etc\hosts

Blind_Pew · Joined: Oct 27, 2006 Posts: 168

Every time I run AVG I get "changes made to"
C\WINDOWS\System32\drivers\etc\hosts
Did a search and what everyone says it is like a phone book for isp address
Opened it up with word pad to see what was in it and there is a lot of them.
renamed etc to oldetc and created new etc folder(empty).So far everything seems to work. Not done AVG scan yet.
Is this file first created when installing XP with a certain set of address's?
And would it hurt to delete old file? Hope this makes sense. I wrote it and it and it confusing to me

Thanks Blind_Pew

zlim · Joined: Mar 11, 2005 Posts: 2747

If the entries in the hosts file do not have the symbol # in front of the IP then those IPs are put in there as a protection for you. Check some of the IPs. They are xxxx sites, sites that might try to steal info from your computer, sites that might try to download things you don't want, and warezz sites. Places that your security programs are protecting you from going to. You can remove all of them. End result, you can surf anywhere you want and take your chances trying to figure out if the site is good or bad.

drwho07 · Joined: Nov 29, 2007 Posts: 2240 Location: Central FL, USA

Pew,
How does your foot feel?

Because you just shot yourself in the foot! Wink

The Hosts file is there for one very great purpose, to hold a list of web addresses where your browser MUST NEVER GO!!!!!

You need to read up on it at MVPS.com and then download the
Hosts Manager program and start getting updates to your hosts file on at least a weekly basis.
(I run HostsMan at least three times every week, to get the latest updates to my hosts file )

Unfortunately, AVG tells people more than they really need to know and it serves only to confuse the novice, casual user and the untrained.

There are four great sites polled by HostsMan to get the latest Custom Hosts lists, to protect your computer from going to several thousand bad web sites.

We've talked about a Custom Hosts File extensively right here in this forum.

Read up on it.....and don't erase your hosts file again!

EDIT: my own hosts file currently contains 76,362 lines.
I'm protected against my browsers ever going to that many bad sites.

The Doctor

BudDurland · Joined: Dec 05, 2002 Posts: 522

Blind_Pew · Joined: Oct 27, 2006 Posts: 168

Thanks for the information.Now I understand what its for will check out the sites you offered.

Yeah Zlim thats what had me going was the xxxx sites listed. I know I didn't go there

Hey Doc only nicked the heel of my boot did not delete file, only renamed it to old. Put it back to original so every things back as before.

I did search here but nothing came up will look for custom host file.
Again thanks to all for help Blind_Pew

drwho07 · Joined: Nov 29, 2007 Posts: 2240 Location: Central FL, USA

Like many others I was blindsided by the hosts file thingy.

Silmarin used to post a notice every time there was an update to Mike Burgess's Custom Hosts file.

It was a real drag to download the zipped file, unzip it and then save it to the correct folder. "Hosts Manager" (HostsMan) takes all that drudgery out of getting a new hosts file and keeping the one on your computer up to date.
HostsMan also scans for duplicate entries.

I now install "HostsMan" for all my customers where access to the internet may be done by "Young" people.

Even the little ol' blue haired ladies, don't want to see xxxx popping up on their screen. The Custom Hosts File eliminates that possibility.

I love it,,,,and like most good protection software.....IT'S FREE !!!!

God, I do love "FREE".

The Doctor

kenmabmcc

Hi Doc

is this the program ?

ken

goretsky

Hello,

You wrote that your anti-virus software from AVG (formerly Grisoft) detected changes to the %windir%\system32\drivers\etc\hosts, that when you viewed the hosts file it contained many redirections to sites featuring pornography, and moving the hosts file to a new location solved the problem with the web browser being redirected to those sites.

What I did not see any mention of, though, was that your anti-virus program had detected any malicious software (malware) on your computer. Unless you are downloading something like the hosts file from MVPS.COM or troubleshooting a problem with your ISP, the hosts file is typically not edited by most users.

Did you have a malware infestation at some point that was cleaned up by your anti-virus software, or was the notification about changes to the hosts file the only report you had from it?

If the latter, I would suggest performing a very detailed scan of your system using your anti-virus software, as the malicious program(s) which changed your hosts file may still be present on the computer.

Regards,

Aryeh Goretsky

drwho07 · Joined: Nov 29, 2007 Posts: 2240 Location: Central FL, USA

Ken,
I think Mr. G. got the wrong impression from your post.

