hi - i did a search on my machine expecting to find one HOSTS file and instead found several.... (nothing is ever simple in windows) HOSTS c:\Documents and Settings\Bill Bailey\Application Data\WinPatrol HOSTS c:\Windows\I386 LMHOSTS.SA_ c:\Windows\I386 hosts c:\Windows\system32\drivers.... (note displayed as hosts instead of HOSTS?) lmhosts.sam c:\Windows\system32\drivers.... does anyone know why i have so many and which one is the one i should be updating?
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC Win 98\ME = C:\WINDOWS Hope that helps
hi maybe I can shed a lil light on this as host files is a subject I'm quire familiar with ok first lmhosts.sam c:\Windows\system32\drivers.... .sam isn't a host file really its a sample file and can be binned next I googled LMHOSTS.SA_ c:\Windows\I386 and that's appears to be a Win 2000 Server Setup File so you can ignore that one ok so that leaves HOSTS c:\Documents and Settings\Bill Bailey\Application Data\WinPatrol HOSTS c:\Windows\I386 hosts c:\Windows\system32\drivers.... what you need to do here is to check to the contents of these 3 files by opening them in a text edditor should look something like this 127.0.0.1 localhost 127.0.0.1 pop3.norton.antivirus 127.0.0.1 pop3.spa.norton.antivirus once you have checked the contents of the 3 files are satisfied that there legitimate host file and not ones placed there by malware you need to get a tool like this one http://www.aldostools.com/hosts.html and merge the 3 host file in to 1 file once done save the new file to one of the following locations depending on the system you are running Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC Win 98\ME = C:\WINDOWS then it should be ok to delete the other 3 host files however that being said if you aren't sure whether there ok to bin zip them up in a zip file for safe keeping and then place them to one side now you should only have 1 host file and you can just modify and update that one also if you like I can pm you a download link for a host file that is somewhere in the region of 30,000 entries in size this is a host file I have made up from other host files that are publicly available at places like http://accs-net.com/hosts/get_hosts.html or http://www.mvps.org/winhelp2002/hosts.htm hope this helps
One additional hint: I use the hosts file from www.mvps.org but experienced a lot of time-out error messages under WinXP. These time-outs vanished after I replaced all 127.0.0.1 entries with 0.0.0.0 (with the exception of localhost, of course!). Worth a try if somebody experiences the same problem.
hi Bethrezen - thanks very much for taking the time to reply - i had a look at the three hosts files and they are all empty and have the same sample file.... ******************************************************** # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ******************************************************** i have winpatrol installed and i know that guards the hosts file i wonder which one it thinks it's guarding? - i will try a few tests to try and determine which one it responds to. as you say it should be the one located in windows\system32. i think you have given me enough information now to hopefully resolve this - if i need your link i will get in touch. thanks again - i appreciate your help.
It might be interesting to read this as background information. http://castlecops.com/article-5660-nested-0-0.html Especially the remark about large hosts files
If you are really interested in Hosts Files and want to build your own hosts file, manually or automatically, download this software : HostsMan v2.1 http://hostsman.abelhadigital.com/ Especially designed for less-knowledgeable users : very simple and very practical. You won't regret it.
ok i figured it out - the one with the winpatrol suffix is a backup copy taken by winpatrol used to compare for changes and restore the main hosts file if it is changed.
hi glad i could be of asstance if all 3 host files are just copys of the ms sample file then ya can get rid of them as there not requierd also as a side note you may wanna have a look at this http://spyblocker-software.com/IPB/index.php?showtopic=2023 its a guide i produced from meany sources of infomation from around the web and with the help of meany here at wilders to help prople clean and secure there computers if you scrole down you will find a section on host files that may be of some intrest to you however before using a host file you should be aware of this bug in Windows 2000/XP Pro
thanks Betrezen - i will need to keep the winpatrol one as winpatrol needs it to monitor the main hosts file. thanks again for all the interesting reading.
Toploader, Thanks for the link, a very good one. Besides that, I always heard that the Windows Hosts File, wasn't created to protect users against visiting infected websites. This host file had another purpose, but I don't know the technical reasons for this. It's no secret that very large hosts files can cause problems. They only problem I know is MSAS, which has a very long scan time, when the hosts file is too large. I only wonder why M$ didn't develop a special database without limitations (other than Hosts file) after all these years, to protect users against infected websites. IE-SPYAD is only for MSIE and I want one that is usefull for any kind of browser and any kind of application without any problems. I would never use a .txt-file as a database of malicious websites, because databases are alot better than .txt files and Windows Hosts File is just a .txt-file without the extension "txt".
