(OT) Ad-aware deleted entries in HOSTS!

[horst engl]

I run Ad-aware as I often do with the difference that this time I
activated "scan my hosts file".
Well: it deleted 72 entries!
Now I can visit web sites like 0190-dialers.com and
connect.online-dialer.com!
It seems to me that this operation REDUCED my security!
Can somebody tell me what is this good for?
Horst

P.S.: hope somebody will reply me even if I am using the $ version of
Ad-aware)

 

[jo]

I run Ad-aware as I often do with the difference that this time I
activated "scan my hosts file".
Well: it deleted 72 entries!
Now I can visit web sites like 0190-dialers.com and
connect.online-dialer.com!
It seems to me that this operation REDUCED my security!
Can somebody tell me what is this good for?

It is good for teaching you to check for false positives in all apps of
this kind.
Adaware went through a long phase of declaring Turbo Navigator to be
malware simply because it included the string 'gator'...

 

[dadiOH]

I run Ad-aware as I often do with the difference that this time I
activated "scan my hosts file".

Wrong thing to do. The host file contains addresses of bad & naughty
places. AdAware is meant to get rid of bad and naughty things. IOW, don't
scan the host file.

Well: it deleted 72 entries!

Only after you told it to.

--
dadiOH
_____________________________

dadiOH's dandies v3.0...
....a help file of info about MP3s, recording from
LP/cassette and tips & tricks on this and that.
Get it at http://mysite.verizon.net/xico
____________________________

 

[Suzanne]

Wrong thing to do. The host file contains addresses of bad & naughty
places. AdAware is meant to get rid of bad and naughty things. IOW, don't
scan the host file.

Scanning the hosts file is not an inherently bad thing and may be
helpful. Some variants of the Cool Web Search toolbar add entries to
the hosts file that prevent the infected computer from reaching sites
where the user could download spyware removal tools or instructions.

For most objects that it finds, AdAware gives the option to remove
each one individually. If that didn't happen in this case, it should
be reported to the authors as a bug. If it did happen, then the user
should have unchecked those objects and marked them to be ignored on
future scans. I'm sure the folks at AdAware would appreciate a
message to inform them of this problem as they are always updating the
scan definitions to avoid false positives.

Suzanne

 

[horst engl]

Scanning the hosts file is not an inherently bad thing and may be
helpful. Some variants of the Cool Web Search toolbar add entries to
the hosts file that prevent the infected computer from reaching sites
where the user could download spyware removal tools or instructions.

For most objects that it finds, AdAware gives the option to remove
each one individually. If that didn't happen in this case, it should
be reported to the authors as a bug. If it did happen, then the user
should have unchecked those objects and marked them to be ignored on
future scans. I'm sure the folks at AdAware would appreciate a
message to inform them of this problem as they are always updating the
scan definitions to avoid false positives.

Suzanne

Surely you are right, but how should I know what to remove and what not?
If Ad-aware tells me to delete some item, I'll do it, for Ad-aware is an
honourable prog.
As in this case it tells me that a certain site is NOT dangerous
(Ad-aware's job is usually the opposite) it would be better if it would
also tell me why (eg False positive)
Horst

 

[jo]

If Ad-aware tells me to delete some item, I'll do it, for Ad-aware is an
honourable prog.

Then if you had been using Turbo Navigator (a perfectly reliable, clean,
file manager) a few years ago, you would have uninstalled it because it
scored a hit with Adaware?

 

[Suzanne]

Surely you are right, but how should I know what to remove and what not?
If Ad-aware tells me to delete some item, I'll do it, for Ad-aware is an
honourable prog.

Research. You seem to understand the problem now. How did you figure
out that AdAware had done a bad thing?

When you are faced with a problem you cannot solve, you have 3
choices:
1. Hire a professional to do it for you.
2. Research and learn how to do it yourself.
3. Plow ahead with your current knowledge and hope it turns out OK.

Suzanne

 

[Susan Bugher]

horst engl wrote:




Then if you had been using Turbo Navigator (a perfectly reliable, clean,
file manager) a few years ago, you would have uninstalled it because it
scored a hit with Adaware?

Honourable and occasionally misguided.

