Host File Entries

  • Thread starter Thread starter anabella
  • Start date Start date
A

anabella

When I go to System explorers and then click on host file
where it previously only listed one local host file I now
have over 200 and although too many to name one of the is
coolwebsearch and many more are spyware I've been warned
about. I can't delete I don't know where they are coming
from and ms antispyware says I am spyware free!!! What is
happening!!!? Please help someone!!!
 
Hi anabella.

You can be hijacked with one of the worst !
This can also be a serios threat to your privacy,
bank accounts, passwords etc , so disconnect after reading this.

But this can also be a installed blocklist but I believe
you MUST call support for this serious issue.

Free support for US and Canada,
http://www.microsoft.com/security/default.mspx

"Need security help now ?" left side !
follow this URL also for other countries support.

Maybe your ISP can help you also.
 
To help you more if you are in US or Canada
the number is:

No-Charge Support
1-866-PCSAFETY
or
1-866-727-2338
This phone number is for virus and other security-related support. It
is available 24 hours a day for the U.S. and Canada.

Background about this threat:

http://www.netrn.net/spywareblog/

--
plun





plun explained on 2005-08-11 :
 
Can you list a couple of sample entries?

Are they all of the form 127.0.0.1 coolwebsearch????
What other antispyware programs have you recently installed or used?
 
Hi there and thanks for taking the time to answer my plea
for help!
Here is a list of some of the entries:
coolwebsearch.com
partialmatch.com
crackspider.com
devilsfuck.com (sorry about language)
aboutblank.com
and the really bizarre ones were listed as;
%%%%%%%%62%%%%%%%67%%%%%%%61%%%%%%%69%%
%%%63%%%%%%%%%%%%%%%%%%%%%%%%%70%%%%%%%
There were over five entries like that all apparantly
host files, and yes they all had the same address as
127.0.0.1
As this address seamed familiar to me I checked on my
Zone alarm firewall software and sure enough it was there
as a "Valid Loopback address" so I thought that meant it
was supposed to be there (bit of a self taughtpc user
here so please excuse my ignorance) the next step I
decided to take was to uninstall MS-anti-spyware
altogether as I have Zone Alarm, Webroot Spy Sweeper and
Symantec anti-virus all running on my pc. None of which
had detected any spyware or Browser hijackers or
malicious software of any kind!!!! Since doing this I can
find no evidence of host file entries but I'm still very
suspicious as I heard coolwebsearch would stay on your pc
until you had to do a clean re-install. Any more help
would be greatly appreciated. Thanks Anabella
 
Everything that you've posted leads me to believe that what you are seeing
is the product of another antispyware program (not Microsoft Antispyware)
"innoculating" your system against access to the sites and domains listed in
that hosts file.

One product which does this routinely is Spybot Search & Destroy.

Here's the reasoning: The hosts file is used first in the process of name
resolution--i.e. when you type in www.microsoft.com, your browser must
resolve that name to an actual IP address before it can actually connect.
It checks the hosts file before it goes out to your ISP's DNS (domain name
servers) to find the address. If you are trying to go to, say,
crackspider.com, the hosts file will refer the connection back to your own
machine. Since you are not running a webserver, you'll get an error message
of some sort, rather than the actual site.

This mechanism cuts both ways--viruses also use the hosts file to attempt to
prevent infected machines from reaching the antivirus vendors sites--for
definition updates or other code that might help remove the infections.

So--my preference is to keep the hosts file nearly empty, so that it is easy
to see what is happening.

The hosts file is located in \windows\system32\drivers\etc

It's name is simply hosts, with no extension.

It can be edited in Notepad, and you can safely remove every entry in it
except the very first one--127.0.0.1 localhost.

(lines before that entry are comment lines to show the syntax of entries in
the file.)

So--what's the bottom line? Everything that I can see about your system
leads me to believe that you don't have a problem. Your hosts file has
entries in it which appear to have been put there for benign purposes--by
another antispyware program. You've got good protection in place, and all
of those programs give your machine a clean bill of health.

I believe them.

Keep up the good work--I think you are doing fine!

--
 
Back
Top