Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question About Using Hosts File (specifically Spybot's)


  • Please log in to reply
20 replies to this topic

#1 bloomcounty

bloomcounty

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 03 March 2008 - 12:28 PM

Hi,

I know that the most recommended Hosts file is the MVPS one, but since I have Spybot 1.4 and it has the option to easily add its own Hosts file, I chose to do that (since I'm a newbie at all this, and it seemed pretty hassle free). I may graduate to the MVPS one at some point though... :thumbsup:

1. Do I need to turn off the DNS Client Service if I'm using a Hosts file, even if I don't notice a slowdown with the internet (which I don't with it on and using the Spybot Hosts file)? Does leaving it on cause the Hosts file to not work properly (or form a security risk) in any way?

2. Is there any new/different risk with using a Hosts file? (Meaning, if you're using it, is it possible it can get "manipulated" by spyware or something and it's something you need to check somehow? If so, how?)

3. If I wanted to add in the MVPS Hosts file, could I just download the .txt file for it and cut/paste it right after the Spybot one? Could adding it in wrong mess something up?

4. Any issue/problem, or risk with using both at the same time?

Thanks for the help! :flowers:
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

BC AdBot (Login to Remove)

 


#2 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 03 March 2008 - 08:20 PM

A bit more...

After adding the Spybot Hosts file in the Spybot program, I decided to remove it to see if it was the cause of something my library website not working right. Before removing it, I tried flushing my DNS cache with "igconfig /flushdns" and then removed the Spybot Hosts file (using the option to remove it from within Spybot S&D 1.4, which takes a few minutes to remove it though it adds it instantaneously). Then for the heck of it, I flushed the DNS cache again. But things still seem to be acting slow.

5. See anything in what I did that would cause any issue?

Thanks again!
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:42 PM

Posted 03 March 2008 - 10:07 PM

my dns has been disabled so long I can't remember what tweak I was reading, no ill effects

I really can't see anything going wrong from using the immunize in spybot, that's a lot easier than constantly renewing the mvp's

I wouldn't add one to the other, both are too big already, I am sure there would be countless duplicate entries


http://www.theeldergeek.com/dns_client.htm

this man is strong with the force

Edited by DaChew, 03 March 2008 - 10:08 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#4 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 03 March 2008 - 10:34 PM

Thanks, DaChew...

But isn't the immunization feature different from the Hosts file that is added in Spybot? I use the immunization feature, but my Hosts file is blank until I choose the Hosts file option in Spybot to add it, then it all shows up in the Hosts file. Know what I mean? So I don't think they're the same. Or are they somehow?

I've since removed the Spybot Hosts file, but 127.0.0.1 still remains in the Hosts list. Is that normal?

I blame the mynocks.
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#5 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:42 PM

Posted 03 March 2008 - 11:02 PM

If DNS service is running and a modified HOSTS file is running the computer is having trouble squaring one with the other. Use HOSTS, it'll be nice and fast.

If you still use ZA, allow HOSTS file changes.
Then remember to put it back in to protect it.

Revert to the original hosts file.
Download MVPS to replace (read their instructions).
Shut off the DNS service. You don't need it. Stop it then disable forever.
Reboot.
(it's all in the instructions on the MVPS site)

Run Spybot.
Now tell Spybot to merge Spybot entries to the HOSTS file.
Spybot is very smart, it checks for duplicates and marks where their section begins.
Update the hosts file periodically following MVPS instructions.
Let Spybot update Hosts file when you update their definitions.

Few answers to your numbered questions
1. MVPS recomends it. I had to.
2. HOSTS file can get manipulated. You can prevent it by making it read only and have ZA protect it.
3. Yes to download and use. No, don't bother with the "after" Spybot
4. No
5. Yes, DNS service running.

Localhost (127.0.0.1 address) must be there.
The system and some applications like to talk to themselves.
Any entries in HOSTS which are not pointing to localhost are bad news.
The only exceptions can be a router address, and few safe trusted places. They're totally optional. Things work fine without anything other than a long list of local host redirections.

Edited by tos226, 03 March 2008 - 11:06 PM.


