Spam on the box - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: Spam on the box

  1. #11
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Originally posted here by nihil
    STOP!

    That looks OK to me, those are redirects to 127.0.0.1 which is your PC...............they won't go anywhere
    And for that matter, they seem to be redirecting spyware sites. (i.e. lop.com)

    -X
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  2. #12
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    STOP! That looks OK to me, those are redirects to 127.0.0.1 which is your PC...............they won't go anywhere
    Yeah STOP don't delete it or change it

    And this is the reason WHY

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  3. #13
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    yeah like nihil said, those are supposed to be there, to edit a HOSTS file or to go back to the default, you can use the program HOSTER from this site http://www.mvps.org/winhelp2002/hosts.htm


    And under any circumstances do not remove these puppies:

    127.0.0.1 www.isearch.com
    127.0.0.1 isearch.com
    127.0.0.1 www.idownload.com
    127.0.0.1 idownload.com
    127.0.0.1 www.mytotalsearch.com
    127.0.0.1 mytotalsearch.com
    127.0.0.1 www.lop.com
    127.0.0.1 lop.com


    isearch =
    idownload=
    Spyware.ISearch

    Last Updated on: September 19, 2005 03:23:14 AM



    Type: Spyware

    Name: ISearch Toolbar
    Version: 1.0.0.1
    Publisher: iDownload.com

    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


    Risk Impact: High
    mytotalsearch=
    Field Value
    Name MyTotalSearch Email Plugin
    Command mtsoemon.exe
    Status X
    Description MyTotalSearchBar adware
    Viewed 451 times since 23 May 2005, 1825 Hours UTC-4.


    STATUS KEY:

    "Y" - Normally leave to run at start-up
    "N" - Not required - typically infrequently used tasks that can be started manually if necessary
    "U" - User's choice - depends whether a user deems it necessary
    "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
    "?" - Unknown
    From Castlecops http://castlecops.com/startuplist-6243.html

    And the last one LOP is a real problem.

    Description

    lop is a family of programs that set your start page and IE’s search features to use the site lop.com (’Live Online Portal’) or one of its clone sites. Known lop sites include:
    LOP Sites

    So unless you want to spend hours cleaning your PC, stay away from these sites, keep a good HOSTS file if you insist on using IE (Get Firefox) also check out IESPYAD


    Cemetric

    Didn't see your post, I was hung up on mine for abit
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  4. #14
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes, I have just checked and Spybot Search & Destroy certainly has an option to use that technique. I suspect that MS Antispyware and some other security products do the same?

    I would set up Spybot to start in advanced mode then you can use the tools and look at Hosts, Browser Helper Objects, LSP stack and so on. Winpatrol also has some useful analysis, and a very nice "suspend" facility that lets you turn things off and back on again.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #15
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Your HOSTS file can also be infiltrated and used to "Redirect" you to other sites as well as block your Auto update features on Windows, Spybot and Adaware to name a few.

    Beware of ungracious hosts
    Robert Vamosi April 11, 2005

    Taking a page from virus writers, identity thieves could soon use a tiny file on your computer to redirect you to their fraudulent sites.

    A few weeks ago, I wrote about a new trend among identity thieves called pharming, where whole domains are hijacked, and users unwillingly find themselves on familiar-looking yet fraudulent Web sites. Pharming exploits a weakness in how the current Internet is structured, namely the Domain Name System (DNS), which translates easy-to-remember URLs into the IP addresses that networks use to route data packets across the Internet. Since that column, I've been thinking about other ways to accomplish a similar feat. For example, rather than poison or change the data on a remote DNS server, why not use a common file on your computer to redirect your desktop computer somewhere else instead?

    Internet Connection primer

    Almost all Internet-connected computers -- Windows, Mac, Linux, even Unix -- use a hosts file (NB: this type of file has no extension).

    Whenever you access a site on the Internet, instead of typing its IP address (say, 220.127.0.0), you simply type www.zdnet.co.uk. Your computer must first learn the IP address of the server hosting the ZDNet site before it can connect, and it does so by asking a DNS server. As mentioned in my pharming column, identity thieves have been known to compromise DNS entries so that anyone trying to find www.yourbank.com instead gets a very good replica located on a fraudulent Web site -- and all the while, the URL displayed on your address bar in your browser looks just fine to you.

