Windows Defender scan results

[Guest]

I've been running Windows Defender Beta 2 for 2 weeks. Everytime it scans my
computer it tells me there is a High Alert, a possible HOSTS File hijack.
It is described as spyware, a program that has potentially unwanted behavior.
The Resource file is: C\WINDOWS\system32\drivers\etc\HOSTS. I have removed
it and quarantined it, but it keeps showing up again. Is this something that
I should allow? None of the other security programs on my computer have
detected it.

I have Windows XP Home Edition and for security I have Norton Internet
Security, Webroot Spy Sweeper for MSN, Windows Defender and Registry
Mechanic. These programs run regular scans on my computer and none of them
have detected anything. I also downloaded and ran Microsofts Malicious
Software removal tool and it found nothing.

Thanks for any help you can give me. I really appreciate it.

 

[Guest]

Use Explorer, goto HOSTS file, right click it, then click Open - tell dialog
you will supply program and then select NOTEPAD. The first non commented
line should be 127.0.0.1 localhost
Subsequent lines should be 127.0.0.1 spaces web address www........
If you find a line with other than 127.0.0.1 then you should be suspicious.
127.0.0.1 could be considered a loopback address, in real world terms, it
says do nothing when the web site name is encountered. A remapping of a web
address to an IP address other than 127.0.0.1 could lead you to a malicious
site. If you feel adventurous, make a backup of HOSTS, delete any
non-commented lines that don't point to 127.0.0.1
For additional protection, right click HOSTS, click properties, and then
change the file attributes to read only. Have WD scan again to see if
message goes away.

 

[Dave M]

Hi;

The problem your having is due to running Spysweeper and WD simultaniouly.
Webroots AntiSpyware has a shield for common ad sites, which I'd guess you have
activated, consequently when Spysweeper updates the HOSTS file with advertizing
sites that it wants you to avoid, WD detects the change, and notifies you. In
general, Spysweeper and WD get along pretty well, I use both concurrently.

You have two choices:

1. Turn off SpySweeper's ad site shield.

2. Keep the shield in place and accept WD's alerts following SpySweeper updates
as normal. You might want to look here to understand how the hosts file works,
since host file changes can be something that real spyware attempts in an effort
to re-direct your web surfing to sites that you didn't intend to go to:

http://en.wikipedia.org/wiki/Hosts_file

http://www.mvps.org/winhelp2002/hosts.txt

Webroot initiated changes to the hosts file will always have the comment
"SpySweeperCASS" and an IP of 127.0.0.1

 

[Guest]

Thanks Mr Cat and Dave M You were both very helpful and I really appreciate
it.