Bad Hosts

Hi All, Well I 've got BlueTacks Hosts running on my box now. It seems MSAS won't run, or hangs with Bluetacks Hosts file enabled. I tried disableing, MSAS system agent, which monitors Hosts, still MSAS hangs, with Hosts system agent disabled, MSAS got to "variable browser hijack" & hung. Tried turning off the only system agent, whic said something about hijack & still no luck.

SpyBot had 12 entries redirected hosts all with 127.0.0.1. Can't figure out how to stop it from monitoring hosts.

Disable Bluetacks Hosts & both scan properly!

With BlueTack enabled, is MSAS compromised, or is real-time protection, only giving me a false sense of protection?

It seems Messrs Gates, Kolla, Bluetack should have a cup of coffee & learn to play well!

Thanks for any help with work arounds!

rico

 

Hi Rico, have you tried disabling the service:

dns client AND ipsec service?

cause those services has to be disabled/ended on my machine to use a big host.

doesn't matter if msas is on my machine or not...

you can find the services tab on the administrative tools (control panel)

you can end a lot of other processes too

 

would you try again with this in mind? so we can exclude this and search for other things

 

Hello Infinity, DNS Client was already set to manual "not started", IPSEC was auto & "started." Stopped IPSEC & set to manual. With both services off. I tried a MSAS scan, with all real time protection enabled. MSAS hung "not responding" at variable browser hijack.

Thanks
rico

 

Hello Infinity, I forgot to mention SpyBot 1.4, acts the same with both services off.



rico

 

are you using the latest "beta upgrade"? except for those redirections is any other security product pointing out a real infection?

there are some trojans that'll disable msas from working correctly but that is not host related...but this seems like a bug...

 

Hi Infinity, TrojanGuard runs in my system tray, & has not sounded off, I'll run a full scan after this post. Also as of 6/29/05 MSAS had no updates for me.

Post from "Klcgator55" at bluetack.co.uk/forum/index.php?showtopic=10062

Hello,

I should have reported this earlier. When I first started using the Hosts file everything seemed ok.

Then a few days later I ran a scan with Microsoft AntiSpyware. It had always scan with no problem and this time it hung up when it was towards the end of scanning the Files section. I kept trying and it kept hanging at the same spot.

I thought about what I had installed and changed recently and remembered the Host file.

So, I went in the Host Manager and disabled the Host file and ran a scan and it scanned perfectly. I changed back and forth a few times and every time the Hosts file was enabled my scan hung up and when I disabled the Hosts file it scanned all the way through.

I realize this is probably a problem with Microsoft AntiSpy and I would just disable the Hosts file whenever I scan and it wouldn't matter, but I like to have that program scan on it's own periodically. I can't let it scan alone because it wouldn't be able to disable the Host file on it's own.

The only support that Microsoft AntiSpy has at the moment is a Microsoft Newsgroup and it leaves alot to be desired. I contacted them in the Application Compatibility section on June the 5th.
Here is the link: http://communities.microsoft.com/newsgroup...asp?ICP=spyware

I know that program is still beta, so maybe they observed.
There has not been a response to my post, so I don't know what to think.

I thought maybe that you might like to know about this.

Thanks,

KC

NOTE of interest See Global Moderators Kimberly's response to KC.

Also no other scanner reports a problem: CA PestPatrol ver. 5, latest Adaware, MSAS also gives a clean bill of health, with Bluetacks hosts disabled.

Also if you visit Bluetack search for "rico123" no quotes to see Kimberlys response to me, as well as my comments

Thanks
rico

I'll be back after TrojanHunter finishes its scan!

 

probably you have no infection and it's the inability of msas to handle huge hostfiles...there are other programs that have/had the same problem.
spysweeper - fixed
a2 - fixed
spyblocker - fixed
msas - I haven't experienced this when I used Giant but I was not using bluetacks hostfile but another one

I guess whenever it's beta, you'll encounter this issues

 

Hi Infinity, I'm back Trojan hunter 4.x & CA PestPatrol 5.x - report clean

FYI - From TheElderGeek:

IPSEC Services Service
Service Name PolicyAgent Process Name lsass.exe
Default Settings XP Home : Automatic XP Pro : Automatic
Microsoft Service Description Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Dependencies Remote Procedure Call (RPC) IPSEC Driver
Dependencies TCP/IP Protocol Driver
Real World Description Primarily a host authentication device used with data transfer and encryption operations on a domain.
Is this service needed? Possibly
Recommended Setting:
Manual

Note Updated to reflect SP2 changes.
Normally I'd set this to No/Disable but a few reports have trickled in saying this service was needed. Until I can prove/disprove them, I've changed it to Possibly/Manual.


[ Back ] [ Up ] [ Next ]

Last Updated: 06/30/2005

Hmmm! This lost its format when pasted. Why should I keep this in manual or dis-abled.

Also SpyBot 1.4 has a problem, so says Kim with false positives. She refers me to SpyBot link. Blah Blah Blah, which seems to be saying, no standards exsists for, what domain names get added to a "hosts" file. Okay!

1. How do you set SpyBot to ignore the flagged 127.0.0.1 re-drirected hosts threats SpyBot thinks they've found.

2. Does setting SpyBot to ignore, remove a layer of defense (SpyBot) & now force me to rely on "hosts" to protect?

3. If Kim is aware of false positives as she stated with SpyBot, & other problems with other Malware apps.. It seems she or her ilk should notify the companies,

4. It seems this computer security, could use some "standards!" Note back in the old record 33 1/3 LP's. Record companies agreed the standard for playing records would be/is 33 1/3 rpm. Imagine the user complaints. If you needed many different record players to play music. This seems to be the case in computer security.

5. Also it seems that devlopers like proud parents are very protective of there products. And critism is not taken well, or they blame (defensively) that someone else is to blame. Also it seems that the proud parents want to extoll the greatness of there child, while putting on the back burner, or hiding the warts. All I've read (see replies, to "Am I Protected") that hosts, were wonderful & no problems are forseen. Well devleopers should, state problems first then, then the virtures.

I'm rambling, I'm off for my walk.

Take care & Thanks
rico

 

ah well, as long as you're happy ... it's a known bug in Spybot and apparently they are trying to fix it but ... must be complicated or they could do it in a snitch

 

Hi All,

Sorry Rico, don't want to hijack your thread but...

This may sound like a dumb question but are there any hosts files out there that have just the major baddies (you know like doubleclick). A 1.2meg file seems like a lot of overkill and how many site that I visit are going to actually be useful with that big of a file. See I told you it's going to sound like a dumb question.

Also if you want to go back to your default hosts file, how do you do that?

Thanks,

Jaws

 

Yes, there are other hostfiles available...off course there are

I bet if you take a look around @ Wilders, you can find tons of info.

http://www.mvps.org/winhelp2002/hosts.htm

this link is a good reference

bye

 

Nevermind,

MSAS & Bluetacks Hosts are indeed sympatico. I t seems that at scannning mem for variable browser hijacks, this can take along time 10min. or so. If you try & abort, close, or cntrl+alt+del (due to precieved inactivity) you get MSAS not responding. Hence Nevermind!