Hi Erik, The link you posted earlier to Castlecops with the below info etc will be very useful to those that don't know how to resolve it. OnlineArmor also has an issue with a large HOSTS file, but they are working on it as usual ! . . . In most cases a large HOSTS file tends to slow down the machine. However, this only happens in Windows 2000 and XP. Windows 98/se and ME are not affected. To resolve this issue open the "Services Editor" Start > Run (type) "services.msc" (no quotes) Scroll down to "DNS Client", Right-click and select: Properties Click the drop-down arrow for "Startup type" Select: Manual, click Apply/Ok and restart. StevieO
Thanks StevieO, but I know about this for quite some time and I stored all that info even on CD and I did all that and it didn't improve anything. When you want VERY FAST ACCESS to databases, you don't use txt-files, because databases, don't work with text-lines, they work with RECORDS. Cheers
hi Erik - i found the last link in the Faq interesting (HOSTS File Myth).... Myth - "Special AntiSpyware Hosts Files are necessary to prevent Spyware infections." Reality - "Hosts Files are False Security. Any Malware/Spyware can easily modify the Hosts File at will, even if it is set to Read-only. Frequently Malware/Spyware uses the Hosts File to redirect you Web Browser to other sites. CoolWebSearch hijackers are masters at altering Read-only ("locked down") Hosts files. They can also redirect Windows to use a Hosts File that has nothing to do with the one you keep updating. The Hosts file is an archaic part of networking setups that was originally meant to be used on a LAN and was the legacy way to look up Domain Names on the ARPANET - DNS History. It tells a PC the fixed numeric address of the internal server(s) so the PC doesn't have to go looking for them through all possible addresses. It can save time when "discovering" a LAN. I don't consider 1970's ARPANET technology useful against modern Malware/Spyware. Special AntiSpyware Hosts Files attempt to associate a known safe, numeric address with the names of sites you want to block. When the user or any process on the PC then tries to access a blocked site, it is instead directed to the safe location. This works as long as the site's numeric IP address never changes. But IP addresses do change and they're supposed to be able to. The Web operates via "dynamic" naming, where a human friendly name (www.google.com) is actually an alias for the real address, which is numeric. The numeric address can and will change from time to time as a site or server is moved or reconfigured. People with out-of-date addresses hardwired into their Hosts File will no longer be able to connect to any site whose numeric address has changed. The Hosts entry will permanently point them to a dead location! It's almost impossible to update a Hosts file frequently enough to guard against all threats and even if you did, you'd probably also run into problems in accidentally blocking good sites that happened to move to new numeric addresses. Large Hosts Files also cause Internet related slowdowns due to DNS Client Server Caching and disabling DNS Client Server Caching is not a solution. KB318803 "The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated." When cleaning Malware/Spyware from a PC, it is much easier to check a clean Hosts File then one filled with thousands of lines of addresses. Considering how easily a Hosts File can be exploited, redirected and potentially block good sites, it is strongly recommended NOT to waste time using Special Hosts Files. Especially when proper Malware/Spyware protection can be achieved by simply using these steps, all without ever using a Hosts File."
Thats what I use now with this host file http://www.mvps.org/winhelp2002/hosts.zip, I like it very much. I used to use http://www.bluetack.co.uk/forums/index.php?showtopic=8406. But certain addresses are contaminated with spyware, I used spybot S&D after install and I found 12 address that were contaminated. After I deleted them I ran another scan and I was clean, but I had to do this after I updated Host files. I got tiried of this so I switched. I suspect that bluetacks Host file had a lot of out dated addresses and that made it humungus. But I still discontinued DNS Client regardless of which Host file I used.
note - Winpatrol will detect and alert to changes to the HOSTS file because it compares it with it's own backup copy.
hi Erik -yes i'm using HOSTS for the same reason - it's better than nothing (i think) - i'm getting quite a few connection refused messages as i boldly surf where no TV sci-fi sitcom has been before - so something is happening. some say the universe is without limit some are even brave enough to suggest the internet is without limit (which suggests that one day an infinitely large HOSTS file with an infinitely large database will actually exceed the size of the internet.
When I'm surfing with Firefox, I often meet websites that are blacklisted in the Hosts file, so it really helps. As long they collect the stuff of the bad guys, all definition-based databases and hosts files will become larger and larger, until it isn't practical anymore to use them and the bad guys won't stop creating new ones, because they know it. If the technical limits don't kill the definition-based databases, the users will kill them for sure, because they are not going to be happy with the total scan time and the slowing down of their computer, because it will affect their real job.
hi yeah while it is true that the host file was intended for another purpose altogether id say the host file does still have its place mabe not as a safe guard against malware infection but it does make a adiquite basic adblocker which helps speed up surfing because your browser only loads the desierd contents because the bandwidth sucking ads are never conected to by your browser becae it thinks the adservesr are on your computer when there not so while the host file may not be effective at stoping malware infection because malware can play with the host file they work fine for adblocking which is what most of the host files you can download are intended for and to thoughs that say a host file is fales security i say this would you use adshield for IE or adblock for FF to safe guard you against malware infections on of course not and host file should not be used in this way either host files are ment for ADBLOCKING not malware protection so when thay say host files are false security thay must be clear that thay are fasle security if you are using them to protect against malware infection not when using them for adblocking i guess at the end of the day yeah host files have there limitations but there limitationd are no difrent than the limitations of any adblocker out there thay all requier that you the user maintain a database of bad links in one for or another and one way or another this database is going to be massive because badlinks are as wide spread as the net is vast
