledge

 

[Guest]

I have tried resolving this by both having defender keep it and remove it.
Every time defender runs it finds "WINDOWS\system32\drivers\etc\hosts".
Today i looked in the host file and it contains all of the blocked programs
used by Webroot Spysweeper. I'll now try and tell defender to "aways allow"
and see what happens. Hopefully this will not cause a security breach.

I have the same problem. I would like to know how to handle this in Defender.
I do not understand...
1. Do mean remove with Defender?
Should I remove the file completely, or1. Do you mean remove with Defender?
2. Where are these additional urls for 127.0.01?

Assuming the URLs in hosts were not put there by user or an anti-malware

tool (e.g., SpywareBlaster, IE-SpyAds, Spybot), you restore hosts to its
default state:

1. How do I determine if urls in hosts are from SpywareBlaster?
2. Should I determine this before I run your link to:
Download Hoster from http://www.funkytoad.com/download/hoster.zip > Extract

contents of zip file to desktop & run it > Press "Restore Original Hosts" >
Press "OK" > Exit the program.

Sorry for the lack of knowledge

 

[Guest]

--
Blaze Bene

I have tried resolving this by both having defender keep it and remove it.
Every time defender runs it finds "WINDOWS\system32\drivers\etc\hosts".
Today i looked in the host file and it contains all of the blocked programs
used by Webroot Spysweeper. I'll now try and tell defender to "aways allow"
and see what happens. Hopefully this will not cause a security breach.

Thank You
Since I posted, I have learned about Host files. Thanks PA Bear. It IS from
SS. And, I too, am allowing it. Recently there have been a number of
conflicts between SS and other programs (ex. SpywareBlaster (which still
exists) and Sun Java), but I wouldn't run without it. I know it is a HOG, but
I like the fact that it stops before 'spys' enter. I rarely (knock on wood)
have spyware on my machine. My question is now 'why is Defender objecting to
it'? I hope it is not political.

 

[Bill Sanderson]

I don't think it's political. This is essentially a false positive--it'll
get resolved, I suspect.

Personally, I prefer an empty hosts file. The technique of using the hosts
file is played by both sides--viruses place entries there to try to block
access to antivirus vendor sites, for example. If you had such entries in
the middle of the hundreds of "bad" sites blocked--would you spot them?

--

 

[Guest]

Assuming the URLs in hosts were not put there by user or an anti-malware
tool (e.g., SpywareBlaster, IE-SpyAds, Spybot), you restore hosts to its
default state:

Download Hoster from http://www.funkytoad.com/download/hoster.zip > Extract
contents of zip file to desktop & run it > Press "Restore Original Hosts" >
Press "OK" > Exit the program.