Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

www.007guard.com


  • Please log in to reply
3 replies to this topic

#1 CainyG

CainyG

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 29 March 2010 - 08:17 PM

My OS is Windows 7 and I have a Broadband connection via AT&T.

This one site, www.007guard.com, is always establishing a Time Wait/Estabished connection to my pc's ports, usually in the 50,000 to 55,000 range. The host files (127.0.0.1) locks it out but the numerous connections it tries to establish concern me. Do so many Time Wait or Established connections from this malware/spyware/adware site slow down or interfere with my online speed or browser experiences? Plus, why is this site so determined to connect to my pc and can it be stopped permanently without a spyware agent locking my host files?

Thanks for any help you can give.

EDIT: Moved from Win 7 to AII, more appropriate forum ~ Hamluis.

Edited by hamluis, 29 March 2010 - 09:12 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:06 PM

Posted 29 March 2010 - 10:28 PM

This file is related to the use of SpyBot S&D. The HOSTS file is a text file that maps an IP address to a name. It has no extension and can be viewed using notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a # sign. In Windows XP, 127.0.0.1 localhost is the universal IP address of all local computers and is the standard hostname given to the address of the loopback network interface which refers to the local computer only.

In Windows Vista and XP, the HOSTS file is located in this default location: C:\Windows\system32\drivers\etc\hosts.Anything that appears in your HOSTS file without an # at the beginning, except from the "127.0.0.1 localhost" line, should be viewed with suspicion. Although malware can be responsible for altering the HOSTS file in an attempt to redirect your browser, it does not do so without infecting other areas of your system.

To view the folder containing your Hosts file, go to Start > Run and type: %windir%\system32\drivers\etc\

The Hosts file has as no extension. The easiest way to access and view the contents is by using notepad.
  • Double-click on the HOSTS file.
  • A message will appear saying Windows can't open the file or Choose the program you want to open this file.
  • Scroll down the list of programs until you see Notepad.
  • Select it and click OK.
To view the Hosts file in Notepad automatically, go to Start > Run and type: notepad %windir%\system32\drivers\etc\hosts


If you were to look at yours you would see something like this.
127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com

and the file ends as:
# This list is Copyright 2000-2008 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy


There are several legitimate security programs like SpySweeper and Spybot S&D which can add numerous entries to the HOSTS file. See Spybot Search & Destroy: HOSTS file viewer. If you open the Hosts file as in the sample I provided, the note at the top will show all the entries were inserted by Spybot.

It appears this is a false detection by your Antivirus on parts of the hosts file immunization as threats. See this discussion thread at Spybot It's a Trend Micro false detection).

Try removing Spybot's HOSTS list and see if you still get the detection. Launch Spybot S&D and go to Mode > Advanced Mode > Tools > Hosts file.
Click the "Remove Spybot S&D hosts list" button (at the top).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 CainyG

CainyG
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 30 March 2010 - 01:49 AM

Thank you boopme. Your answer was well written. I will review the information and links for further understanding of my problem.

Edited by CainyG, 30 March 2010 - 01:49 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:06 PM

Posted 30 March 2010 - 01:55 PM

You're welcome. so basically, The 007 is not malware tho it is communicating with the net.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users