HostFile - Some Perspective Please

HostFile & fastclick.com & popups - Some Perspective Please

This is probably a computer-kindergarten question, but...


I've not been able to get rid of media##.fastclick.com/blahhhhhhhh


Obviously I can't rid myself of it alone. Please forgive the lengthy post, but I need very badly at this point to be rid of this thing so I'm attempting to be to include what I've observed in one relatively complete sweep. I swear, do not leave me alone in a room with the people who dumped this kaka on my pc here lol - so aggravating !


Nothing has worked, not scans of a list of trojan and/or virus and/or malware programs both online, offline, free and purchased scan clean.


After days narrows myself down to just three things causing or contributing to my grief in some way-


(1) cookies (ick) but solved that with Cookie Wall,

(2)my Temporary Files folder (ick) but at least identified those easily with Cookie Remover Platinum 2004 (which scans then shows all at any time residing in both cookies folder and Temporary Files folder-and shows LOTS more in there than my Windows Explorer shows - even though I have Windows Explorer set to 'show all files'. CRP lets me one-click-scan & show locations & one click remove, so that seemed to help a bit perhaps, can't tell for sure if keeping that cleaned out every hour or so is helping, seems to...)

and
(3)my hostfile. Though the link offered up in the forums here elsewhere leads to a dead link for "Host File Viewer (free)", I found it available at the following location just this morning, and figuring I'd lose nothing I d/inst and viewed my hostfile. (the link below is to another forum and thread which contains a reply refering one to the direct .EXE download for Host File Viewer:

http://forum.gladiator-antivirus.com/index.php?showtopic=10836&hl=host


>>>>Upon opening Host File Viewer, it automatically read my 'hostfile' at the following location:

C:\WINDOWS\System32\Drivers\etc\Hosts


>>>>Upon then double clicking that location I read what appeared to be, for all intents and purposes, a relatively empty hostfile. Excepting for the babble-lines preceded by "#", it listed only one line (even though I have SpywareBlaster latest, SpySites, and SpyBot S&D running/resident&tea and updated to the minute and have had since I got this pc three months ago). this is what it showed.

127.0.0.1 (spacebar spacebar spacebar) local host

(end of list)...



Now I've not much detailed experience with hostfile at all, but my simplified feeling for it was that it listed all 'blacklisted domains' and that my pc wouldn't load up any webpages in IE (latest) if their domains were listed in this file.

So instantly I'm thinking somethin isn't right, else I just don't understand the hostfile and what it does or doesn't do.



>>>>So I think, let me try SPYSWEEPER one more time (it found an update, version 3.something is available now in the free area (yay), I updated SS, and it loaded up without a hitch seemingly. Upon loadup, I advance to Shields >> and change some items at default there, that being "Common Ad Sites Shield" I *checked* and "Do not show Blocked Sites in the List" I *unchecked*, it auto-refreshed, and it indicated that it had added these as 'blocked sites' -


>>>>I then went back to my Hosts File Reader, and now it lists tons of (blocked) domains there, seemingly those that SpySweeper just 'added'.



Now we're starting to look better, but I'm left wondering - I had SpySites list tons of names in that prior, I swear I did, even ran to the registry and saw them listed there seemingly set ok at the time, either that or I'm just losing my mind here lol. If a list of blocks were in there when I loaded Spysites, why were they not on my 'hostsfile' when I pulled it up this morning ? Are there several places where 'blocked domains' can be listed, where not all would be naturally placed on a 'hostfile' ?


Second question:



When this first started appearing with "media##.fastclick.com/blahhhhhh" showing up while I was just sitting here (not even surfing at times, they just appeared minimized, one at a time paced a certain few minutes apart in appearance and with the ## changed in each one..., and sat there in the tray just peering at me like eyes on a scallop staring silently until I accidentally saw them lol), I though 'no problemo, I'll just breeze up to IE/restricted sites and pop it in there. Fine, go to IE>>Tools>>Internet Options>>Security>>trusted sites (none listed, fine), then go to restricted sites (none listed, fine I guess), then try to add any version of 'fastclick.com' and I get this error popup: (paraphrased) "Domain name already listed in another zone, please remove it's name from that zone, then retry". Okeeeee, so I look, and all other lists (at that IE location) are showing empty there LOL. Tried it over and over, over many reboots, every which way but lose and it just weren't gonna let me add it LOL.

So what would *that* symptom indicate there, and if it's linked to a certain rogue nuisance could someone please give me the exact name so I can make sure I do everything not to have this prob again? Startin to spook me out here-like little scallop eyes LOL (and I don't like not having control over every piece of this machine here one bit).






Third question:



The new hostsfile now, after having been added-to by SpySweeper newest version free, and having been pulled up again in my Hosts File Reader program just now by doubleclicking that same location above at C:\WINDOWS\System32\Drivers\etc\Hosts
starts out with the same babble lines which start with #, but after the babble/# lines, it looks like this:

...# for example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.enliven.com
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net... etc etc etc


My question then is, as I know machines differentiate (space-filename) from (space-space-filename) - is that first line (the localhost line with extra spacebar spaces between IP and hostname, if the first line was all that existed before, did the extra spaces between IP and HOST make any difference in performance? Not sure what that first line does exactly. And either way, the way it shows now, is listing 'localhost' twice - is that a problem ? I am not eager to edit this list (and have not much clue if I'm able to even do it actually yet lol).





And finally:
I found this commentary, and as I'd both viewed a hostfile problem and run Adaware and fixed problems with it within the past 24 hours, I thought it important to at least ask if this relates to or has contributed to either any potential/probable problem with my hostfile or with all my failed attempts to turn away all media##.fastclick.com activity on this machine.

(I draw your attention to the link on the following page, right hand side, which says " Attention Ad-Aware Users " )

http://www.mvps.org/winhelp2002/hosts.htm


Does that sound like it pertains to my dilemma ? And exactly what does that mean regarding Adaware, because it links to a Lavasoft page that's confusing and cryptic (as to whether this is a Lavasoft error, condition, flaw, or flaw of something else...but is it possible something I did in Adaware changed my hostfile and deleted any additions that say SpySites placed on my system ?




Question Four:



And now that SpySweeper has added sites to what appears to be my hostfile, at that location above, I don't recognize anything in there that refers to fastclick.com, so can I just slap a new line in there, and save the file (overwrite), just by typing on it (either using Hosts File Reader here, or by any other way), afraid to do so without asking first.





Five:



And, if none of this is going to help me get rid of this dumb media##.fastclick.com/blah thing, what can I use? CWShredder continues to find me clean. I'm so aggravated, if this weren't a brand new machine I'd just unplug it and pack it away lol.





And,



It occurs to me, that there could be more than one hostfile (and if so that would be a clue to what malady has it's grips on my machine here likely), and I should attempt to make sure there are no other host files even if just to rule it out. There is a 'scan for host files' option/button on this Host File Reader, however I've tried multiple times and after clicking it it seems to indicate it's initiated a scan but the program crashes each time (the same way). This could either mean absolutely nothing, or something significant I suppose. Should I be concerned about two hostfiles ? Is this indicative of malware etc ?





OK I'm exhausted just making sure I got all the deepest dumbest questions out before I humiliated myself any further about what's probably such a simple issue (that I feel totally in the dark about). l will feel lots better once I get a logical feeling for how this exploit is sneaking in or floating around this pc here against my will, and I'd truly be much obliged if someone would give me a handle on some of this.



Thanks again for any insight, and Wishing you all peace !

LWS