after i apply the hosts immunization whenever i go to any website and run a netstat in the command prompt i keep connecting to www. 007guard.com when i turn the hosts immunization off is does not connect to that site when surfing.
:banghead:
Printable View
after i apply the hosts immunization whenever i go to any website and run a netstat in the command prompt i keep connecting to www. 007guard.com when i turn the hosts immunization off is does not connect to that site when surfing.
:banghead:
Looks like you're missing the first hosts file entry for localhost 127.0.0.1, so that www. 007guard.com would be the first one pointing to 127.0.0.1 now, and netstat finds it in reverse lookup first ;)
A host file usually starts like this:
Important is the last line, which always should be the first uncommented (uncommented means not starting with the # sign) line.Code:# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
hi, im actually having same problem.
the www. 007guard.com keep getting in my netstats. scanned with many cleaner especially my trusted spybot S&D but it still there.
i used Process Explorer and see so many process have the 007guard on it.
here is 1 screenshot of my yahoo messenger process.
http://img402.imageshack.us/img402/5379/spyg.jpg
i used hijackthis, also dont see any suspicous entry.
so i checked my hosts file and see that 007guard is there on the list.
i assume my pc should be protected already. but its not.
so i used combofix, and combofix deleted the hosts file created by spybot and only leave the address 127.0.0.1 localhost
and them the problem gone.
after restarted my pc few times, i satisfied until 1 week later i downloaded latest version of spybot, update it and apply immunization.
and ther it is again. 007guard is on the list and the problem repeated again.
so what i do is, delete the 007guard from the hosts list, then its okay.
my question is, i dont know what to ask. :scratch:
but i ask anyway, why is this happening. does immunization from spybot did this? (seems like it does).
this my netstat list :
anyway, what is this 007guard anyway? how to permanently block this thing from invading my pc?Quote:
C:\Documents and Settings\bzzts>netstat
Active Connections
Proto Local Address Foreign Address State
TCP BzztsIntel:1028 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1031 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1034 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1036 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1037 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1044 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1048 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1050 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1052 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1054 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1060 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1064 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1065 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1067 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1072 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1084 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1088 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1090 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1092 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1095 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1098 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1100 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1102 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1107 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1110 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1112 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1116 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1122 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1131 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1134 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1136 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1140 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1141 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1144 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1154 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1155 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1158 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1160 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1161 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1162 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1178 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1179 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1182 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1184 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1186 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1188 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1197 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1200 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1204 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1206 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1210 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1218 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1222 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1241 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1248 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1251 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1253 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1255 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1257 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1259 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1261 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1267 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1269 007guard.com:10080 ESTABLISHED
TCP BzztsIntel:1270 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1275 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1277 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1279 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1281 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1285 007guard.com:10080 FIN_WAIT_2
TCP BzztsIntel:1287 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1289 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1291 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1293 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1295 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1299 007guard.com:10080 ESTABLISHED
TCP BzztsIntel:1301 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1303 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1313 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1337 007guard.com:10080 ESTABLISHED
TCP BzztsIntel:1338 007guard.com:10080 ESTABLISHED
TCP BzztsIntel:1381 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1383 007guard.com:10080 ESTABLISHED
TCP BzztsIntel:1389 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:1391 007guard.com:10080 ESTABLISHED
TCP BzztsIntel:4981 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:4987 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:4997 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:4999 007guard.com:10080 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1025 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1042 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1046 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1056 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1057 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1062 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1074 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1076 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1078 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1079 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1082 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1085 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1094 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1104 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1111 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1118 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1119 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1124 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1125 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1128 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1130 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1138 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1146 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1148 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1165 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1168 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1170 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1172 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1174 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1176 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1190 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1192 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1194 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1196 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1202 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1208 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1212 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1213 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1216 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1220 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1224 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1226 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1227 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1228 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1230 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1235 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1236 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1239 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1243 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1246 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1263 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1265 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1269 ESTABLISHED
TCP BzztsIntel:10080 007guard.com:1273 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1283 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1285 CLOSE_WAIT
TCP BzztsIntel:10080 007guard.com:1297 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1299 ESTABLISHED
TCP BzztsIntel:10080 007guard.com:1305 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1307 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1311 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1315 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1317 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1319 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1321 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1323 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1325 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1327 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1329 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1331 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1333 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1335 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1337 ESTABLISHED
TCP BzztsIntel:10080 007guard.com:1338 ESTABLISHED
