Missing Hosts File - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Missing Hosts File

  1. #11
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes, I have seen Hosts files that have been modified and sometimes hidden by malware. What strikes me as odd is that Bob rebuilt the file.........surely Windows would complain if you try to create a file of the same name in the same directory.............or at least warn you if you were going to replace an existing file?

    Also, in the cases I have seen, the users were pretty well aware of the redirects and complained about them? I suppose it could be some sort of bungled or incompatible malware though.

    On XP machines I tend to use Tall Emu's Online Armor.............it requires you to give permission to modifications of the Hosts file as well as running new processes and other changes. It is basically a combined firewall and behavioral monitor and is free for private use.

    Ordinary applications installation and updates are fine as it will remember authorised programs and even has an application installation mode. You need to turn it off before applying Windows updates though, or it gets very annoying
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #12
    Junior Member
    Join Date
    May 2008
    Posts
    16

    a moot point just FYI

    Quote Originally Posted by TG2 View Post
    wow. on the net long enough ... you're bound to see it all.... I poke, of course, but really you're that on most of the time..

    So.. Hosts file ... operates like hosts on linux, the default for windows is to check the hosts file first then resolve via DNS ... any entry in the hosts file in windows that is setup with #PRE at the end of the line, causes windows to preload that entry

    ie. 127.0.0.1 some.adserver.com #PRE

    And agreed, that its odd the cracker/spammer/malware would delete the file, more likely to either wipe out the file and add its own redirections ...


    In windows the preloading of information is done in lmhosts.sam with the #PRE ext.

    i don't find it that odd as many spam blockers use hosts to keep the nasties out
    Last edited by Ted0b1; April 23rd, 2011 at 04:58 PM.

  3. #13
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    I have seen this before, in Windows if you have antivirus software it sometimes hides the hosts file. In the folder %SystemRoot%\system32\drivers\etc\ when searching for hosts file make sure that you display hidden files and system files. You will probably notice the hosts file being renamed to something else. Hopefully its still there.
    ----------------------------------------------------------------------------------------------------------
    "If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford

  4. #14
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    i don't find it that odd as many spam blockers use hosts to keep the nasties out
    Sure, and if they find the Hosts file is missing they will most likely send an error message. That's why I would expect an amendment to the file rather than its deletion, or renaming, as it is less likely to attract attention before the malware has had a chance to do its job.

    I have seen this before, in Windows if you have antivirus software it sometimes hides the hosts file.
    From what Bob has said all the machines are running the same AV, yet only 2 out of 7 have had the problem.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Similar Threads

  1. Finding Rogue SMB File Shares On Your Network
    By Irongeek in forum The Security Tutorials Forum
    Replies: 0
    Last Post: September 2nd, 2005, 05:23 PM
  2. Basic Hosts File Banner Ad-Blocking Tutorial
    By xierox in forum Other Tutorials Forum
    Replies: 0
    Last Post: March 5th, 2005, 04:34 AM
  3. Windows 2000 Tips
    By Nokia in forum Tips and Tricks
    Replies: 0
    Last Post: June 12th, 2004, 05:13 PM
  4. 4 steps to making your computer immortal online.
    By ali1 in forum The Security Tutorials Forum
    Replies: 27
    Last Post: January 1st, 2004, 10:59 AM
  5. FAT vs. NTFS The ultimate Guide to Win file systems.
    By xmaddness in forum The Security Tutorials Forum
    Replies: 9
    Last Post: August 6th, 2003, 09:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides