M
M8RIX
Is it safe to delete the content of the HOSTS file?
P
plun
M8RIX said:
Yes, except one row 127.0.0.1 Localhost
Inside MSAS , Advanced tools - System Explorer - Windows
Host file
you can check this.
You can also manually check this file within
Windows/system32/drivers/etc folder.
Open it with notepad. If you want to save, choose "file"
not *.txt.
A
AndyManchesta
A hosts file (example) tells your computer what numerical
address (209.61.186.253) is associated with what URL
(www.everythingisnt.com.) . This file is a very simple
hack which takes ad server URLs and redirects them to non-
existant numerical addresses.
In other words we're fooling the internet. Its pretty
simple and it works. Tens of thousands of people use it
everyday with no problems.
But if you get a trojan or virus this will try to change
the hosts file and include names of security related
sites and microsoft etc to prevent you being able to
remove the virus
A typical host file will look like this : (This comes
from spybot and it made by using the immunize button)
Note
lease dont visit any of these sites 
127.0.0.1 coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.webbrowser.tv
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 wazzupnet.com
127.0.0.1 213.131.225.2
127.0.0.1 www.blue-elefant.com
127.0.0.1 babeweb.de
127.0.0.1 start-seite.com
127.0.0.1 sexolymp.com
127.0.0.1 toriii.cc
127.0.0.1 www.xtipp.de
127.0.0.1 urawa.cool.ne.jp
127.0.0.1 777search.com
127.0.0.1 ace-webmaster.com
127.0.0.1 aifind.info
127.0.0.1 amateurliveshow.com
127.0.0.1 anarchylolita.com
127.0.0.1 approvedlinks.com
127.0.0.1 cantfind.com
But heres a hosts file that is created if you get
infected with a virus or trojan this one comes from
getting infected with the W32.Derdero.C@mm worm
It Blocks access to several Web sites by appending the
following to the hosts file:
127.0.0.1 www.norton.com
127.0.0.1 norton.com
127.0.0.1 yahoo.com
127.0.0.1 www.yahoo.com
127.0.0.1 microsoft.com
127.0.0.1 www.microsoft.com
127.0.0.1 windowsupdate.com
127.0.0.1 www.windowsupdate.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 www.nai.com
127.0.0.1 nai.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 www.google.com
127.0.0.1 google.com
127.0.0.1 rohitab.com
127.0.0.1 www.rohitab.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 google.ca
127.0.0.1 www.google.ca
So unless you have the above official sites listed in
which case you would also have some sort of infection i
would leave the hosts file in place as it just serves to
block ads popping up and redirections to malicious sites
Regards
Andy
address (209.61.186.253) is associated with what URL
(www.everythingisnt.com.) . This file is a very simple
hack which takes ad server URLs and redirects them to non-
existant numerical addresses.
In other words we're fooling the internet. Its pretty
simple and it works. Tens of thousands of people use it
everyday with no problems.
But if you get a trojan or virus this will try to change
the hosts file and include names of security related
sites and microsoft etc to prevent you being able to
remove the virus
A typical host file will look like this : (This comes
from spybot and it made by using the immunize button)
Note
lease dont visit any of these sites 127.0.0.1 coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.webbrowser.tv
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 wazzupnet.com
127.0.0.1 213.131.225.2
127.0.0.1 www.blue-elefant.com
127.0.0.1 babeweb.de
127.0.0.1 start-seite.com
127.0.0.1 sexolymp.com
127.0.0.1 toriii.cc
127.0.0.1 www.xtipp.de
127.0.0.1 urawa.cool.ne.jp
127.0.0.1 777search.com
127.0.0.1 ace-webmaster.com
127.0.0.1 aifind.info
127.0.0.1 amateurliveshow.com
127.0.0.1 anarchylolita.com
127.0.0.1 approvedlinks.com
127.0.0.1 cantfind.com
But heres a hosts file that is created if you get
infected with a virus or trojan this one comes from
getting infected with the W32.Derdero.C@mm worm
It Blocks access to several Web sites by appending the
following to the hosts file:
127.0.0.1 www.norton.com
127.0.0.1 norton.com
127.0.0.1 yahoo.com
127.0.0.1 www.yahoo.com
127.0.0.1 microsoft.com
127.0.0.1 www.microsoft.com
127.0.0.1 windowsupdate.com
127.0.0.1 www.windowsupdate.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 www.nai.com
127.0.0.1 nai.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 www.google.com
127.0.0.1 google.com
127.0.0.1 rohitab.com
127.0.0.1 www.rohitab.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 google.ca
127.0.0.1 www.google.ca
So unless you have the above official sites listed in
which case you would also have some sort of infection i
would leave the hosts file in place as it just serves to
block ads popping up and redirections to malicious sites
Regards
Andy
D
Danny Kile
M8RIX said:
Your host file should look like this, if you look at the file with notepad.