TCP BzztsIntel:10080 007guard.com:1341 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1343 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1345 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1347 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1349 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1351 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1353 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1355 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1357 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1359 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1361 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1363 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1365 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1367 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1369 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1371 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1373 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1375 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1379 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1383 ESTABLISHED
TCP BzztsIntel:10080 007guard.com:1385 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1387 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:1391 ESTABLISHED
TCP BzztsIntel:10080 007guard.com:4983 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:4989 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:4991 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:4993 TIME_WAIT
TCP BzztsIntel:10080 007guard.com:4995 TIME_WAIT
TCP BzztsIntel:1030 www.geekstogo.com:http TIME_WAIT
TCP BzztsIntel:1032 www.bleepingcomputer.com:http TIME_WAIT
TCP BzztsIntel:1035 www.us.debian.org:http TIME_WAIT
TCP BzztsIntel:1039 rcm.amazon.com:http TIME_WAIT
TCP BzztsIntel:1040 cache.filehippo.com:http TIME_WAIT
TCP BzztsIntel:1045 social.bidsystem.com:http TIME_WAIT
TCP BzztsIntel:1049 hk-in-f99.google.com:http TIME_WAIT
TCP BzztsIntel:1051 banner.cari.com.my:http TIME_WAIT
TCP BzztsIntel:1053 rcm:http TIME_WAIT
TCP BzztsIntel:1055 forum.lowyat.net:http TIME_WAIT
TCP BzztsIntel:1061 www.imageshare.web.id:http TIME_WAIT
TCP BzztsIntel:1066 l.sharethis.com:http TIME_WAIT
TCP BzztsIntel:1068 www.google:http TIME_WAIT
TCP BzztsIntel:1069 www.google:http TIME_WAIT
TCP BzztsIntel:1071 hk-in-f99.google.com:http TIME_WAIT
TCP BzztsIntel:1073 hk-in-f99.google.com:http TIME_WAIT
TCP BzztsIntel:1086 www.board4all.cz:http TIME_WAIT
TCP BzztsIntel:1089 hk-in-f99.google.com:http TIME_WAIT
TCP BzztsIntel:1091 rcm:http TIME_WAIT
TCP BzztsIntel:1093 ac3.msn.com:http TIME_WAIT
TCP BzztsIntel:1097 bs.yandex.ru:http TIME_WAIT
TCP BzztsIntel:1099 anrtx.tacoda.net:http TIME_WAIT
TCP BzztsIntel:1101 s7.addthis.com:http TIME_WAIT
TCP BzztsIntel:1103 www.google:http TIME_WAIT
TCP BzztsIntel:kpop bleepingcomputer.us.intellitxt.com:http TIME_WA
IT
TCP BzztsIntel:1113 media.fastclick.net:http TIME_WAIT
TCP BzztsIntel:1115 pubads.g.doubleclick.net:http TIME_WAIT
TCP BzztsIntel:1117 apps.rockyou.com:http TIME_WAIT
TCP BzztsIntel:1123 forum.xda:http TIME_WAIT
TCP BzztsIntel:1133 z.about.com:http TIME_WAIT
TCP BzztsIntel:1135 images.adsyndication.msn.com:http TIME_WAIT
TCP BzztsIntel:1137 www.gravatar.com:http TIME_WAIT
TCP BzztsIntel:1142 bs.yandex.ru:http TIME_WAIT
TCP BzztsIntel:1143 bs.yandex.ru:http TIME_WAIT
TCP BzztsIntel:1145 rd.apmebf.com:http TIME_WAIT
TCP BzztsIntel:1156 forums.majorgeeks.com:http TIME_WAIT
TCP BzztsIntel:1157 cdn.at.atwola.com:http TIME_WAIT
TCP BzztsIntel:1159 geekstogo.us.intellitxt.com:http TIME_WAIT
TCP BzztsIntel:1163 blog.taragana.com:http TIME_WAIT
TCP BzztsIntel:1164 up.nytimes.com:http TIME_WAIT
TCP BzztsIntel:1166 media.fastclick.net:http TIME_WAIT
TCP BzztsIntel:1180 d13.zedo.com:http TIME_WAIT
TCP BzztsIntel:1181 bleepingcomputer.us.intellitxt.com:http TIME_WA
IT
TCP BzztsIntel:1183 d13.zedo.com:http TIME_WAIT
TCP BzztsIntel:1185 ai.pricegrabber.com:http TIME_WAIT
TCP BzztsIntel:1187 bs.yandex.ru:http TIME_WAIT
TCP BzztsIntel:1189 www.google:http TIME_WAIT
TCP BzztsIntel:1199 up.nytimes.com:http TIME_WAIT
TCP BzztsIntel:1201 cdn.at.atwola.com:http TIME_WAIT
TCP BzztsIntel:1205 apps.rockyou.com:http TIME_WAIT
TCP BzztsIntel:1207 www.google:http TIME_WAIT
TCP BzztsIntel:1211 wwp.icq.com:http TIME_WAIT
TCP BzztsIntel:1219 m1.2mdn.net:http TIME_WAIT
TCP BzztsIntel:1223 www.is1.clixgalore.com:http TIME_WAIT
TCP BzztsIntel:1242 geekstogo.us.intellitxt.com:http TIME_WAIT
TCP BzztsIntel:1249 www.google:http TIME_WAIT
TCP BzztsIntel:1252 ty-in-f118.google.com:http TIME_WAIT
TCP BzztsIntel:1254 www.is1.clixgalore.com:http TIME_WAIT
TCP BzztsIntel:1256 z:http TIME_WAIT
TCP BzztsIntel:1258 status.icq.com:http TIME_WAIT
TCP BzztsIntel:1260 pubads.g.doubleclick.net:http TIME_WAIT
TCP BzztsIntel:1262 status.icq.com:http TIME_WAIT
TCP BzztsIntel:1268 ty-in-f118.google.com:http TIME_WAIT
TCP BzztsIntel:1271 social.bidsystem.com:http ESTABLISHED
TCP BzztsIntel:1272 pubads.g.doubleclick.net:http TIME_WAIT
TCP BzztsIntel:1276 sitecheck2.opera.com:http TIME_WAIT
TCP BzztsIntel:1278 status.icq.com:http TIME_WAIT
TCP BzztsIntel:1280 blog.taragana.com:http TIME_WAIT
TCP BzztsIntel:1282 pubads.g.doubleclick.net:http TIME_WAIT
TCP BzztsIntel:1286 sitecheck2.opera.com:http FIN_WAIT_1
TCP BzztsIntel:1288 status.icq.com:http TIME_WAIT
TCP BzztsIntel:1290 ty-in-f118.google.com:http TIME_WAIT
TCP BzztsIntel:1294 ty-in-f113.google.com:http TIME_WAIT
TCP BzztsIntel:1296 www.assoc:http TIME_WAIT
TCP BzztsIntel:1300 social.bidsystem.com:http ESTABLISHED
TCP BzztsIntel:1302 s4.histats.com:http TIME_WAIT
TCP BzztsIntel:1304 hk-in-f99.google.com:http TIME_WAIT
TCP BzztsIntel:1310 hk-in-f99.google.com:http TIME_WAIT
TCP BzztsIntel:1314 pubads.g.doubleclick.net:http TIME_WAIT
TCP BzztsIntel:1339 media.socialreach.com:http ESTABLISHED
TCP BzztsIntel:1340 media.socialreach.com:http ESTABLISHED
TCP BzztsIntel:1382 login.router:http TIME_WAIT
TCP BzztsIntel:1384 www.safer:http ESTABLISHED
TCP BzztsIntel:1390 fastspeedtest.net:http TIME_WAIT
TCP BzztsIntel:1392 www.kushari.org:http ESTABLISHED
TCP BzztsIntel:4982 neutrino.cpp.in:http TIME_WAIT
TCP BzztsIntel:4988 z.about.com:http TIME_WAIT
TCP BzztsIntel:4998 www.rslinks.org:http TIME_WAIT
TCP BzztsIntel:5000 scenereleases.info:http TIME_WAIT
C:\Documents and Settings\bzzts>
Hello,
It does not actually connect to that site.
