View Full Version : Question about immunization on Windows 2000
I'm running Spybot 1.6.2 on Windows 2000. I recently got infected with some malware which modified the hosts file by adding some obviously bad entries.
Spybot detected the malware and removed parts of it but not all of it. Malwarebytes removed the rest of it and the system is free of signs of infected from this malware.
After re-running Spybot and immunizing the system, I noticed two things:
1) Spybot detected (and removed) a number of bad entries from the hosts file.
2) The hosts file is NOT listed in the list of items Spybot will immunize and the hosts file still has some bad entries in it.
Now, I'm going to manually fix the hosts file but my question is: why isn't the hosts file being immunized by Spybot now?
Thanks!
Peace...
spybotsandra
2010-05-26, 16:59
Hello,
What exactly did detect Spybot? Are you sure that those are items from the host list?
Spybot itself adds sites to the host file in order to block it.
By the immunization of Spybot - Search & Destroy the baddies are blocked.
That means that the sites where the baddies come from are added to the restricted zones in order to block them.
Best regards
Sandra
Team Spybot
What exactly did detect Spybot?The "My Security Engine" rogue.
Are you sure that those are items from the host list?Yep. I saw redirections of various Google and Yahoo domains to the same IP address.
Spybot itself adds sites to the host file in order to block it. Yep and those entries were actually removed (believe it or not :)).
By the immunization of Spybot - Search & Destroy the baddies are blocked.
That means that the sites where the baddies come from are added to the restricted zones in order to block them.
What I'm seeing now is Spybot is NO LONGER updating the hosts file and when I go to the Immunization area in Spybot, the hosts file no longer appears at the bottom of the list of things it will immunize.
I'm thinking I'll need to re-install Spybot to get this functionality back.
Peace...
Spybot S&D hasn't been immunizing the hosts file for new installs for some time now. Read the following for more.
http://forums.spybot.info/showthread.php?p=267330#post267330
Also, since Microsoft will stop supporting Windows 2000 as of July 13th, 2010 you should probably be considering either an upgrade or taking that PC out of service as soon as possible. Once Security updates are no longer available it becomes impossible for any security software to truly protect an operating system effectively.
http://support.microsoft.com/ph/1131/en-us#tab0
Bitman
Spybot S&D hasn't been immunizing the hosts file for new installs for some time now. Read the following for more.
http://forums.spybot.info/showthread.php?p=267330#post267330
Thanks for the info. I saw that thread was dating back to 2008 and I installed Spybot 1.6.2 on Windows 2000 earlier this year. In fact, it was only after this recent incident did I notice the hosts file wasn't being touched. The hosts file I have does show the Spybot starting and ending lines that surround the hosts file entries it added.
Also, since Microsoft will stop supporting Windows 2000 as of July 13th, 2010 you should probably be considering either an upgrade or taking that PC out of service as soon as possible. Once Security updates are no longer available it becomes impossible for any security software to truly protect an operating system effectively.
Fortunately, I run Windows 2000 in a virtual test environment so it's not my primary OS. :)
Peace...