    But the TCP/IP protocol also allows for a hosts file to trump any DNS address query. Using Notepad or any text editor, you can view your own computer's hosts file contents. On a Windows machine, the hosts file is generally located within the Windows folder; on Windows NT, 2000 and XP, it's within a subfolder with your Windows drivers. A fresh hosts file should look something like this (and for the record, I don't recommend altering your hosts file):

    # Copyright (c) 1998 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP stack for Windows98
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#'
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    &nbsp127.0.0.1 Localhost

    Virus writers know about hosts files

    Unfortunately, virus writers know that hosts files can block Internet address requests -- especially requests to view antivirus and security vendor Web sites. The recent Mytob virus is one that attacks the hosts file on Windows systems. Virus writers do this by associating the local host address of 127.0.0.1 next to the antivirus company's URL in the hosts file; 127.0.0.1 is a special loopback address for the machine you are currently using, which means that your request to go out onto the Internet to a Web site simply loops right back to your computer. Should you find yourself unable to reach an antivirus software company to obtain the latest antivirus signature file to contain or remove a virus, you might want to check your hosts file. In this one exception to the rule to not change your hosts file, I recommend first using a text editor to save the existing hosts file to something distinct, such as HostsOld, then delete all the blocked antivirus or security vendor associations (or mark them with #s to comment them out) and save the edited file as hosts (with no extension).

    You might be thinking that you can also use your hosts file to block spyware and adware? You can, but I don't recommend it. Not manually. First, the list will be hard for you to maintain. Instead, I recommend downloading a free anti-spyware program, such as Microsoft AntiSpyware (Beta), Spybot or Ad-aware. Second, long lists within your hosts file often slow your computer's access to the Internet.

    Scam artists also know about hosts files

    You might also be thinking that if a hosts file can exclude, can it also redirect? Yes, it can. Say you have a favourite site called BrandX.com, and it has an archrival site called BrandY.com. BrandX.com lives at 123.456.00.00 while BrandY.com lives at 122.222.0.0. If someone were to alter your hosts file so that every time you typed BrandX.com on your browser it would return BrandY.com's site instead, you'd be cross, I'm sure. That alteration in your hosts file would look like this:

    &nbsp122.222.0.0 BrandX.com

    Unfortunately for you and me, scam artists are lazy. Rather than changing BankOne's DNS registration (which involves some social engineering and work), an identity thief or so-called pharmer could simply alter your hosts file instead. This would be a slow process, and updating individual computers would produce rather little profit. However, if a virus writer fell under the employ of a pharmer (or a spam merchant) and could somehow infect thousands, if not millions, of computers with a compromised hosts file, the rewards would be even greater.

    Is this happening right now? Yes and no. In some countries, such as Brazil, malicious Trojan horses are redirecting users away from local banks and toward criminal sites, but this has yet to become widespread. And although a large-scale version of this attack (say, targeting many financial sites at once) hasn't happened, there's little reason to think it won't.

    Protection

    Any good antivirus product (such as Trend Micro's PC-cillin) that's kept up-to-date should keep your system safe. Better yet, try a good security suite (such as ZoneAlarm Security Suite 5.5), and you'll have all of your antivirus, firewall and anti-spyware bases covered.

    ZDNET Review
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  6. #16
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Didn't see your post, I was hung up on mine for abit
    No biggie ..Saves him from clicking the link anyway

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  7. #17
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm,

    I don't entirely agree with him. I use the hosts file but I have it locked until such time as I update the antimalware.

    If you then browse it with Spybot it will show you the new entries so you can check that they are OK then lock it again.

    I agree that it is not something that I would want to do manually
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #18
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hmmmm,

    I don't entirely agree with him.
    nihil

    Are you referring to me or the article.

    You know the default HOSTS file is considered adequate if you use Spywareblaster and Spywareguard in conjunction with Microsoft Antispyware Beta 1.

    It comes down to user preference on how to use a HOSTS file, there is a good tool at MVSP HOSTS site called HOSTMAN as well as HOSTER.

    You can also reset the default HOST file through a reboot

    Restoration of the host file (Windows and Linux)

    When a program hijacks the host file, it may be necessary to restore it.

    1. Identify the location of the host file for your operating system
    2. Create a backup copy
    3. Open it with a basic text editor such as Notepad or vi
    4. Remove all entries for the sites which are hijacked. Some may have been added for legitimate programs. Always be sure to back up your host file. By default, most systems will only have the following line:

    127.0.0.1 localhost

    1. Save the file
    2. Restart your computer (Windows)

    You can also see and edit the HOSTS file through the HJT program.
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  9. #19
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Are you referring to me or the article
    The article of course

    Actually, the tools section of Spybot S&D allows you to manage entries, clear the file and restore it
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #20
    Junior Member
    Join Date
    Oct 2004
    Posts
    9

    Angry Need urgent help

    hi all,

    thank you for all the information.. but now i need some more practical advice.

    these pop ups for websites have made it a hell, when i goto etc/ hosts.sam and try to edit
    it says this file is currently in use.

    so wether i use the admin id or w/o network , it just says the file is in use and does not allow me to modify.

    i m already scanning with MS antispyware - spybot etc etc. .

    pls help ..

    regards

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides