View Full Version : SB 1.6 deletes host file without a backup.
Hello,
First I'd like to criticize the new version of SB 1.6.After I installed it and trust the SB to took care of my host file and protect it, I made a big mistake because now my host file is totally new , completely wiped out by SB.
This is bad.I lost very important information in my previous host file.And I do not see any backup made by SB of the previous host file.
So guys if you could add an information what is going to happen if an user trust SB to protect his host file it would be better.
Thanks in advance.
wyrmrider
2008-07-16, 23:25
very interesting
what was your host file MVPS- HPHOSTS-other?
usually spybot just appends to the end
this does need looking at
the MVPS installer will remove SPYBOT entries
requiring re-immunization
never heard of it the other way around
are you using Hoster or another host management package?
worst case
does your os have a restore feature?
(but the fix may be worse that the problem)
md usa spybot fan
2008-07-17, 01:17
skoman:
I see no difference in the operation of Spybot 1.6 in the way it handles the addition of its HOSTS list to the system's HOSTS file since Spybot 1.2, except that starting with Spybot 1.5 you could add the Spybot's HOSTS file using the "Global (Hosts)" profile in the immunization facility in addition to going into Spybot » Mode » Advanced Mode » Tools » Hosts File where the facility has been for years.
Each time you add Spybot's HOSTS file to your HOSTS file a backup is take. In fact there have been complaints recently that Spybot does no have a facility to automatically delete these backups. See the following (the last one specifically refers to Spybot 1.6):
suggestions to spybot
http://forums.spybot.info/showthread.php?t=30068
Hosts file backups
http://forums.spybot.info/showthread.php?t=30392
old hostsfile backups not removed
http://forums.spybot.info/showthread.php?t=30720
_____
Is the following registry entry pointing to the proper (normal location) for the HOSTS file?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DataBasePath"=???
I do not use any specific software for the host file.
It's just regular c:\windows\system32\drivers\etc\hosts.
Well If I only knew that SB was going to write anything in the host file during its first run, I would not let him do it.So the whole point here is not correct.SB does not only protect the host file it modifies it.
BTW there is a backup in c:\windows\system32\drivers\etc\ but not of my original host file.
In the backup file the only entry is
localhost 127.0.0.1
This file is created again by SB, it is not a backup of my missing host file.
The the registry key is correct
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DataBasePath"=%SystemRoot%\System32\drivers\etc
md usa spybot fan
2008-07-17, 07:35
skoman:
In my experience when Spybot adds HOSTS file information, it backs up the HOSTS file that it finds to a file named hosts.yyyymmdd-hhmmss.backup and that backup file has modified timestamp that matches the modified timestamp of the original HOSTS file.
Then Spybot adds its information to the existing HOSTS file between comments as follows leaving the rest of the HOSTS file intact:
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
...
...
...
# End of entries inserted by Spybot - Search & Destroy
Unless you had information between similar comments, I do not believe that it was Spybot that removed the other entries from your HOSTS file.
What is the modified date (timestamp) on Spybot's hosts.yyyymmdd-hhmmss.backup file?
hosts.20080716-141632.backup and there was another backup file, just exactly the same as the host file made by SB.Totally identical.So I deleted that one.
Most of all I'm kind of sour because the information was not full at the first start of SB.As I said before it would be great if you could put a little description what SB intends to do with the hosts file - to add new entries in it .
I thought that SB is going to encrypt the host file or just to monitor it , or something like that.
Is there a way to make SB not mess around anymore with the hosts file?
I looked in the options , could not find it.
md usa spybot fan
2008-07-18, 15:56
skoman:
In the following thread Blade81 (http://forums.spybot.info/member.php?u=13686) recommended adding the MVPS HOSTS file:
Infected with flec006.exe.
http://forums.spybot.info/showthread.php?t=28860
To which you responded:
OK. I'll do what you advise me with securing my system.Thank you for the great help.
I guess that you never did that.
__________
I asked for the modified date on the backup file so you could possibly figure out from that date what actually deleted the information in your HOSTS file. But instead of providing that information, you deleted the file.
If you do not want Spybot to add its HOSTS file entries to your system's HOSTS file, uncheck the "Global (Hosts)" profile under Windows before you immunize.