The Curious Affair of the Empty Hosts File

Discussion in 'other anti-malware software' started by gorgelink, Aug 21, 2007.

Thread Status:
Not open for further replies.
  1. gorgelink

    gorgelink Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    49
    I have Adaware free (great software, thank you!).

    When in Full Scan, it goes through the Hosts File and scans dozens of entries inside it.

    Example of one such entry found by AdAware in the Hosts File:

    www.avp.com 127.0.0.1

    BUT

    My Hosts File (Windows\System32\Drivers\etc\hosts) is EMPTY!!!

    Where are the scanned entries coming from? They can't be coming from the empty Hosts File!!!

    Thank you again. Have a cool end of summer.

    G.
     
    Last edited: Aug 21, 2007
  2. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    313
    Location:
    Uruguay
    Can you run REGEDIT, navigate to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters and tell us the value of DataBasePath?
     
  3. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi gorgelink :)

    Like this? Are you sure? Hmmmm... :blink:

    The syntax is this:

    127.0.0.1 URL

    ex

    127.0.0.1 www.avp.com

    127.0.0.1 localhost is mandatory and must be the first in the list.

    For a good HOSTS file updated on regular basis and documented:
    The MVPs list http://www.mvps.org/winhelp2002/

    and this software to managed and update it automatically:
    HostMan:
    http://www.abelhadigital.com/

    :)
     
  4. gorgelink

    gorgelink Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    49
    ggf, Climenole,

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters and tell us the value of DataBasePath

    It is a REG_EXPAND_SZ and the value (data) is:

    %SystemRoot\System32\drivers\etc

    So, I guess it's OK.

    And it's really:

    127.0.0.1 www.avp.com

    My mistake (blush).

    G.
     
Thread Status:
Not open for further replies.