Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hosts file???


  • This topic is locked This topic is locked
5 replies to this topic

#1 Old_ROMAD

Old_ROMAD

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 17 December 2011 - 04:10 PM

I have been having some slow downs and a few redirection problems with win 7, so decided to run hijackthis. It said the hosts file access was denied. Then, reading several advisors saying that I should investigate the file using notepad, I tried to do that. Surprise! When I opened the file I got this:

(# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Do I not HAVE a real hosts file? Have been in personal computing since bits were entered with toggle switches, (Switch Systems & S100) but AM NOT a software guy. Win 7 is a delight compared to (spit)ista, but can be confusing. Am running an HP p6710f with 16GB Ram, 1 TB boot HDD, and 2 TB data HDD. Running upgraded OS (From Home Premium 64 bit) Win 7 Professional 64 bit. I did have an infection of the latest (according to GFI) version of Win 7 Security 2012 (Fake spyware fixer) that got by Anti-Malware AND Vipre. (ONLY thing that ever did in 7+ years so far)
Once fixed, I did a repair install, and everything appeared right except S L O W running of programs, occasional feezeups, and once in a while a redirection of Firefox. (always to a REAL, legal site!). That was why I tried Hijackthis.

Any ideas? Just about everywhere I looked, there was advise to seek help here, so..... HELP!!
:crazy:

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:25 PM

Posted 17 December 2011 - 05:00 PM

Good evening. :)

I sorry to have to break the terribly sad news to you that the Hosts file you have is exactly what the Hosts file is - disappointing, I know!

Two links for you to peruse at your leisure:

http://www.bleepingcomputer.com/tutorials/hosts-files-explained/
http://winhelp2002.mvps.org/hosts.htm

My own take on it:

I find the easiest way to work with the internet is to compare it to the phone system. Just as every phone has a number that identifies it and enables an individual to be contacted, so does every computer - this is called the Internet Protocol, or IP, Address.
When you enter a web address into your browser, it cannot directly connect to the website as it does not have the IP Address for the server. It sends a request to a Domain Name Server, which is just Directory Enquiries for computer addresses, which will either know or will find out, the address and send it to your browser, which will then send the request for the web page.
Originally the DNS system didn't exist and to deal with the requirement for IP Addresses, the HOSTS file was used. This file contained all the names of the computers and their respective IP Addresses. Your browser would look for the name, read the IP address and then contact the computer - Google for ARPANET if you are interested in the early days.
This was OK when there were few computers, but as the network grew, so did the problems. As each new PC was added to the network, so it's name and IP Address had to be added to the HOSTS file. Until it was included, it could not be reached by any PC as the address was unknown. The more computers on the network, the more HOSTS files that needed to be updated and the worse the problem got.
The HOSTS file was still of use in this area when dialup was king because you could add the web address and IP Address of your favourite sites and this would preclude your browser from needing to contact a DNS for the address - it just went direct to the site. With 56k speeds, any reduction in web traffic was worth the effort.
These days with broadband it isn't really necessary to use this part of the HOSTS file's functionality, but it can still be of use, with a little imagination.
If we go back to the phone analogy, the HOSTS file is the phone book in your mobile. If you have the number stored, you can call direct. If not, you ring directory enquiries, get the number, and then ring.
If I was to take your phone and edit the numbers in your phone book, I could direct you to any number I chose, whether it be to a real number or one that is unobtainable. You would select the name and hit the "Go Phone" button and wonder what was happening. This is how the HOSTS file is used, but without the malicious grin i'd have if I got hold of your phone! :D
If you wished to prevent your browser from connecting to a certain site, you could put that site's web address in your HOSTS file and give it an incorrect IP address. Your browser doesn't have a checking function included, and will believe whatever it reads, so it goes to the IP address that it is told. This can be used to send somebody to the Salvation Army website instead of their favourite porn site, for example - fun or what!
Should you wish to stop the browser dead and have it display nothing for a particular web address, you need an unobtainable number IP-wise. The IP address 127.0.0.1 is reserved as the address for "Home". Every computer thinks that it has this address, and so using it in the HOSTS file will cause your browser to ask your computer for the page you have typed in which won't be supplied and the browser gives up.
There are a couple of ready-made HOSTS file that you can download which will block access to various sites - some porn, some delivering infections. The size of these files can cause PC slowness, so you do have to bear that in mind when you install one. You also need to be aware that not all ISPs support the use of the HOSTS file - AOL doesn't by default. Any changes you make to the file do diddly-squat.

In short, the HOSTS file is a phone book. You can either use it to speed up connections, or block the same.
(I could have put this bit at the top, but then you may not have read the rest and i've have wasted my typing!)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal. Given that you are having issues I suggest that you go here, follow steps 6, 7 and 8, and then start a new thread and post accordingly, not forgetting to include a brief description of your issue including anything you consider pertinent.

As I am still wedded to my XP Desktop it's probably wisest if I don't make your evening worse, my time, by trying to second guess what actually belongs to Windows 7 and what is malicious in nature on your system.

If you have any further questions on the Hosts file, feel free to post them into this thread and i'll answer them, if I can.

So long, and thanks for all the fish.

 

 


#3 Old_ROMAD

Old_ROMAD
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 17 December 2011 - 05:35 PM

As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal....
Uh, thanks for the reply but version 2.0.4 was April 2010, and 2.0.5 Beta is last month! That is pretty updated for programs that are free. (IMO)
I am confused as to your comments about the hosts file not being actually used for anything, or being needed. After searching several dozens of forum since my post, I find the exact opposite claimed by most, including on this site. Their explanation of the parts of it that can contain redirectors and such is just what I appear to be experiencing.

Learning is continual in computers. Onwards and ............
Thanks again

Paul (Old_ROMAD)

Paul Andreasen, TSgt, USAF (Ret) K1JAN
ROMAD, 601st DASS
CCT, 1278th APS
(There's no such thing as an Ex-ROMAD)
Psalms 51:10

Lompoc, CA

Born in MAINE, living in Exile

"Be who you are and say what you feel because those who mind don't matter and those who matter don't mind. "~ Dr. Seuss


Be careful of the words you say
Make sure they're soft and sweet
You never know from day to day
Which ones you'll have to eat


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:25 PM

Posted 17 December 2011 - 05:45 PM

Uh, thanks for the reply but version 2.0.4 was April 2010, and 2.0.5 Beta is last month! That is pretty updated for programs that are free. (IMO)

HJT hasn't been used for some considerable time as it failed to keep up with the changing face of malware - April 2010 is a lifetime behind the times where malware is concerned.

I suggest you treat the date of update with some cynicism - it's what the update does that matters. If Trend are releasing a "up-to-date" version of HJT that is only six months behind what is being used here, it's out-of-date in the way that matters.

While the beta may be better, until it's guaranteed stable and offers something comparable to DDS or OTL, which are the two usual tools of choice, I doubt it's not going to be embraced by too many people on the forum.

I am confused as to your comments about the hosts file not being actually used for anything, or being needed.

I suggest you reread my post -

You also need to be aware that not all ISPs support the use of the HOSTS file - AOL doesn't by default. Any changes you make to the file do diddly-squat.


The Hosts file offers some functionality in certain cases, but that functionality isn't necessary for your PC to access the internet.

So long, and thanks for all the fish.

 

 


#5 Old_ROMAD

Old_ROMAD
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 18 December 2011 - 12:49 AM

Copy all! Thank you again.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:25 PM

Posted 20 December 2011 - 03:17 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users