Possible Hosts File Hijack

G

Guest

For the past 3 or 4 days, everytime I turn my computer on, Windows Defender
has an alert...Possible Hosts File Hijack

And it is in:
C;\WINDOWS\system32\drivers\etc.HOSTS

I can find it, but do not know what it is and how to stop from getting this
alert. I usually quarantine it or remove it, but it is back the next time I
boot up.


Dones anyone have any suggestions on how I can get rid of this once and for
all?
 
G

Guest

http://free.prevx.com/
this program finds threats that nothing else seems to find. It puts threats
in a jail and you can reinstall them by double clicking on them after you
drag them to the holding cell.

Read all about it first and don't let it delete anything that you can't
replace if needed
 
B

Bill Sanderson MVP

In the past, this kind of alert has usually been caused by another
anti-malware program making a change to the hosts file which Windows
Defender is misinterpreting.

What other antispyware programs are you running? Did this message appear
subsequent to an update to such a program?

The hosts file is at the location you've posted, and can be opened in
notepad. The content may require some interpretation however--if you see a
large number of apparently nasty sites on lines starting with 127.0.0.1,
this is probably just fine.
 
R

Randy Knobloch

MaDonna said:
For the past 3 or 4 days, everytime I turn my computer on, Windows Defender
has an alert...Possible Hosts File Hijack

And it is in:
C;\WINDOWS\system32\drivers\etc.HOSTS

I can find it, but do not know what it is and how to stop from getting this
alert. I usually quarantine it or remove it, but it is back the next time I
boot up.


Dones anyone have any suggestions on how I can get rid of this once and for
all?
Click to expand...

Are you running a "custom" HOSTS file?
Such as > http://www.mvps.org/winhelp2002/hosts.htm
Any updates, tweaks, changes *will* make WD Flag.

If no joy, proceed as follows;
Download and run HijackThis;
(http://aumha.org/downloads/hijackthis.zip)
Read this Tutorial *before* first use;
(http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)
Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.
*Note, registration is required prior to posting a log.
- Not listed in any particular order -
(http://aumha.net/viewforum.php?f=30)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=170)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)
(http://www.malwarebytes.org/forums/index.php?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)

Post back the URL where you posted your log, *not* the entire log.

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.
 
G

Guest

YES...But not the new SS 5. I cleared common ad hosts and now I don't get
the WD warning. I am hoping it is safe to do that? Is it safe to do tht? So
far I haven't had any problems since I cleared it.
 
D

Dave M

Hi MaDonna;

Any version of SpySweeper can update a small subset of problem ad sites,
and 5.0 is no exception. The real problem is that the way SpySweeper is
structured architecturally when it comes to monitoring the hosts file. At
the most, SS can only handle about 600 hosts and then it fails. That's
ridiculously small given today's malware environment. The MVPS host file
consists of over 12,000 entries... all sites you probably want to avoid.
So the answer to your question really depends on how conservative you want
to be about those problem sites.

I personally feel the SpySweeper's list of sites is too small and prefer to
use the MVPS list, but that means that I also have to turn off the SS hosts
monitor (600 max) as well as the common ads sites shields. Instead, I use
HostsMan to manage and lock my hosts and I can only hope that Defender
catches anything else that tries to sneak in.

Understanding the hosts file is the point to start in all this. This site
will give you an overview:
http://www.mvps.org/winhelp2002/hosts.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DEFENDER BETA2 "possible hosts file hijack" & Alert levels 2
Possible Hosts File Hijack 2
Windows Defender - Hosts File 2
What does Defender action "Clean" mean? 2
Windows Defender scan results 3
Windows Defender, possible Host file hijack 5
Host file and Defender 6
MS Defender detects "Possible Hosts File Hijack" 13

Top