View Full Version : Spybot S&D configuration
July 17th, 2003, 06:09 PM
When I click on the icon "immunize", there is a section in the bottom
"Recommended miscallaneous protection".
I put a check mark in the box "Lock Hosts file read-only as protection against hijackers". Now every time I close Spybot S&D and re-open it, the check mark is gone!
July 17th, 2003, 08:49 PM
I have SpyBot but I don't use the tools listed under Immunize.
Have you tried the Spybot forum?
I'll put a link below.
July 18th, 2003, 06:23 AM
Thank you for the link . :)
July 18th, 2003, 10:16 PM
I'm glad the link helped you.
There is a link to the Spybot forum by following this path in the Spybot console also:
July 20th, 2003, 08:04 PM
I'm wondering if you have any other tools that act upon or scan the Hosts file? For example, running HijackThis (http://www.tomcoyote.org/hjt/) appears to clear the Read-only flag on the Hosts file. I'm sure there must be other tools that do this, as well.
This protection from this option in Spybot S&D's Immunize screen is provided simply from setting the read-only file attribute, which is really just a flag on the file's directory entry. Spybot doesn't attempt to maintain this setting with any active guard feature, so if something comes along after (even immediately after Spybot has set this flag) and overrides this setting, the protection is gone until you reset it.
Ideally, you'd want to find out what else is running on your system that is accessing and resetting the file attributes on the Hosts file. It would just be good to know.
Just as an aside, effectively what Spybot is doing is equivalent to this DOS command when to check that box on the Immunize screen:
attrib +r C:\WINNT\system32\drivers\etc\Hosts
July 20th, 2003, 08:57 PM
My HOSTS file is also not set as read-only.....
I consider my HOSTS file as too important, that's why I have added it to my three "file-integrity-checkers":
1- in TDS-3 crcfiles.txt
3- ADinf32 Pro
In this way I will be at least get an alert in case it is changed.
You could also add it too your FileChecker from JavaCool.
My personal opinion: use any kind of "file-integrity-checker" and add your HOSTS file to its database, so you will be notified in case it might have been changed (that could be the case if you yourself changed it, but it could also be the case if some "nasty" did that....).
On my Windows 98 SE system it is here:
July 21st, 2003, 04:54 AM
Lots of legitimate programs change your hosts file.
I tried with AdAware, but that returned the read only attribute after changing the offending entry.
July 21st, 2003, 07:14 AM
Thanks to all of you for your suggestions.
I will make some tests when I have time to find out which program or application is changing my host file. :)
July 21st, 2003, 08:19 AM
Try going into 'settings' then under 'main settings' check the box next to 'save all settings'.
I just tried it with mine & the box you mentioned remained checked. :)
July 21st, 2003, 10:20 AM
I had tried that before "save all settings" and it didn't do the trick.
But I found the culprit, thanks to LouWaterMark :) It is HijackThis that is clearing the Read-only flag on the Hosts file.
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums