I've heard that winXP caches dns lookups, so maybe you need
to reboot to flush it.
:cool:
Printable View
I've heard that winXP caches dns lookups, so maybe you need
to reboot to flush it.
:cool:
It couldn't be one of my anti-spyware programs could it? You know, with their hosts file protection? However, I thought this just made it read only.
I've scanned with spybot and adaware, but will try in safe mode. That will give me a restart too so should clear the cache.
The cache is cleared by doing this at the command prompt:
ipconfig /flushdns
No reboot required.
Yes, it could be your anti-spyware software doing this to you. Disable it and try your tests again.
Quote:
------------
I noticed that there's two other hosts files:
hosts.bho
host (recognized as an iCalendar file)
------------
yes this is definitely the cause. resolving to 127.0.0.1 or 0.0.0.0 would work on any url. but your already infected and have some absolutely free marketing research tools directing your browser to their ip address negating the need for ip resolution. you would get there even without a dns server. in fact some adware even has a cache of web pages stored in a file on your computer to help enhance your internet experience even when you not on line.
(i just love to use their euphemisms)
you need to get cwshreader and run a good adware/spyware remover
you also need to get all the ie updates and disable active scripting.
Sorry, i meant to say. I later checked those two files, the .bho was a backup, and all it contains is:
127.0.0.1 localhost
the other one was automatically generated for Internet Connection Sharing. It only has one IP, which is commented out.
Disabling the hosts protection on Spybot and SpywareBlaster didn't change it. I'm about to give up on it and just use the Restricted Sites instead, as well as relying on SpywareBlaster.
bho = browser helper object...did you name it that?
Exactly my point. Something else is hooking the box for resolution. Now, there are *tons* of awful BHOs out there so follow the advise and run a good spyware removal tool. As Tedob1 has noted, bhos are not friendly things.
Are you formating it correctly? i.e. 127.0.0.1 yahoo.com or www.yahoo.com
Don't use http in the line.
As per my earlier post, i've run spybot and adaware, and also in safe mode. They came up clean.
Also, how could the .bho file be hijacking me when it only contained: 127.0.0.1 localhost
Anyway, I deleted all the backups and restarted but no luck.
Now here's something I remember reading...that the Hosts file must be in upper case, i.e. HOSTS.
At the time I couldn't see how that would affect it, but now i look in the ETC folder, all the other files are upper case, but Hosts is not.
if you have spybot (and i am assuming you do since you said you did a scan with it) then you can do a search for "hosts" spybot comes with one that you can use to replace the one that windows uses...
If you don't want to do this, maybe could you post your hosts file (if it doesn't contain anything personal, which it shouldn't) and we can take a look at it just to make sure that is correct...
windows, for the most part, is not case sensitive, so you shouldn't have to worry about the uppercase/lowercase names because i know that mine is lowercase and it does work
finally, if you are trying to make it so that spyware doesn't install itself, i use a combination of the spybot immunize and Javacool's SpywareBlaster