Privacy & Security
The Hosts file
The Host file is a bit like an address book,
When you instruct your computer to access a web page, you will use the name of the site, e.g. www.internetinspiration.co.uk. When your computer tries to access the web site for you, it uses a numeric address called an IP address.
Your browser will check your Host file for the IP address of the requested site, if it is not present, (and it usually is not), your browser will use your ISP (internet service provider) to find the IP address, and display the site.
Why should this cause concern?
Malware applications can add entries to the Hosts file for two reasons -
1) To ensure all requests for web sites are redirected through their servers to deliver their web page, advertisements or pop ups and monitor your internet activities.
2) To block access to security related web sites, this will prevent updates to your security software.
These entries can be left behind even if the malware is removed and can result in Cannot find web server errors when attempting to access certain web pages.
Where can I find the Hosts file?
The following applications will allow you to view your Hosts file if you have them installed.
Spybot S&D Click Tools > host file
Microsoft Anti-spyware Click Advanced tools > windows Hosts file
hijack This Click Config... > Misc Tools > Open hosts file manager
Adbin is a free and easy to use Host file editor.
Otherwise there are a couple of ways of getting there, a point to note - the file is called simply Hosts, there is no file extension e.g. .txt
Set Windows to show hidden files and Folders. Help
1) Click Start and then Search. In the box that appears, click All files and folders. Type Hosts into the box marked All or part of file name. and click the Search button.
2) Open Windows Explorer by right clicking on the Start button and selecting Explore. Navigate in the left panel along the following file path. (Look at the file path as a sequential list of files to reach your destination, each level being separated by the '/')
For Windows 95/98/Me
c:\windows\hosts
For Windows NT/2000/XP Pro
c:\winnt\system32\drivers\etc\hosts
For Windows XP Home
c:\windows\system32\drivers\etc\hosts
Once you have found the file, right Click on it and select Open. You will be asked to select which program to open it with, select Notepad.
A clean log file will look like this
The address 127.0.0.1 is setting the address for your computer.
Anything following that entry with an address of 127.0.0.1 will look for the requested web site in your computer which it will not find and stop looking, effectively blocking access to it.
Examples
127.0.0.1 www.microsoft.com will block access to the Microsoft website.
127.0.0.1 www.girosoft.com will block access for AVG anitvirus software.
127.0.0.1 www.google.com will block access to google
66.180.173.39 www.google.co.uk will redirect requests for google.co.uk to 66.180.173.39, which is PremiumSearch.
Using the same principles as Maware, to block access to security related websites, you can also be use the Hosts file to block access to dodgy sites, simply add the name of the web site and give it an address of your computer e.g.
127.0.0.1 www.dodgywebsite.com.
This will not only block access to the sites, it will also prevent any advertisements from their servers being displayed,A free and easy way of doing this is to use Adbin. All you have to do is drag a pop up advertisement over the bin, it will automatically add the address it was delivered from to your Hosts file, blocking future access to that server.
You can also use a host file which already includes thousands of web addresses known to be associated with the installation of malicious software http://www.mvps.org/winhelp2002/hosts.htm
Some security applications can add known dodgy sites to your Hosts file as part of its protective features, so you may already have a long list of sites with dodgy names. providing these names are preceded with 127.0.0.1, you are being protected.
To repair an infected Host file you can either.
1) Delete the offending lines.
2) Delete or rename the Hosts file. Windows will create a new one on the next reboot.
You should note that if your computer is infected with malware, some will re-infect the Hosts file on each boot up, so the malware must be removed first. You can if you wish you can lock your Hosts file, to prevent anything changing or adding to it. Find the Host file as described above, Right click it and select properties. In the box that pops up, at the Attributes options, click to put a check mark in the box for Read only, Click Apply then OK.
Information
Viruses
hackers, crackers & firewalls
Trojans
Spyware
Keyloggers
Cookies
BHO's & Hijackers
Drive by downloads
diallers
Scams & Hoaxes
Hijack this-
automatic analysis
Free pest scan
Unwanted processes
How to-Tutorials
Clean up/repair after malware infection
Prevent malware installing
Install Hijackthis
Start in Safe mode
Show hidden files/folders
enable/disable Active X controls
Disable Messenger service pop-ups
Use the Host file
Roguefix -
Removal tool for Rogue spyware removers & Fake Warnings
removal tool
Kill E2Give
Kill MySearch
Kill Sdbot-ADD / lockx.exe
Kill seeve.exe / mediamotors pop ups
Kill Winfixer2005
Kill SysProtect
News/Articles
New Winfixer infection displays fake Blackworm warning
The real cost of Free security software
About us Contact us FAQ Links Privacy Statement Site Map WebmastersClick here to add this page to your favorites
©Internet Inspiration, 2003. All registered trademarks are observed and respected.