Bad Hosts

Discussion in 'other security issues & news' started by Rico, Jun 30, 2005.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,704
    Location:
    Texas
    Hi All, Well I 've got BlueTacks Hosts running on my box now. It seems MSAS won't run, or hangs with Bluetacks Hosts file enabled. I tried disableing, MSAS system agent, which monitors Hosts, still MSAS hangs, with Hosts system agent disabled, MSAS got to "variable browser hijack" & hung. Tried turning off the only system agent, whic said something about hijack & still no luck.

    SpyBot had 12 entries redirected hosts all with 127.0.0.1. Can't figure out how to stop it from monitoring hosts.

    Disable Bluetacks Hosts & both scan properly!

    With BlueTack enabled, is MSAS compromised, or is real-time protection, only giving me a false sense of protection?

    It seems Messrs Gates, Kolla, Bluetack should have a cup of coffee & learn to play well!

    Thanks for any help with work arounds!

    rico
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Hi Rico, have you tried disabling the service:

    dns client AND ipsec service?

    cause those services has to be disabled/ended on my machine to use a big host.

    doesn't matter if msas is on my machine or not...

    you can find the services tab on the administrative tools (control panel)

    you can end a lot of other processes too :)
     
  3. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    would you try again with this in mind? so we can exclude this and search for other things :)
     
  4. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,704
    Location:
    Texas
    Hello Infinity, DNS Client was already set to manual "not started", IPSEC was auto & "started." Stopped IPSEC & set to manual. With both services off. I tried a MSAS scan, with all real time protection enabled. MSAS hung "not responding" at variable browser hijack.

    Thanks
    rico
     
  5. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,704
    Location:
    Texas
    Hello Infinity, I forgot to mention SpyBot 1.4, acts the same with both services off.



    rico
     
  6. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    are you using the latest "beta upgrade"? except for those redirections is any other security product pointing out a real infection?

    there are some trojans that'll disable msas from working correctly but that is not host related...but this seems like a bug...:(
     
  7. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,704
    Location:
    Texas
    Hi Infinity, TrojanGuard runs in my system tray, & has not sounded off, I'll run a full scan after this post. Also as of 6/29/05 MSAS had no updates for me.

    Post from "Klcgator55" at bluetack.co.uk/forum/index.php?showtopic=10062

    Hello,

    I should have reported this earlier. When I first started using the Hosts file everything seemed ok.

    Then a few days later I ran a scan with Microsoft AntiSpyware. It had always scan with no problem and this time it hung up when it was towards the end of scanning the Files section. I kept trying and it kept hanging at the same spot.

    I thought about what I had installed and changed recently and remembered the Host file.

    So, I went in the Host Manager and disabled the Host file and ran a scan and it scanned perfectly. I changed back and forth a few times and every time the Hosts file was enabled my scan hung up and when I disabled the Hosts file it scanned all the way through.

    I realize this is probably a problem with Microsoft AntiSpy and I would just disable the Hosts file whenever I scan and it wouldn't matter, but I like to have that program scan on it's own periodically. I can't let it scan alone because it wouldn't be able to disable the Host file on it's own.

    The only support that Microsoft AntiSpy has at the moment is a Microsoft Newsgroup and it leaves alot to be desired. I contacted them in the Application Compatibility section on June the 5th.
    Here is the link: http://communities.microsoft.com/newsgroup...asp?ICP=spyware

    I know that program is still beta, so maybe they observed.
    There has not been a response to my post, so I don't know what to think.

    I thought maybe that you might like to know about this.

    Thanks,

    KC

    NOTE of interest See Global Moderators Kimberly's response to KC.

    Also no other scanner reports a problem: CA PestPatrol ver. 5, latest Adaware, MSAS also gives a clean bill of health, with Bluetacks hosts disabled.

    Also if you visit Bluetack search for "rico123" no quotes to see Kimberlys response to me, as well as my comments

    Thanks
    rico

    I'll be back after TrojanHunter finishes its scan!
     
