Sponsor for PC Pals Forum

Author Topic: Hosts file hijack?  (Read 2189 times)

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Hosts file hijack?
« on: March 09, 2009, 21:49 »
I've just had my very first alert from Windows Defender, saying I've had a possible Hosts file hijack:

Quote
Category:
Settings Modifier

Description:
This program has potentially unwanted behavior.

Advice:

Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
file:
C:\WINDOWS\system32\drivers\etc\hosts
 

I opted to 'Clean' the file, which WD reports it has done sucessfully, however, when I now open the Hosts file in Notepad, I get the following:

Quote
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

Is this normal?  I thought it was supposed to contain actual settings, not what appears to be a 'sample'.  Can anyone clarify, please?
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline topquark

  • Regular Member
  • **
  • Posts: 49
Re: Hosts file hijack?
« Reply #1 on: March 09, 2009, 22:09 »
That's fine Simon, the only reason for putting anything in the hosts file is if you want it to resolve without the aid of a nameserver.  Often used for things on your local network.
Reverse the polarity, it'll be fine !

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re: Hosts file hijack?
« Reply #2 on: March 09, 2009, 22:13 »
Thanks, Martin.  I'm still curious as to how / why it's been changed, though, as I'm sure it had 127.0.0.1 localhost in there before.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline topquark

  • Regular Member
  • **
  • Posts: 49
Re: Hosts file hijack?
« Reply #3 on: March 09, 2009, 22:23 »
Yes, on windows you can either find it blank or with a 127.0.0.1 localhost setting (either is fine).

On linux it'll be something like:

Code: [Select]
127.0.0.1 localhost
127.0.1.1 ##.#####.eu ##

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Reverse the polarity, it'll be fine !

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re: Hosts file hijack?
« Reply #4 on: March 09, 2009, 22:32 »
Thanks again, Martin, that's reassuring.  I'm starting to suspect a false alert from Windows Defender, as nothing else has found anything.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Re: Hosts file hijack?
« Reply #5 on: March 10, 2009, 00:20 »
I told you he was good Simon  ;D

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re: Hosts file hijack?
« Reply #6 on: March 10, 2009, 10:22 »
Yes, we must lock the doors to stop him escaping.  ;)
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Rik

  • Former Admin
  • *****
  • Posts: 26506
  • Ceud mille failte
Re: Hosts file hijack?
« Reply #7 on: March 10, 2009, 10:26 »
What's wrong with leg shackles like the rest of us? ;D
Slainthe!

Rik

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re: Hosts file hijack?
« Reply #8 on: March 10, 2009, 11:16 »
What do you mean, 'the rest of us'?  That's just you!  ;D
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Rik

  • Former Admin
  • *****
  • Posts: 26506
  • Ceud mille failte
Re: Hosts file hijack?
« Reply #9 on: March 10, 2009, 12:18 »
Now you tell me. ;D
Slainthe!

Rik

Offline topquark

  • Regular Member
  • **
  • Posts: 49
Re: Hosts file hijack?
« Reply #10 on: March 10, 2009, 16:55 »
You can always check and see what's active if you are seeing activity on your local net ... for example on windows/linux you can use "netstat" (in a command/shell prompt) to list out the active sockets on the system and check any "rogue" entries you find (IP addresses you don't recognize from browser activity for example).  There are various options you can use, so see what suits you.
Reverse the polarity, it'll be fine !


Show unread posts since last visit.
Sponsor for PC Pals Forum