Susan

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

I run Ad-aware as I often do with the difference that this time I
activated "scan my hosts file".
Well: it deleted 72 entries!
Now I can visit web sites like 0190-dialers.com and
connect.online-dialer.com!
It seems to me that this operation REDUCED my security!
Can somebody tell me what is this good for?

hosts can be used by malware to point good domain names to bad IPs;
this makes it worthwhile for AA to scan hosts. Perhaps in future
versions, the LavaSoft folks should ignore entries that point to
local IPs (to which I assume your dialer domains were pointed).

Others have recommended examining the results of a scan before allowing
automagic cleaning, and I agree with them. Once you do decide to let
an app clean things, best to back them up first, so you can restore if
the app makes mistakes you haven't caught.

 

[horst engl]

Research. You seem to understand the problem now. How did you figure
out that AdAware had done a bad thing?

When you are faced with a problem you cannot solve, you have 3
choices:
1. Hire a professional to do it for you.

On Friday night I could'nt find any (and I don't have the money either
to pay him)

2. Research and learn how to do it yourself.

That's what I did asking this NG

3. Plow ahead with your current knowledge and hope it turns out OK.

I did that too backing my original file up.

Suzanne

Horst

 

[Mister Charlie]

1. Hire a professional to do it [to] you.
2. Research and learn how to do it yourself.
3. Plow ahead with your current knowledge and hope it turns out OK.

The story of my entire love life.

#3 actually involved marriage.

 

[Susan Bugher]

1. Hire a professional to do it [to] you.
2. Research and learn how to do it yourself.
3. Plow ahead with your current knowledge and hope it turns out OK.

The story of my entire love life.

#3 actually involved marriage.

LOL

Susan

 

[Richard Steven Hack]

Surely you are right, but how should I know what to remove and what not?

Most of the time Ad-Aware will specify what kind of spyware the object
is (tracking cookie, VX2 object, etc.) Only in a few cases will it
not be clear.

Put each of the list of things Ad-Aware finds into the Google search
engine with the word "spyware" added and odds are you'll find it
referenced as such or not on one of the anti-spyware sites.

The main problem with this approach is a lot of people post their list
of files on anti-spyware and tech support sites to ask people which
items are spyware. This results in a lot of good programs showing up
in a Google search with the word "spyware", so you have to thoroughly
check the results until you find a site that specifically states the
search word is indeed spyware. Another way is to go to an anti-spyware
site that maintains a search engine of spyware and enter the program
name there.

What is unfortunate about Ad-Aware is that even with the latest
definition file, it will NOT find everything on your machine in many
cases. There will usually be a few items left that you will have to
find and clean out manually - or run another anti-spyware utility like
Spybot.

You need to examine your Task Manager list of running processes, spot
suspicious items, run a Google search on them, then if they turn up as
spyware, you have to boot into safe mode (so they can't reload
themselves by a Registry entry or protect a Registry entry), and then
delete the files and the Registry keys (careful about the latter, you
can hose your OS if you delete the wrong thing) involved.

I've spent hours getting rid of spyware on client machines - just
spent about six hours on this yesterday for a client just to get the
machine usable enough to install a new hard drive. They had at least a
half dozen running processes, a couple hundred files, six folders,
over 150 Registry keys - it was a nightmare.

 

[News Reader]

Honourable and occasionally misguided.

Susan

Is there any way to set up a default editing program for the Hosts
file? I've tried the standard 'Always use this program...' in the
Open With box, but it doesn't hold. I'm guessing it's because there
is no file extension. Any suggestions?

 

[omega]

(e-mail address removed) (News Reader):

Is there any way to set up a default editing program for the Hosts
file? I've tried the standard 'Always use this program...' in the
Open With box, but it doesn't hold. I'm guessing it's because there
is no file extension. Any suggestions?

I use the Run box.

notepad c:\windows\hosts

(Obviously substitute the name of your windows directory.)

As to presetting an association, best you can do is set one up for all
files en groupe who have no extension.

-------------------------------
REGEDIT4

[HKEY_CLASSES_ROOT\.]
@="txtfile"
;
------------------------------

The above assumes you have that default filetype key "txtfile." In that
txtfile key will be the command for notepad or for another text editor.

If you wanted some separate editor specially handling files with no
extension, then you'd need to invent a new filetype key. And rename the
value in the [HKCR\.] key to correspond with that new filetype key. Put
the Open command in your new key pointing to the editor you chose for
this special role.

But all this is more than you wanted to get into, I'm sure. Simply
launching the Run command works, right? And of course that command
you could sub whatever editor if you prefer, over your notepad.

Then there is another direction to take altogether. It is to use
one of those programs that are dedicated specifically to handling
and editing the hosts file. (I am not in the habit of using them,
so cannot mention examples off the top of my head, would have to
poke through my archives.)

 

[jo]

Is there any way to set up a default editing program for the Hosts
file? I've tried the standard 'Always use this program...' in the
Open With box, but it doesn't hold. I'm guessing it's because there
is no file extension. Any suggestions?

Editting the Hosts file from within Edexter opens the file in notepad

http://accs-net.com/hosts/eDexter.html

Editting it from Hoststoggle opens it in Wordpad

http://accs-net.com/hosts/HostsToggle/

Also... there are loads of ways of adding 'open with notepad' to the
right click menu.

 

[Rod]

(e-mail address removed) (News Reader):

Add 'open with notepad' to the context-menu, so you can simple rightclick
the file and open it in Notepad.
Explained here: http://www.dracon.net/regedit/reg04.html
If you by chance already have Regseeker installed on your system, it offers
this opyion in the 'tweaks'-section.
I'm pretty sure there are other programs that can easily accomplish this.

 

[omega]

(e-mail address removed) (News Reader):

Is there any way to set up a default editing program for the Hosts
file? I've tried the standard 'Always use this program...' in the
Open With box, but it doesn't hold. I'm guessing it's because there
is no file extension. Any suggestions?

I'm going to indulge myself in mentioning one more registry edit.
Setting up an alternate action for files with no association. The
outline below, it leaves that "Open With" browse dialog as default
in your explorer context menu. It would add an alternative action
to choose during the right-click.

-------------------------------------------------

REGEDIT4

[HKEY_CLASSES_ROOT\Unknown\shell\Something]
@="View with YourEditor"

[HKEY_CLASSES_ROOT\Unknown\shell\Something\Command]
@="D:\\path\\path\\YourEditor.exe \"%1\""
;
---------------------------------------------

The subkey created here, "Something." Name it whatever you want.
Except best to skip a name that might already be taken, such as
open or edit. (If you use graphical mode registry editor, you
could be sure you are not overwriting any pre-existing names
in that key, but otherwise best to use something unique.)

The @="View with YourEditor" value. Put in there what you want the
entry on your explorer context-menu to read.

The path to the editor you choose, be sure to obey the syntax.
Keep all the double slashes, and all the quotes and so on.

I expect some tweak programs, or at least the reigning king of the
group, XTEQ X-Setup, they will make the above change for you in
a simpler, GUI manner. But above was the innards of the thing, just
in case of use to anyone.

 

[omega]

Editting the Hosts file from within Edexter opens the file in notepad

http://accs-net.com/hosts/eDexter.html

Editting it from Hoststoggle opens it in Wordpad

http://accs-net.com/hosts/HostsToggle/

That's a weird one. So then Wordpad actually behaves itself? I picture
it rushing in to change fonts, and trying to fast-talk me into saving as
winword doc format, ... and, especially, to be obnoxious with trying to
sneakily add an extension (didn't MS Notepad do this, at least in earlier
versions of Windows, unless you had the name surrounded in quotes?)

 

[jo]

That's a weird one. So then Wordpad actually behaves itself? I picture
it rushing in to change fonts, and trying to fast-talk me into saving as
winword doc format, ... and, especially, to be obnoxious with trying to
sneakily add an extension (didn't MS Notepad do this, at least in earlier
versions of Windows, unless you had the name surrounded in quotes?)

Just tested. Made a change to the Hosts file and saved it. Wasn't
prompted for a file extension. No extension added.
No silly fonts.
I think HostsToggle is Pricelessware.
HostsToggle is nice... it lets you turn the Hosts file on and off as
well as giving you a quick access for editing. I'd like to substitute
Edxor for Wordpad but have not bothered to look into how to do it yet.