Seems like your netstat has a look what its written in the restricted zones and the host file.
By the immunization of Spybot - Search & Destroy the baddies are blocked.
That means that the sites where the baddies come from are added to the restricted zones in order to block them.
So 007guard is added to the restricted zones in order to block it.
Best regards
Sandra
Team Spybot
thanks for your reply. however i still not satisfy.
my next question :
1- do u mean everything is okay? that UDP/TCP to www. 007guard.com is safe?
2- how to get rid of this situation? (if u can help find solutions).
becoz my other compewter are all okay and dont hav this problem. (and i hate to format my pc).
thanks again. :red:
I get the same connected to 007guard thing, and yes, 127.0.0.1 localhost is the first entry in the hosts file.
What is going on here?
Is there a connection or not? Netstat and IE properties TCP/IP connections say there is a connection.
There is a connection - to 127.0.0.1.
It is not a connection to 007guard.com though - that's a misinterpretation by netstat, displaying just a "random" (possible last?) 127.0.0.1 entry and not the first from the hosts file.
Connections to 127.0.0.1 are "to" your local machine - a loop redirection to block access to the actual address of specific bad hosts (like 007guard.com).
Without the hosts file entry, access to 007guard.com would lead to the real bad server, with this, access will be kept "inside" your machine and will enter the nirvana. Since there are many such sites, programs that use the IP address (127.0.0.1) to later display an associated domain (007guard.com) might show invalid names, since there are many and its impossible to find the correct one. Usually, access to 127.0.0.1 would be legit "local" communication.
I understand and like what Spybot Search & Destroy is doing in my host file. Problem is I need to track the connected IPs to my machine. Why would they not make 127.0.0.1 localhost the first in the host list. I want to change to have it as the first entry. I tell it to not protect my host file, so I can change it, but I still can not modify it. I know that I can boot Windows 7 in safe mode and change it but:
- Why can I not change the host file with out going in to safe mode (reboot twice) just to do this.
- I have done this in the past but SS&D insists on modifying it back to there on list. I do not want this to happen if it is so hard to put the local host address as the first entry.
Again I need to see the connected IP address via Windows 7 Resource Monitor.
Just frustrating... :mad:
Hi all,
Sorry to contribute to this thread so late. I have found some information that might be relevant.
On Windows 7, localhost resolution has been moved to the DNS. Therefore, it no longer appears as first line of the HOSTS file.
http://serverfault.com/questions/468...dns-itself-why
When you apply Spybot's Immunization on Windows 7, the first few lines of your HOSTS file are
Code:# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
As you can see, the first uncommented line corresponds to www.007guards.com, which is what netstat displays.
In order to avoid potential problems in the future, You should not add "localhost" as first uncommented line in your HOSTS file.
But what you can do is add a custom line (the line in bold below) in your HOSTS file, like
By doing this, netstat will no longer display www.007guard.com.Code:# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 localhost_NAME_OF_MY_COMPUTER
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com