Hosts file doesn't block sites

***rcgreen*** · June 20th, 2004, 01:46 PM

I've heard that winXP caches dns lookups, so maybe you need
to reboot to flush it.

**djhuk** · June 20th, 2004, 01:58 PM

It couldn't be one of my anti-spyware programs could it? You know, with their hosts file protection? However, I thought this just made it read only.

I've scanned with spybot and adaware, but will try in safe mode. That will give me a restart too so should clear the cache.

***thehorse13*** · June 20th, 2004, 02:07 PM

The cache is cleared by doing this at the command prompt:

ipconfig /flushdns

No reboot required.

Yes, it could be your anti-spyware software doing this to you. Disable it and try your tests again.

***Tedob1*** · June 20th, 2004, 02:32 PM

Quote:
------------
I noticed that there's two other hosts files:

hosts.bho
host (recognized as an iCalendar file)
------------

yes this is definitely the cause. resolving to 127.0.0.1 or 0.0.0.0 would work on any url. but your already infected and have some absolutely free marketing research tools directing your browser to their ip address negating the need for ip resolution. you would get there even without a dns server. in fact some adware even has a cache of web pages stored in a file on your computer to help enhance your internet experience even when you not on line.

(i just love to use their euphemisms)

you need to get cwshreader and run a good adware/spyware remover

you also need to get all the ie updates and disable active scripting.

**djhuk** · June 20th, 2004, 02:38 PM

Sorry, i meant to say. I later checked those two files, the .bho was a backup, and all it contains is:

127.0.0.1 localhost

the other one was automatically generated for Internet Connection Sharing. It only has one IP, which is commented out.

Disabling the hosts protection on Spybot and SpywareBlaster didn't change it. I'm about to give up on it and just use the Restricted Sites instead, as well as relying on SpywareBlaster.

***Tedob1*** · June 20th, 2004, 02:41 PM

bho = browser helper object...did you name it that?

***thehorse13*** · June 20th, 2004, 02:51 PM

Exactly my point. Something else is hooking the box for resolution. Now, there are *tons* of awful BHOs out there so follow the advise and run a good spyware removal tool. As Tedob1 has noted, bhos are not friendly things.

**ttau** · June 20th, 2004, 02:55 PM

Are you formating it correctly? i.e. 127.0.0.1 yahoo.com or www.yahoo.com
Don't use http in the line.

**djhuk** · June 20th, 2004, 03:10 PM

As per my earlier post, i've run spybot and adaware, and also in safe mode. They came up clean.

Also, how could the .bho file be hijacking me when it only contained: 127.0.0.1 localhost

Anyway, I deleted all the backups and restarted but no luck.

Now here's something I remember reading...that the Hosts file must be in upper case, i.e. HOSTS.
At the time I couldn't see how that would affect it, but now i look in the ETC folder, all the other files are upper case, but Hosts is not.

**djscribble** · June 20th, 2004, 03:37 PM

if you have spybot (and i am assuming you do since you said you did a scan with it) then you can do a search for "hosts" spybot comes with one that you can use to replace the one that windows uses...

If you don't want to do this, maybe could you post your hosts file (if it doesn't contain anything personal, which it shouldn't) and we can take a look at it just to make sure that is correct...

windows, for the most part, is not case sensitive, so you shouldn't have to worry about the uppercase/lowercase names because i know that mine is lowercase and it does work

finally, if you are trying to make it so that spyware doesn't install itself, i use a combination of the spybot immunize and Javacool's SpywareBlaster

Thread: Hosts file doesn't block sites

Thread Tools

Display

Posting Permissions