Results 1 to 3 of 3

Thread: Hosts File - Browser Redirects XP/IE

  1. #1
    Junior Member
    Join Date
    Apr 2010
    Posts
    4

    Default Hosts File - Browser Redirects XP/IE

    Browser Redirects XP/IE


    In my XP Hosts file [1] I find the following “loopbacks” apropos Spybot [2] and AVG [3].


    Code:
    127.0.0.1	www.spybot.ca
    127.0.0.1	spybot.ca
    127.0.0.1	www.spybotseekanddestroy.com
    127.0.0.1	spybotseekanddestroy.com
    Code:
    127.0.0.1	www.avg.grab-it-today.net
    127.0.0.1	avg.grab-it-today.net
    127.0.0.1	www.avg.softwarecenterz.com
    127.0.0.1	avg.softwarecenterz.com
    127.0.0.1	avg-secure.com
    127.0.0.1	www.avg-secure.com

    My understanding was Hosts File entries were/are inserted by spybot to foil malware attempts to redirect
    the browser (e.g., iexplore) to unwanted sites. [4]

    Could someone shed some light as to why these spybot and avg ‘loopbacks’ are included
    in the hosts file?



    [1] C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    %SystemRoot%\system32\drivers\etc\

    [2] Spybot Search & Destroy 1.6.0

    [3] AVG-Free 8.0.176

    [4] “The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local (your) machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.”http://www.mvps.org/winhelp2002/hosts.htm

  2. #2
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi pilgrym,


    Quote Originally Posted by pilgrym View Post
    Could someone shed some light as to why these spybot and avg ‘loopbacks’ are included
    in the hosts file?
    I'll try it...


    Quote Originally Posted by pilgrym View Post
    My understanding was Hosts File entries were/are inserted by spybot to foil malware attempts to redirect
    the browser (e.g., iexplore) to unwanted sites. [4]



    Quote Originally Posted by pilgrym View Post
    Code:
    127.0.0.1	www.spybot.ca
    127.0.0.1	spybot.ca
    127.0.0.1	www.spybotseekanddestroy.com
    127.0.0.1	spybotseekanddestroy.com
    Code:
    127.0.0.1	www.avg.grab-it-today.net
    127.0.0.1	avg.grab-it-today.net
    127.0.0.1	www.avg.softwarecenterz.com
    127.0.0.1	avg.softwarecenterz.com
    127.0.0.1	avg-secure.com
    127.0.0.1	www.avg-secure.com
    These entries are fake spybot and avg sites. You can check these sites with Web of Trust for example as well. These sites can contain Malware.


    Quote Originally Posted by pilgrym View Post
    [2] Spybot Search & Destroy 1.6.0
    I would like you to uninstall Spybot 1.6.0
    After that, reboot your computer, delete all leavings and download a newer version from here.


    [3] AVG-Free 8.0.176
    Is there a reason, why you don't have AVG 9.x installed?

    Be sure that your (security) tools are always up to date!


    Hope that helps...
    Last edited by Matt; 2010-06-12 at 13:12.
    Best regards - Beste Grüße,

    Matt

  3. #3
    Junior Member
    Join Date
    Apr 2010
    Posts
    4

    Default

    Matt:

    … “fake sites”. That answers my Q.

    Older versions SB & AVG… short answer is: I installed Debian GNU/Linux on separate HD a
    few years ago. Since then, I’ve only fired up XP-Home (SP2 ?) a couple of times.

    I’m years behind all the updates. I can’t even access Windows Updates for some reason… a perilous state to be in. I took a boo at what it might take to regain access. But AFAICT, it looks like too much
    time & effort to maintain an OS MS doesn’t support anymore. “Network Diagnostics” says there doesn’t
    appear to be any problem with my network connection to http://go.microsoft.com/fwlink/?LinkId=148275 or any other link to the Windows Update repos. But, my IE7 alerts with irritating consistency: “Internet Explorer cannot display the webpage(s)”.

    Similarly, SB auto update stopped working sometime or other. I d/l the manual updates. Given that I’m disinclined to spend a lot of time figuring out the exigencies of maintaining security s’ware that is superfluous on Debian, it’s a good bet further research might reveal my depreciated v. of SB is the reason my auto-update stopped working.

    That said, my rule of thumb has been that updating and patching W-XP is a 'conditio sine qua non' for d/l programs and apps from the internet; including security s'ware.

    You’ve answered my Q, and I hope my providing a little background isn't taken as provokation to start a debate on the relative merits of MS vs. Open Source. I’m not technically qualified and the missus has long 'ere advised (beaten it into) me that I'm not to express opinions without vetting them through her.

    A sincere thanks for your thoughtful, complete, and well-reasoned reply.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •