Outlook / hosts

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

My Defender is working great except for one glich: It keeps telling me I have
to watch out for a possible hosts hijack.
(Windows\system32\drivers\etc\hosts) It is called "hosts.ics" (type:
iCalendar file) When I googled it I found a reference to a Mac use. But when
I double click the actual file it tells me that it cannot execute the
vCalendar function which is a Mac term. Where can I find a reference to this
file in the knowledge base or some other place so I can gain control over it?
Or is it as a result of a new update?
 
Do you have an actual hosts file (without an extension)? That should open in
Notepad. See if you can open the HOSTS.ics file in Notepad, and if so whether
it looks like a normal hosts file. If so, maybe for some reason the .ics file
type extension got added to the hosts file. If not, I would delete it, as
it's not a file XP would use. Office outlook might, but it would not be in
that folder.

http://filext.com/detaillist.php?extdetail=ics&Search=Search

It certainly is not part of Windows defender, nor as a result of any recent
update.
 
Actually I have removed it with Defender many times and it keeps reappearing.
It even renamed it all in caps (HOSTS.ics) when I quarantined it. Do you
think it is a legitimate Outlook (iCalendar) file?
This is what it says when you open it with notepad:

# Copyright (c) 1993-2001 Microsoft Corp.
#
# This file has been automatically generated for use by Microsoft Internet
# Connection Sharing. It contains the mappings of IP addresses to host names
# for the home network. Please do not make changes to the HOSTS.ICS file.
# Any changes may result in a loss of connectivity between machines on the
# local network.
#
 
Aries said:
Actually I have removed it with Defender many times and it keeps reappearing.
It even renamed it all in caps (HOSTS.ics) when I quarantined it. Do you
think it is a legitimate Outlook (iCalendar) file?
This is what it says when you open it with notepad:

# Copyright (c) 1993-2001 Microsoft Corp.
#
# This file has been automatically generated for use by Microsoft Internet
# Connection Sharing. It contains the mappings of IP addresses to host names
# for the home network. Please do not make changes to the HOSTS.ICS file.
# Any changes may result in a loss of connectivity between machines on the
# local network.
#
Click to expand...

http://support.microsoft.com/?kbid=309642

Bob Vanderveen
 
Are you running Internet Connection Sharing? That file is a legitimate
piece of Internet Connection sharing. I've a next-door neighbor who is
running ICS, but they may be on 1051, rather than the latest build. I don't
think they've seen this issue--I would have heard about it I think.


--
 
Bob sent this link:

http://support.microsoft.com/?kbid=309642


which shows how to manually configure an ICS client, rather than depending
on the DHCP which is built into ICS. This ability is useful if you want to
use some "server" function--perhaps remote desktop--on the ICS client PC, so
you don't want the address to change.

However, as I mentioned, I have a neighbor with an ICS setup who isn't
seeing this behavior, so I'm still not sure what's going on here.

--
 
Let's step back a bit. In that location below, you have a hosts.ics file,
which you've posted, and which seems entirely benign to me.

Do you also have a "hosts" file--just hosts--no suffix. If so, can you say
a little more about it--maybe how big it is? If it is fairly short, you
could post it--notepad can open it.
 
When you try to open it with the default program, Outlook, it says "Cannot
start Microsoft Office Outlook. Cannot import vCalendar file."

This is what it says when you open it with notepad:

# Copyright (c) 1993-2001 Microsoft Corp.
#
# This file has been automatically generated for use by Microsoft Internet
# Connection Sharing. It contains the mappings of IP addresses to host names
# for the home network. Please do not make changes to the HOSTS.ICS file.
# Any changes may result in a loss of connectivity between machines on the
# local network.
#
 
What I'm trying to figure out is whether, in addition to that file, which
you'd already posted, you have a file called just "hosts"--no suffix--in
that same folder?

If you don't--here's a default one which you can use notepad to cut and
paste and save:
(cut starting with the first line with a # below, through the line starting
with 127.0.0.1)--save as Hosts--no suffix.



# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost


--
 
This is what is in the HOSTS file that does not have the suffix .ics :

127.0.0.1 1.httpdads.com #SpySweeperCASS
127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
127.0.0.1 a.mktw.net #SpySweeperCASS
127.0.0.1 a.tribalfusion.com #SpySweeperCASS
127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS
127.0.0.1 a3.suntimes.com #SpySweeperCASS
127.0.0.1 actionsplash.com #SpySweeperCASS
127.0.0.1 ad.abcnews.com #SpySweeperCASS
127.0.0.1 ad.adsmart.net #SpySweeperCASS
127.0.0.1 ad.adtraq.com #SpySweeperCASS
127.0.0.1 ad.atlas.cz #SpySweeperCASS
127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.blm.net #SpySweeperCASS
127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.dogpile.com #SpySweeperCASS
127.0.0.1 ad.doubleclick.com #SpySweeperCASS
127.0.0.1 ad.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.harmony-central.com #SpySweeperCASS
127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS

That being said, I will say again, when I remove the hosts.ics file with
Defender, another one keeps being added the next time around. Then when I
quarantine it, it appears as HOSTS.ICS. (all caps). I really don't see how
changing my file in the notepad format is going to change the other
information in the file, or that it will keep whatever program is producing
it from producing it again. When I googled vCalendar I came up with a Mac
function for Outlook Calendar. How did that get on there, if in fact that is
what it is actually trying to do? Or is it just masquerading as a Calendar
file? How can I look at the file, or how can you look at the file without
Notepad to figure out what it really is?
 
Aries - I don't believe there is anything wrong with the hosts.ics file. As
I mentioned earlier, this file is created when you run Internet Connection
Sharing on your machine--I asked earlier whether you are running this--it is
a feature you would run so that your computer can share the Internet
connection with other machines connected to a network.

I'm not sure what is going on here--but I don't see anything wrong with
either file you've posted--I'll go back and re-read what you are seeing, and
maybe we can figure out what's causing the alarms--I tend to suspect that
it's a false positive on the real hosts file that you've posted here, but
I'm not sure. I've got a hosts.ics, even though I'm not running ICS at the
moment, although I have in the past--and my neighbor does too--haven't seen
any alarms over it.

--
 
This computer stands alone. It is not connected with any other computers
here at home. That is the point. I think it must have been part of some
update. But how can I delete it and keep it from coming back unless I want it
to? (since I don't really know for sure)
 
You don't need to do this, but if you want to get rid of Host.ICS, you can
remove the Internet Connection Sharing feature.
A safe way to do this is to go to Start, control panel, network and Internet
connections, and run the Network Setup Wizard. If you make the appropriate
choices for your situation there, Internet Connection Sharing won't be
installed, and Hosts.ics will go away.
--
 
Back
Top