Said in HOSTS but it's not ?

Hi,

A nasty www was blocked by PSOL the other day, the screen went black as it should and i was alerted by PSOL

PSOL said that www was in my HOSTS file.

The funny thing is, i have a VERY small HOSTS file with less than 20 entries, and it is NOT in there

I clicked the ignore button and proceeded anyway for testing and PSOL said it had removed the entry ?

How could it, if it wasn't in there, plus my HOSTS file is Read Only so PSOL couldn't alter it anyway ?

 

It's possible that your hosts file was modified by other sources or hidden back. A HOSTs file rootkit isn't unheard of, although somewhat rare. It could also be that another component in the browser is redirecting the browsing - the hosts file message is generic and not always indicative of a change directly to the hosts file (although that is most likely the case).

A read only attribute on a file doesn't prevent SafeOnline (or most applications) from modifying it

 

@PrevxHelp

Hi

It's read only and locked by

You serious If that's the case, which i Very much doubt, then Prevx hasn't detected it

Such as ?

Well that makes it misleading then, and not the right info we need to see

Anything you can suggest which might be of help would be welcome

TIA

 

That certainly wouldn't prevent everything

It is quite rare but I have seen an infection a few months ago which did it although I strongly doubt this is the case

Something in the LSP chain, a browser BHO that is maliciously redirecting traffic, a scripted extension within the browser, an injected DLL forwarding requests, something at the TDI level modifying packets, an NDIS rootkit changing destination addresses... the list continues

If you do run into it again on another domain, let me know and I'll take a closer look

 

Originally Posted by PrevxHelp

Oh no

Interesting

So do i

Thanks for the Such as info

Will do