[Thread split] Hosts file et al

Discussion in 'other security issues & news' started by Espresso, May 15, 2012.

Thread Status:
Not open for further replies.
  1. nodbaga

    nodbaga Registered Member

    Joined:
    Jun 11, 2012
    Posts:
    8
    Location:
    US
    Re: It is Windows Defender!

    Thank you! I did try several things, but then gave up... On the subject: WD parses lines correctly i guess, because i tried 127.0.0.1 and 0.0.0.0 and some others - regardless of the IP, lines containing these exact addresses are erased. Position in the file does not matter either - they can be next to each other, or far - does not matter. Off ~100 lines in my hosts file only those two are erased, others are not affected, even doubleclick.net and google-analytics.com and such.
    Latest findings. Settles the matter at least for me:
    It (Windows Defender) actually has modifications of the hosts file documented in it's 'history'. You have to go through some motions to see it, but it is there. It is considered a 'Medium' level threat: SettingsModifier:Win32/PossibleHostsFileHijack. When WD modified my hosts file, it was actually 'Disinfecting' it. You can also 'Remove' it, which is replacing your hosts file with empty one.
    Good intentions then... These particular addresses were probably picked because they are most commonly found on average page.
     
    Last edited: Jun 18, 2012
  2. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.