PDA

View Full Version : False Positives coming from hosts file



hewee
2006-03-07, 07:26
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

I get these here that are in my hosts file.

Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
spycleaner.net=127.0.0.1

Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.spycleaner.net=127.0.0.1

Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
ZeroSpyWare.com=127.0.0.1

Windows.RedirectedHosts: Redirected host (Redirected host, nothing done)
www.flash.net=127.0.0.1

md usa spybot fan
2006-03-07, 08:44
These are not false positives. Malware sometimes uses the HOSTS file to block access to legitimate sites or to redirect access to other sites. Spybot is identifying the fact that entries in your HOSTS file are blocking access to legitimate sites.

It appears that you may be using a relatively restrictive HOSTS file and blocking legitimate sites.

SpyCleaner and ZeroSpyware were listed at one time as a Rogue/Suspect Anti-Spyware Product in the following:
The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites by Eric L. Howes
http://www.spywarewarrior.com/rogue_anti-spyware.htm
However, both SpyCleaner and ZeroSpyware were removed from the list:


Note on SpyCleaner: SpyCleaner was listed on this page because of concerns with false positives. In early March 2005, a new version of SpyCleaner was released, followed by new definitions. Testing with this new version indicates that the problems with earlier versions have been satisfactorily resolved. Thus, we can no longer consider SpyCleaner to be "rogue/suspect" anti-spyware.

[A: 6-26-04 / U: 3-31-05]

Note on ZeroSpyware: ZeroSpyware was listed on this page because of concerns with false positives and the nature of its detections and scan reporting (1, 2). In early September 2004, a new version of ZeroSpyware was released. Testing with this new version indicates not only that the problems with earlier versions have been satisfactorily resolved, but that the application does provide usable anti-spyware protection. Thus, we can no longer consider ZeroSpyware to be "rogue/suspect" anti-spyware.

Domains: zerospyware.com, zeroads.com

[A: 6-26-04 / U: 9-10-04]
www.flash.net appears to be a ISP that is now being redirected to Prodigy.

hewee
2006-03-08, 01:11
I use hpHosts file.

http://www.hosts-file.net/downloads.html

Thanks for the update. :bigthumb:

Steve CAin
2006-04-01, 22:22
I have also been getting the following report.
Windows.RedirectdHosts
Redirected host
ZeroSpyWare.com=127.0.0.1
It will not remove itself because SS&D says the program is being used in memory. This happens in both normal and Safe mode. Anyone got a way to remove it short of an expensive cleaning or reformatting of the hard drive?

md usa spybot fan
2006-04-01, 23:24
Steve CAin:

That detection is only indicates that there is an entry in the HOSTS file that prevents access to ZeroSpyWare.com and only presents a problem if you want to get to that site.

Are you running any other anti-malware products that may be blocking access to the HOSTS file, preventing Spybot from modifying it (although the fact that it is also blocked in Safe mode is unusual)?