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Looking at it with MSAS Tools > Advance Tools > System Explorer > Host
File, it would just have the following entry.
localhost 127.0.0.1
Anything besides that would be some that you have added, however, it you
had added it then that would mean that you know enough about the host
file to make additions and the you would not be asking that however. So
to answer your question you can get rid the entries in the host file.
Danny
P
plun
AndyManchesta said:
I dont think thats a good idea. Let MSAS handle this.
For a normal user its impossible to handle a long hosts file
in long term. The user recognise that and that, but what is
that ?
probably Ok and so on...........
I also know that several program uses this loopback to
localhost for ad,
but I dont like such solutions.
The only thing needed is:
127.0.0.1 Localhost
A
AndyManchesta
Maybe i read the question wrong i assumed you meant the
hosts file that is created with spybot and other similar
programs.I dont have anything else listed in the Windows
host file except for examples and my local host entry.
The only full hosts file i have is spybots which is
blocking access to known blacklisted sites so would take
the other peoples advise on this if you are not referring
to the spybot hosts file
Sorry for any confusion
Andy
hosts file that is created with spybot and other similar
programs.I dont have anything else listed in the Windows
host file except for examples and my local host entry.
The only full hosts file i have is spybots which is
blocking access to known blacklisted sites so would take
the other peoples advise on this if you are not referring
to the spybot hosts file
Sorry for any confusion
Andy
P
plun
AndyManchesta said:
This confusion is good........
Does MSAS protect this hosts file with realtime protection ?
As you I have my hosts file immunized with Spybot but
this is important to know also how MSAS handle this.
Is it protected ?
P
plun
plun said:
Found it myself.
Under System agents- Windows host file is protected.
Good !
M
M8RIX
The hosts file to which I refer is (was) in the following location:
c/windows/system32/drivers/etc/hosts
Prior to my deleting the entire contents it had I would guess nearly 75-
100 lines all beginning with 127.0.0.??? The question marks varied from
2-255, but the first part was always 127.0.0.
I have had no problems at all since I deleted them. However I did put back
the local host 127.0.0.1
I think that most of the rest of the entries were somehow related to the
company I work for from a time when I logged into their computer from my
home. I did not add anything to the file myself. I would not have even known
that the entries were there had I not tried out the Hijackthis utility. If I
had saved a log of that scan I would provide it for you but I didn't.
Any Idea of how those additional entries may have got there?
Where do the hosts files reside for spybot or other similar programs?
TIA
Mark
c/windows/system32/drivers/etc/hosts
Prior to my deleting the entire contents it had I would guess nearly 75-
100 lines all beginning with 127.0.0.??? The question marks varied from
2-255, but the first part was always 127.0.0.
I have had no problems at all since I deleted them. However I did put back
the local host 127.0.0.1
I think that most of the rest of the entries were somehow related to the
company I work for from a time when I logged into their computer from my
home. I did not add anything to the file myself. I would not have even known
that the entries were there had I not tried out the Hijackthis utility. If I
had saved a log of that scan I would provide it for you but I didn't.
Any Idea of how those additional entries may have got there?
Where do the hosts files reside for spybot or other similar programs?
TIA
Mark