#6 Alan D

Alan D

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 04 March 2008 - 04:23 AM

I used to use the Spybot hosts file, but no longer. For quite a while now, I've been using the MVPs hosts file in conjunction with the little HostsMan program, which you can get here:
http://www.abelhadigital.com/

It simplifies the process beautifully. The MVPs advice is to stick with their hosts file without merging with others, and that's what I do (and why I don't use Spybot's). HostsMan downloads the MVPs file (there are other choices, but that's the only one I use) and makes updating it completely painless. There's also a little additional optional program called Hostsserver, which lets you know onscreen what has been blocked - which is curiously satisfying - and also reassures you that your hosts file is doing what it should.

Strongly recommended. I feel very comfortable with it.
Windows XP Home SP2; AVG 7.5 Internet Security Suite (AV/AS r.t.p, and firewall); Windows Defender (r.t.p on); SuperAntispyware Free; a-squared Free 3.5.0.15; Spybot 1.4 (Immunised, but no Tea-timer); AdAware SE Free; AVG Anti-Rootkit Free; Spywareblaster; MVPS Hosts file (with HostsMan); McAfee Site Advisor.

#7 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 04 March 2008 - 11:54 AM

Thanks for the replies/info. I want to wrap my head around the HOSTS thing a bit more before jumping in (just so I can set some time aside in case anything weird happens), but I've got this thread bookmarked to use as reference. However, for the time being, I want to just have it back to normal. So a couple follow-up questions:

5. Yes, DNS service running.


tos226:

5a. Why would the DNS service running cause a slowdown even if the HOSTS file is no longer modified? Just because I had modified it and then removed the Spybot HOSTS file?

If I open my HOSTS file now, this is what it shows:

# Copyright 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy


If I open the first backup (I had added and removed Spybot HOSTS file a couple times, just seeing what it did), which was before adding the Spybot HOSTS file at all, it looks like this:

# Copyright 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


The only difference is the bit that says:

# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy


5b. So is that still considered modified? And if so, should I revert to the backup? Or has something changed elsewhere as a result of adding it and removing it, etc.?

5c. Since you had said in #5 that the DNS service running was causing a slowdown (I think that's what you were saying), are you saying that this is the case even without a modified HOSTS file and that things are slow having the DNS service running in any case (with or without a modified HOSTS file)?

5d. If I don't use the HOSTS file (for now), I should leave the DNS service running, is that correct?

Sorry for what are probably silly questions, I just got a bit confused and want to make sure about that. Thanks again.

(Oh, and I have dial-up -- not that it matters, probably -- just thought I'd mention it!)

I really appreciate everyone's direct responses! :thumbsup:

Edited by bloomcounty, 04 March 2008 - 12:31 PM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:42 PM

Posted 04 March 2008 - 12:10 PM

well I have at least finally figured out the spybot and hosts changes, it is part of the immunization feature

so easy to just do it without really understanding what did what

bloomcountry what's slowing down? exactly?

Edited by DaChew, 04 March 2008 - 12:11 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#9 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 04 March 2008 - 12:30 PM

well I have at least finally figured out the spybot and hosts changes, it is part of the immunization feature

so easy to just do it without really understanding what did what

bloomcountry what's slowing down? exactly?


I guess it's mainly sites that use SSL (like when I log into the library).

FYI: Immunization doesn't add anything to the HOSTS file for me. I have to go into Spybot to the HOSTS section and choose to add the Spybot HOSTS file, and *then* it's added in to the HOSTS file. I've got all the immunizations active (or whatever) and this adds nothing to the HOSTS file. How is the HOSTS file in Spybot part of the immunization feature? Thanks!
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:42 PM

Posted 04 March 2008 - 01:52 PM

well I got no real answers from google so I opened spypot, my hosts file had not been modified since the 14th of february

I did the updates then opened immunization checked and applied and watched spybot add ~110 items to hosts global

windows shows hosts modified again today

that's pretty conclusive proof to me

surfing with a generic hosts is something I will not do anymore, my driveby malware adventure was educational but I could have spent those hours on something else, of course I would have never found this forum

:thumbsup:

Edited by DaChew, 04 March 2008 - 01:55 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#11 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 04 March 2008 - 05:37 PM

well I got no real answers from google so I opened spypot, my hosts file had not been modified since the 14th of february

I did the updates then opened immunization checked and applied and watched spybot add ~110 items to hosts global

windows shows hosts modified again today

that's pretty conclusive proof to me


Huh... so is the immunization thing only really doing anything if you have the HOSTS file turned on in Spybot? Because I have it turned off, but I am fully immunized (says x-number of things blocked, etc, when I hit the immunize button) -- and my HOSTS file is blank (as shown above). So is immunization doing nothing for me if I don't have the Spybot HOSTS file activated?