  8. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    probably you have no infection and it's the inability of msas to handle huge hostfiles...there are other programs that have/had the same problem.
    spysweeper - fixed
    a2 - fixed
    spyblocker - fixed
    msas - I haven't experienced this when I used Giant but I was not using bluetacks hostfile but another one

    I guess whenever it's beta, you'll encounter this issues :(
     
  9. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,704
    Location:
    Texas
    Hi Infinity, I'm back Trojan hunter 4.x & CA PestPatrol 5.x - report clean

    FYI - From TheElderGeek:

    IPSEC Services Service
    Service Name PolicyAgent Process Name lsass.exe
    Default Settings XP Home : Automatic XP Pro : Automatic
    Microsoft Service Description Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
    Dependencies Remote Procedure Call (RPC) IPSEC Driver
    Dependencies TCP/IP Protocol Driver
    Real World Description Primarily a host authentication device used with data transfer and encryption operations on a domain.
    Is this service needed? Possibly
    Recommended Setting:
    Manual

    Note Updated to reflect SP2 changes.
    Normally I'd set this to No/Disable but a few reports have trickled in saying this service was needed. Until I can prove/disprove them, I've changed it to Possibly/Manual.


    [ Back ] [ Up ] [ Next ]

    Last Updated: 06/30/2005

    Hmmm! This lost its format when pasted. Why should I keep this in manual or dis-abled.

    Also SpyBot 1.4 has a problem, so says Kim with false positives. She refers me to SpyBot link. Blah Blah Blah, which seems to be saying, no standards exsists for, what domain names get added to a "hosts" file. Okay!

    1. How do you set SpyBot to ignore the flagged 127.0.0.1 re-drirected hosts threats SpyBot thinks they've found.

    2. Does setting SpyBot to ignore, remove a layer of defense (SpyBot) & now force me to rely on "hosts" to protect?

    3. If Kim is aware of false positives as she stated with SpyBot, & other problems with other Malware apps.. It seems she or her ilk should notify the companies,

    4. It seems this computer security, could use some "standards!" Note back in the old record 33 1/3 LP's. Record companies agreed the standard for playing records would be/is 33 1/3 rpm. Imagine the user complaints. If you needed many different record players to play music. This seems to be the case in computer security.

    5. Also it seems that devlopers like proud parents are very protective of there products. And critism is not taken well, or they blame (defensively) that someone else is to blame. Also it seems that the proud parents want to extoll the greatness of there child, while putting on the back burner, or hiding the warts. All I've read (see replies, to "Am I Protected") that hosts, were wonderful & no problems are forseen. Well devleopers should, state problems first then, then the virtures.

    I'm rambling, I'm off for my walk.

    Take care & Thanks
    rico
     
  10. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    :) ah well, as long as you're happy ... it's a known bug in Spybot and apparently they are trying to fix it but ... must be complicated or they could do it in a snitch :)
     
  11. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    Hi All,

    Sorry Rico, don't want to hijack your thread but...

    This may sound like a dumb question but are there any hosts files out there that have just the major baddies (you know like doubleclick). A 1.2meg file seems like a lot of overkill and how many site that I visit are going to actually be useful with that big of a file. See I told you it's going to sound like a dumb question.

    Also if you want to go back to your default hosts file, how do you do that?

    Thanks,

    Jaws
     
  12. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Yes, there are other hostfiles available...off course there are :)

    I bet if you take a look around @ Wilders, you can find tons of info.

    http://www.mvps.org/winhelp2002/hosts.htm

    this link is a good reference

    bye
     
  13. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,704
    Location:
    Texas
    Nevermind,

    MSAS & Bluetacks Hosts are indeed sympatico. I t seems that at scannning mem for variable browser hijacks, this can take along time 10min. or so. If you try & abort, close, or cntrl+alt+del (due to precieved inactivity) you get MSAS not responding. Hence Nevermind!
     
Loading...
Thread Status:
Not open for further replies.