Does Spybot compile a list of bad sites in the windows HOSTS file?

In addition to Spybot I also run "Trojan Remover". They've both worked happily for as long as I can remember but today (after an update) I have an alert off that app about "malicious entries in the hosts file"

Having looked at my hosts file in notepad those entries have allegedly been made by Spybot, so I'm wondering if its a false positive from "Trojan Remover" (www.simplysup.com) or whether I have actually been compromised somehow.

Yes,it does when you Immunize,to help protect your computer.There's more of an explanation here:
http://www.safer-networking.org/en/dictionary/hostsfile.html

Any entries added to hosts by Spybot are in between these comments:
# Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2008 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy

And have the 127.0.0.1 in front of them,as you probably noticed when you looked in notepad.:
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 007guard.com
127.0.0.1 008i.com

↑Listed the above two,just as an example.↑

Ah thanks. Thats exactly what I have. It looks like the last update to "Trojan Remover" has meant that it gets the wrong idea about all those entries then.

Thanks for confirming what I already suspected.

You're welcome. :)

Hi,
i'm looking for the "Hosts" file in Windows 7 but it's no more at
"C:\Windows\System32\Drivers\Etc\Hosts", like it was on other Win versions.

Could please somebody explain me where do i find the similar file in $even ?
Thanx by advance.

Hello,

I have added Spybot's list of bad websites my hosts file.

I noticed that there are many double entries such as

127.0.0.1 www.70-music.com
127.0.0.1 70-music.com

My questions are....

1. What is the reason for these double entries?
2. Are these double entries nessesary?
3. Can I delete all of the entries with "www." and still be protected properly?

It seems to me that all of the entries with "www." in front of them are just unnessesarily adding to the size, of the already too big, hosts file, but I could be wrong.

I'm trying to make my hosts file as small as possible, without sacrificing security, in order to speed up connection times.

Thanks,

Lifeblood

Hi,
i'm looking for the "Hosts" file in Windows 7 but it's no more at
"C:\Windows\System32\Drivers\Etc\Hosts", like it was on other Win versions.

Could please somebody explain me where do i find the similar file in $even ?
Thanx by advance.



Try showing hidden Files and Folders temporarily,then you should see the Hosts file in it's normal location:
http://www.bleepingcomputer.com/tutorials/tutorial151.html

Hi.
Try showing hidden Files and Folders temporarily,then you should see the Hosts file in it's normal location
Thank You very much, but,
I'm using Total Commander instead of Window$ file manager. I can see all hidden files and directories.
There is no ..\ETC directory in my ..\Windows\..

A search for "Hosts" in c:\windows have only one successful found at:
c:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\
But it is empty (or just with an example, like always was).

I'm just curious to know where are the entries inserted by Spybot - Search & Destroy in Seven.
Thanx.

I'm just curious to know where are the entries inserted by Spybot - Search & Destroy in Seven.
OK, got it. It's very well hidden. :clown:

Glad you found it. :)

Glad you found it. :)
Yes, but it is empty too...

I had to add all those entries, from a Vista computer, by myself
"# Start of entries inserted by Spybot - Search & Destroy"
"..." Quite a lot of URLs.

What path did you find the hosts file at?
Was it this one? C:\Windows\System32\Drivers\Etc\Hosts

If you rightclick Spybot,select run as admin,then click Immunize and scroll down,does it show the Hosts file as Protected?

Hello.
What path did you find the hosts file at?
Was it this one? C:\Windows\System32\Drivers\Etc\HostsYes.

If you rightclick Spybot,select run as admin,then click Immunize and scroll down,does it show the Hosts file as Protected?I see,
Global (Hosts) Unprotected 1898 - Protected 10594
After an "Apply passive protection", all are now protected.

(Win7 Pro 64 bits)

hm....
I guess on 64 bit versions of Windows,there are two system32 directories,i.e.
both system32 and SysWOW64.
However,according to this link (http://blogs.sepago.de/helge/2009/06/04/where-is-the-hosts-file-on-windows-x64/) ,there is only one hosts file present on 64-bit Windows 7,and it is located at %systemroot%\system32\drivers\etc.
So,I'm not sure why yours didn't originally have the Spybot entries in it,if you'd immunized the hosts file.

Could you look in C:\SysWOW64\drivers,and if there is an etc folder,could you see if there is a hosts file in it?

I guess on 64 bit versions of Windows,there are two system32 directories,i.e.
both system32 and SysWOW64.
However,according to this link (http://blogs.sepago.de/helge/2009/060/04/where-is-the-hosts-file-on-windows-x64/) ,there is only one hosts file present on 64-bit Windows 7,and it is located at %systemroot%\system32\drivers\etc.That's right.

Could you look in C:\SysWOW64\drivers,and if there is an etc folder,could you see if there is a hosts file in it?No hosts file there, has stated in your link.
There is another hosts file, as stated in message #8, but I guess it doesn't have any interest to us.
(they are thousand of unnecessary files in windows :mad:)

Ok,good. :)
I don't know why there is another hosts file at c:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\,and can't find much info,but from what I can gather on it,looks like that is normal.

You could unimmunize the hosts file,then check to see if the Spybot entries in the hosts file at %systemroot%\system32\drivers\etc were removed,then reimmunize and see that the Spybot entries were readded,if you want.
If they aren't readded there,don't worry too much.I'm not that familiar with Windows 7 yet,perhaps there might be a reason the Spybot entries are not added there.

Hi Zenobia, thank you to give some of your time on my concern.
If they aren't readded there,don't worry too much.I'm not that familiar with Windows 7 yet,perhaps there might be a reason the Spybot entries are not added there.Well, I don't worry, 'cause I have my solutions. ;)
I just wanted to add a line by hand on this file ("127.0.0.1 google-analytics.com") and I found out it was not possible in this Windows version, although it was possible in previous versions.

$even is apparently even more "secure" (maybe for idiots ?) as Vista was.
You have to do the edition job in 'secure mode', then it works fine.

You're welcome. :)

You have to do the edition job in 'secure mode', then it works fine.

You could also run notepad as admin to be able to edit the Hosts file in Windows 7. :)