Yes, the Hosts file on your computer, WILL contain the names of xxxx sites, but before that will be the "RE-Direct" address. (127.0.0.1)

Here is an excerpt from my own Hosts file:

127.0.0.1 liveupdate.myim.cn #[Adware.BeSys]
127.0.0.1 www.xmylinker.net #[Adware.MyLinker]
127.0.0.1 www.xmylottoadserv.com
127.0.0.1 rm.xmyoc.com
127.0.0.1 wintercatx.diy.myrice.com #[Win32/TrojanDownloader.Tiny.Y]
127.0.0.1 my-securedocx.com #[Downloader.Goobiz]

* I avoided any xxxx sites, because I don't want to advertise them.

When something tries to go to any of the sites mentioned,
it is re-directed to 127.0.0.1...... that's your computer!

So you get that old familiar message, "Unable to open page", or some such verbage if anything tries to go to those sites. Your browser is thusly prevented from going to any such site.

Once, way back in what seems like Ancient History now, AVG's main download server was just being beat to death with requests for updates.
We were told to redirect the request to a different server at Grisoft....that worked like a champ. That was done by putting the re-direct in the hosts file. I think that was the first time I was aware of the hosts file and what it could be used for.

So, that file can be used for more than just blocking bad sites.

Ken, in answer to your question......
The quickest way to download 'HostsMan' is here:
http://www.majorgeeks.com/HostsMan_d4592.html

I just went thru the download process from Majorgeeks and it worked like a champ.
That's one of the greatest sites on the internet for downloading free software.

I hope I've sufficiently answered your questions. If not, PM me and we'll work it out.

God Bless!
The Doctor

Blind_Pew · Joined: Oct 27, 2006 Posts: 168

goretsky

I try to run AVG,Ad-Aware,A-squares and Spy-bot (full scans)at least once a week.The past two times i ran AVG got host file change first time did not think much of it,second time opened file up to see what it was all about noticed xxxx sites listed so did search for host file and basically what was said it being like an address book for internet. AVG forum says to add it to an ignore list and it won't show up again. But I wanted to make sure that I wasn't saving malware so that is reason for post. Only one that shows anything is Ad-aware
TAI 1. Just ran all again no problems detected except for TAI

Thanks everyone for help Blind_Pew

tbernstein · Joined: May 16, 2003 Posts: 1668 Location: London

Maybe it's worthwhile explaining the whole scheme.
When anyone enters a web address (URL) this means nothing. But every point on the internet that can be connected has a number, such as the one shown. When you type the URL that name has to be translated to a number ( the IP address). ( You can just enter the number, but that would be a bit unfriendly and hard to remember).
So your computer sends a message out to the internet, usually to your internet provider in the first instance, to find out what that number is.
However, some of these can be stored on your machine, instead. In the "Hosts" file. Maybe once it was useful for that, when speeds were slow.. And this file takes priority.
These days it can be used by hijackers to redirect your computer to where they want you to look, so that if you type in www.myusefulstuff.com it will take you to www.mysleazypornsite.com.
On the other hand, it can also be used to stop your machine visiting dodgy sites, in exactly the same way.
Antivirus and security software gets a bit twitchy if the Hosts file has been change, since it may have been hijacked.

goretsky

Hello,

Did the lines in your hosts file begin with IP address number 127.0.0.1 as in DrWho07's example, or did they contain numbers like 74.125.19.147, 12.190.48.113 and so forth? (Those are actually safe--I used them as examples of what such IP address numbers might look like.)

Regards,

Aryeh Goretsky

Blind_Pew · Joined: Oct 27, 2006 Posts: 168

Sorry about taking so long to get back its spring been doing yard work.
all begin with 127.0.0.1

Was curious about these two

127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz

127.0.0.1 zestyfind.com
127.0.0.1 www.zestyfind.com
# This list is Copyright 2000-2007 Safer Networking Limited

zlim · Joined: Mar 11, 2005 Posts: 2747

I googled the first
http://www.google.com/search?q=%22df809jow4wj2304lfd0sf9fsd0a2t4ldf809...4wj2304
and as you can see, it is something in a lot of HijackThis logs so I'm sure it is a site you don't want to get to.

as far as zesty find, when you google that, you get lots of threads from legitimate security places for removal instructions.

Whois

Blind_Pew · Joined: Oct 27, 2006 Posts: 168

Thanks Zlim

Never even thought about doing a search must be getting old.

Is it time for my meds yet!!!! Shocked

Again thanks everyone for help it is appreciated

zlim · Joined: Mar 11, 2005 Posts: 2747

Blind_Pew, you're probably younger than me. About the only thing I remember is how to search google. Very Happy