attempted host file change

Discussion in 'other anti-malware software' started by david banner, Jan 28, 2008.

Thread Status:
Not open for further replies.
  1. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    I got an alert from spysweeper that spywareterminator was trying to change my host files. Blocked as was not sure? What does it mean? It happened just after a scan where nothing was found
     
    Last edited: Jan 28, 2008
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    "Trying to change", or "trying to access"?
    I've never had the hostsfile change when using ST.
    ST has an option called "immunize", similar to Spybot's or SpywareBlaster's, I think, do you have that active? ST running realtime or demand?
    ST also is able to guard the Hosts File, maybe that is what was being registered?
     
  3. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I don't know if 'spywareterminator' is a trustworthy program (and who knows, maybe it is but you have some rogue program that calls itself 'spywareterminator' ?).

    If it is trustworthy, maybe you should just let the Spy Sweeper allow what spywareterminator wants to do ... unless the programs are in some way incompatible. You CAN get problems if you use two antispyware programs.
     
  4. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Actually, Spyware Terminator is present at the Rogue Spyware list.
    But:
     
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    There are two "spyware terminators''.
    One is a non-rogue, from Crawler, and is trustworthy.
    The other is from Invender nl, and is on the rogue list. (see here, about a third way down the page.
    The only apparent difference is the spelling: SpywareTerminator for the former, Spyware Terminator (note the space) for the latter.

    [Edit] X-posted with above.
     
  6. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    I have the Crawler ST . It tried to change the host file yes. Where is the immunise function, do I have to have web secirity guard to have that? Ok found it and it says immunised 5187/5187 immunise button is greyed out
     
  7. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    OK, david, as a test, hit the "de-immunize" button, see if Spysweeper pops a warning. Then (if no response) try immunizing again.
    I have no idea as to whether the immunity function affects the Hostsfile or not. I think it's more likely it will affect the registry.
    This test might indicate the answer.
     
  8. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Did that. I got 'immunized 2158/5187 If you want to immunize all remaining items just run the immunize feature.'

    I clicked on immunize- now not greyed out- and got 'system immunization complete' box to which clicked OK

    No reaction from SS
     
  9. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    OK. It's not that, then. (Although it is a bit strange it didn't de-immunize all items. Repeat attempts may be worthwhile. Got any other immunities active?)

    All I can suggest is to run another scan and if it happens again take a snapshot, or copy the exact warning that appears. If ST is realtime (and Spysweeper obviously is) you may be looking at a software confliction, which is possibly best handled at SS and/or ST support.
     
  10. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    SpywareBlaster
     
  11. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    If you are happy to, and you may want to research how many/which sites each provides immunity to, I'd be inclined to disable one of them. If you're confident in the hostsfile being comprehensive and up to date, you may want to disable both. Only reason; too many (different) immunity protocols can slightly slow down web browsing...more exclusions to process before a page is displayed.
    Doesn't address your issue, though.
    Which Hostsfile are you using?
     
  12. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    I do not understand that
     
  13. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Did. problem this time ;)
     
  14. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    The hostsfile is part of the browser system, associated with DNS, I believe. It's empty by default. If you install a Hostsfile (I use the MVPS Hostfile, managed by a program called Hostsman) it blocks known bad sites.
    It would seem by your reply that you have default settings, which is fine, just wanted to establish that.
    Still no closer to answering the OP, sorry.
     
  15. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Yes mine is empty. Sorry I did not know the correct term for it but there is nothing there only this text

    # Copyright (c) 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    ::1 localhost
     
  16. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Same problem?
    Or did you mean "No problem this time"?
    If problem, any chance of seeing the wording of the warning?
     
  17. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Re Hosts File, some info for you.
    I believe, but am not sure, that having this active pretty much negates the need for SpywareBlaster etc. MVPS dot org
     
  18. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    No problem sorry
     
  19. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    That is like spyad is it?
     
  20. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    A bit. Spyad AFAIK only works in IE. It works by setting the browser permissions to "restricted" for certain sites, much as SpywareBlaster does.
    The MVPS hostsfile prevents the page from loading, or in the case of certain ads, prevents them from being included on the page.
     
Loading...
Thread Status:
Not open for further replies.