during immunization - pop-up warning hosts file is being changed

[rustaman]

I currently have AVG free 8.0 and Online Armor 2.1 running on my computer.

I ran Spybot this morning, which did not find any important issues. However when I Immunized, there were 613 unprotected files at the end of that process, and there was an Online Armor pop-up warning that “A program wants to change your hosts file.”
The action was “Set 1000gratisproben.com to 127.0.0.1” I have no clue what this means so I blocked it. Subsequently the 613 files are still unprotected, so I am assuming that the action is somehow associated with Spybot. I am not familiar enough with this whole process to know to figure this out, or how to find the information. I ran a search with keywords Set 1000gratisproben.com to 127.0.0.1, and came up with this link
http://forums.spybot.info/showthread....com+127.0.0.1 but although there are hundreds of references such as 127.0.0.1 www.legal-at-spybot.info etc, etc in this thread, it does not tell me what this is, and if allowing this action with my firewall is a good or a bad thing.

If there is a quick answer, I would appreciate it. Otherwise a referral link would be equally appreciated.

Thanks

[md usa spybot fan]

rustaman:

Ignoring AVG and just covering Online Armor: Please see if the question and responses in the following thread from two (2) days ago satisfies your query:

• Spybot & www.total-antivirus-scan.com to 127.0.0.1
  http://forums.spybot.info/showthread.php?p=254707

[rustaman]

Thanks for that link.
I have learned a lot in the last couple of hours about hosts files.
I went to the Wikipedia article that references Spybot
http://en.wikipedia.org/wiki/Hosts_file as well as the "Security Now" podcast with Steve Gibson available at http://www.grc.com/securitynow.htm under episode #45 - which also mentions Spybot.
Let me see if I have this straight in terms of my issue above.
Spybot has identified 1000gratisproben.com as a "malicioius" site and is wanting to direct it into my local hosts file where it will be given an IP address of 127.0.0.1 - which is the IP address for my computer. Online Armor is asking me if it is OK for this to happen. I should Allow this action. Then if I am on a webpage that tries to direct me to 1000gratisproben.com, the request will first go to my hosts file, and be directed to the IP address 127.0.0.1 - my machine - which means it goes nowhere - therefore the malicious site is effectively blocked.

Pretty nifty. I think I've got it.

Thanks for the help.

[md usa spybot fan]

rustaman:

It sounds like you've got it.