Spyware Doctor and HOSTS file

[One]

Hello,

In my opinion; making use of the HOSTS file to filter out unwanted web sites, add an extra layer of protecton againt malware/spyware infection. That's why I have downloaded and installed the HOSTS file found at

http://www.mvps.org/winhelp2002/hosts.txt

The problem is that SD claims that this HOSTS file is infected by malware. Actually all entries in the file is claimed to be so.

In my opinion this is not correct. As can be seen, from the link above, all the badURL's entries points to 127.0.0.1. It looks like SD just find a bad URL, without checking to see what it points to.

Shouldn't every entry - which starts with 127.0.0.1 - be regarded as "good" entries, by SD?

Lavasoft's Anti-Adware, Spybot Search & Destroy, Microsoft Anti Adware, XoftspySE and Avast Anti Virus does not trigger this HOSTS file as being infected. And it should not either.

PcTools support also claimed that the HOSTS file was infected, so I guess there won't be any change in future version of SD, in this regard.
--

[tom.tdw]

siteguard does do the same thing (whilst using more resources)

that list is definetly not malicious

if you add the hosts file to the global actions list that should solve it
also there will be little/no risk as every time you update the custem hostsfile any malware will be flushed out

Quote:

Originally Posted by One

Hello,

In my opinion; making use of the HOSTS file to filter out unwanted web sites, add an extra layer of protecton againt malware/spyware infection. That's why I have downloaded and installed the HOSTS file found at

http://www.mvps.org/winhelp2002/hosts.txt

The problem is that SD claims that this HOSTS file is infected by malware. Actually all entries in the file is claimed to be so.

In my opinion this is not correct. As can be seen, from the link above, all the badURL's entries points to 127.0.0.1. It looks like SD just find a bad URL, without checking to see what it points to.

Shouldn't every entry - which starts with 127.0.0.1 - be regarded as "good" entries, by SD?

Lavasoft's Anti-Adware, Spybot Search & Destroy, Microsoft Anti Adware, XoftspySE and Avast Anti Virus does not trigger this HOSTS file as being infected. And it should not either.

PcTools support also claimed that the HOSTS file was infected, so I guess there won't be any change in future version of SD, in this regard.
--

[mjq424]

Hi

Quote:

Originally Posted by One

Shouldn't every entry - which starts with 127.0.0.1 - be regarded as "good" entries, by SD?

Im afraid this is incorrect. If for instance a trojan created the following HOSTS entry:

• 127.0.0.1 www.symantec.com

That would be considered malicious as it is blocking access to a good website. I certainly hope they sort out this problem, although I use the HOSTS list from spybot and never had an issue with SD detecting it.
Hope that helps.

[One]

Yes, I agree on that one, but I would guess - not the best solution, though - it's better to block a good site rather than to remove entries that blocks bad sites. Well, SD blocks these sites anyway, may be PcTools says.

May be a construct like this could work:

127.0.0.1 goodURL 'consider it as a bad entry
127.0.0.1 badURL ' consider it as a good entry

Just an idea!
--

[One]

Quote:

Originally Posted by tom.tdw

siteguard does do the same thing (whilst using more resources)

that list is definetly not malicious

if you add the hosts file to the global actions list that should solve it
also there will be little/no risk as every time you update the custem hostsfile any malware will be flushed out

I'm not sure I did catch up on the latter one. If the HOSTS file is placed in the Global Action List, and the file later on should be infected by a malware for real, wouldn't that entry then be consider as an ignored infection and thereby slip the users attention?
--

[tom.tdw]

Quote:

Originally Posted by One

I'm not sure I did catch up on the latter one. If the HOSTS file is placed in the Global Action List, and the file later on should be infected by a malware for real, wouldn't that entry then be consider as an ignored infection and thereby slip the users attention?
--

yes but every time you update the hosts list all old entrys will be removed,

type this into a commandprompt window and the hostsfile will be cleared on startup (the batchfile installer for the hostsfile must be on your desktop for this to work)

Code:

schtasks /create /sc onstart /ru system /tn updatehosts /tr "%userprofile%\desktop\mvps.bat /rl highest

this shoud replace the need to scan the hostsfile

[mjq424]

Hi
Yes this is true, please dont add the HOSTS file to the ignore list. Have you submitted a ticket to PC Tools Support for this? They may be able to help you and others from getting this problem.

PC Tools email: support@pctools.com
PC Tools online form: www.pctools.com/contact/support/

[tom.tdw]

yes it is true generally but every time you update the mvps it resets the hosts file (thus removing any malicious entrys), so for now just type the line i have provided below into a command prompt window and it should take care of any malicious entrys

once this has been resolved just type "schtasks /delete /tn updatehosts"

alternativly rightclick the entrys in the scan resaults and add the indavidual lines to the global action list

Quote:

Originally Posted by mjq424

Hi
Yes this is true, please dont add the HOSTS file to the ignore list. Have you submitted a ticket to PC Tools Support for this? They may be able to help you and others from getting this problem.

PC Tools email: support@pctools.com
PC Tools online form: www.pctools.com/contact/support/