View Full Version : Spybot try to access techbrowsing.com
sutandylaurus
2017-08-16, 11:12
Hi, I look at the Resource Monitor and take the screen capture :
12951
how to stop SPTray.exe and SDFSSvc.exe accessing the techbrowsing.com ?
I see on your resource monitor it says IPv4 loopback under TCP connections, Local Address. So I'll refer you to the wikipedia article on localhost:
https://en.wikipedia.org/wiki/Localhost
Particularly this line from it:
On most computer systems, localhost resolves to the IP address 127.0.0.1, which is the most commonly used IPv4 loopback address, and to the IPv6 loopback address ::1.
Okay, so when Spybot immunizes your hosts file, it uses the 127.0.0.1 address. I saw an article a bit ago about that, I'll link you to it:
https://www.safer-networking.org/2017/hosts-file-news/
I don't want to overwhelm you with links, but the link above should explain how hosts file immunization works.
So, when I open my own resource monitor and open Spybot, I see www(dot)007guard(d0t)com where you see techbrowsing.com. I see that presumably because www(dot)007guard(d0t)com is the very first entry that Spybot adds to the hosts file, and that's no cause for concern.
However, yours says techbrowsing.com, and I'm not sure why. When I looked through the entries in my own hosts file, I couldn't find techbrowsing in the hosts file as an entry placed by Spybot. Even if it were there, it's strange that yours also does not start with www(dot)007guard(d0t)com like mine does. When I removed all Spybot hosts file immunization from the hosts file, then added 127.0.0.1 techbrowsing manually myself then mine showed in Resource Monitor like yours did. Is there any chance you don't have the hosts file immunized by Spybot, and you added in the techbrowsing entry in the hosts file yourself to block the site? :)
sutandylaurus
2017-08-18, 04:34
I see on your resource monitor it says IPv4 loopback under TCP connections, Local Address. So I'll refer you to the wikipedia article on localhost:
https://en.wikipedia.org/wiki/Localhost
oh, this is the IPv4 loopback.
Particularly this line from it:
Okay, so when Spybot immunizes your hosts file, it uses the 127.0.0.1 address. I saw an article a bit ago about that, I'll link you to it:
https://www.safer-networking.org/2017/hosts-file-news/
I don't want to overwhelm you with links, but the link above should explain how hosts file immunization works.
So, when I open my own resource monitor and open Spybot, I see www(dot)007guard(d0t)com where you see techbrowsing.com. I see that presumably because www(dot)007guard(d0t)com is the very first entry that Spybot adds to the hosts file, and that's no cause for concern.
However, yours says techbrowsing.com, and I'm not sure why. When I looked through the entries in my own hosts file, I couldn't find techbrowsing in the hosts file as an entry placed by Spybot. Even if it were there, it's strange that yours also does not start with www(dot)007guard(d0t)com like mine does. When I removed all Spybot hosts file immunization from the hosts file, then added 127.0.0.1 techbrowsing manually myself then mine showed in Resource Monitor like yours did. Is there any chance you don't have the hosts file immunized by Spybot, and you added in the techbrowsing entry in the hosts file yourself to block the site? :)
Yes, you right, few years early, my browser infected with some kind of ware that open the techbrowsing.com when I open new tab, so I add it manually to the hosts file to stop accessing the real website.
So, you already solved this, this is because I add manually to hosts file (so the techbrowsing.com is the first line), and then just immunize later with SpyBot S&D later (the SpyBot Hosts file added behind techbrowsing.com)
Thank you very much, you are really helpful :)