Thanks!

Edited by bloomcounty, 04 March 2008 - 05:38 PM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#12 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:42 PM

Posted 04 March 2008 - 05:46 PM

So is immunization doing nothing for me


still helping some
Chewy

No. Try not. Do... or do not. There is no try.

#13 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:42 PM

Posted 04 March 2008 - 09:03 PM

Alan D, I haven't been using Spybot list, but still have the data in a previous file.
I like the looks of your suggestion, thanks for the link.

little HostsMan program, which you can get here:
http://www.abelhadigital.com/


bloomcounty and DaChew I'm not to clear what the issue is, but let's try using what little I know :thumbsup:
Immunization is not related to the HOSTS file.
Immunization adds entries into Restricted sites list in IE as far as I know.
Merging the Spybot site entries into the HOSTS file is a totally separate issue, and on a separate screen -
check this image http://img126.imageshack.us/img126/7692/hostszf1.png - that's what I'm talking about.

Here is my condensed list of the HOSTS file on my computer. It’s long, so I show only few landmarks

> BEGINNING of the HOSTS file
127.0.0.1 localhost
192.168.1.1 router#
#start of lines added by WinHelp2002
# [Misc A - Z]
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]

127.0.0.1 free.wegcash.com #[SunBelt.WegCash.com]
127.0.0.1 programs.wegcash.com #[Tenebril.wegcash.com]
# [Webpower Inc]
127.0.0.1 apps.clickcash.com
127.0.0.1 www.clickcash.com
127.0.0.1 cc.webpower.com
127.0.0.1 clickcash.webpower.com #[IE-SpyAd]
127.0.0.1 orders.webpower.com #[SpySweeper.Spy.Cookie]
# [XCell Inc]
127.0.0.1 www.emporn.com #[Zango]
127.0.0.1 servedby.fathomtech.com
127.0.0.1 www.freeblowjobmovies.us #[Zango]
127.0.0.1 www.freeblowjobvideos.us
127.0.0.1 www.mommaporn.com
127.0.0.1 www.pokemonporn.us #[Zango]
127.0.0.1 www.wwe-divas.org
127.0.0.1 servedby.xcelltech.com
127.0.0.1 www.xcelltech.com
#end of lines added by WinHelp2002

> MIDDLE of HOSTS
# Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2007 Safer Networking Limited
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc

> TAIL END of HOSTS
127.0.0.1 zxcsolution.com
127.0.0.1 www.zxcsolution.com
127.0.0.1 www.iugate.com
# End of entries inserted by Spybot - Search & Destroy


Edited by tos226, 04 March 2008 - 09:04 PM.


#14 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:42 PM

Posted 04 March 2008 - 09:10 PM

5c. Since you had said in #5 that the DNS service running was causing a slowdown (I think that's what you were saying), are you saying that this is the case even without a modified HOSTS file and that things are slow having the DNS service running in any case (with or without a modified HOSTS file)?

5d. If I don't use the HOSTS file (for now), I should leave the DNS service running, is that correct?


5c - No
5d - I don't know, I don't remember
check TheElderGeek site about services

Hosts file is loaded up front once. Then the applications take over.
DNS service looks up things all the time, including scumware.

Edited:
Bloomcounty, here are few cool links for you
http://www.theeldergeek.com/dns_client.htm - that's the best, it's the bible for many people
I also like this, somewhat dated one, but nicely written and explained
http://www.jasonn.com/turning_off_unnecess...s_on_windows_xp

Edited by tos226, 04 March 2008 - 09:48 PM.


#15 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:42 PM

Posted 04 March 2008 - 09:54 PM

tos,

what is the bottom of the immunization screen in spybot where i saw it add 100 new entries to hosts(global) and why did my hosts show a new modified date if spybot did not update it?

I saw it with my own eyes

anyone can easily reproduce it
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users