Hosts File Editor 1.5.10

Discussion in 'other firewalls' started by lucd, Apr 7, 2021.

  1. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    476
    Location:
    Island of Woman
    anyone tried Hosts File Editor 1.5.10, I need to do small modification to host file (wpad trick), I can use similar safe programme if one exist, the manual host editing is a pain..
    EDIT: the software tends to freeze every 2-3 minutes for like 2-3 seconds
    did not spot any embedded malware, it will try to phone home though
    allows to block a set of specific companies IPs which is weird/suspicious
    the programme works, has alot of options, I prefer this GUI over hostman's, but the GUI is outdated
    (images from softpedia)
    CrowdStrike Falcon : clean
    MetaDefender : clean
    VirusTotal :clean

    Spyware
    Found a string that may be used as part of an injection method
    Fingerprint
    Queries kernel debugger information
    Reads the active computer name
    Reads the cryptographic machine GUID
    Evasive
    Found a reference to a WMI query string known to be used for VM detection
    Possibly checks for the presence of an Antivirus engine
    Possibly tries to implement anti-virtualization techniques
    References security related windows services
    Tries to sleep for a long time (more than two minutes)
    Spreading
    Detected a large number of ARP broadcast requests (network device lookup)
    Network Behavior
    Contacts 1 domain and 4 host

    Network Communication

    DNS Resolutions
    a1441.g4.akamai.net
    cs9.wac.phicdn.net
    e6987.dsce9.akamaiedge.net
    e6858.dscx.akamaiedge.net
    apple.com
    e673.dsce9.akamaiedge.net
    a1441.g4.akamai.net
    e673.dsce9.akamaiedge.net
    e6858.dscx.akamaiedge.net

    MITRE ATT&CK™ data in one report, this report has 24 mapped indicators.
     
    Last edited: Apr 11, 2021 at 11:38 AM
  2. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,561
    Location:
    South Wales, UK
  3. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    982
    Location:
    Baden Germany
    Did I miss something?
    Windows editor, started with admin privileges, was always good enough for editing.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    I also use HostsMan. Great for extensive editing plus it has an easy On/Off button for controlling use of the hosts file, plus it updates to online hosts file update lists automatically. Unless I'm missing something, using Windows Editor to do those jobs would be sorta like plowing a 40 acre farm with a garden hoe. :p
     
    Last edited: Apr 8, 2021
  5. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    476
    Location:
    Island of Woman
    thanks will try, host is locked so editing was a pain, something is holding it hostage, hostsman sounds good
     
    Last edited: Apr 8, 2021
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,654
    Using ~60.000 entries and using notepad++, nothing wrong from until now. It's a basic protection, but if one program can alter it any program can alter it. That file then need extra protection. In case of Windows 10 it needs to be excluded otherwise W10 will nullify it when holding unwanted redirection.
     
  7. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    982
    Location:
    Baden Germany
    Host file is not intended, or ever was, to be used as filtering measure.
    A host file with 40k, or even more entries, will slow down browsing.
    Mine is 1,26kB, and contains 15 entries.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    @Brummelchen -- You wrote, "That file then need extra protection." Please suggest a way to easily protect the hosts file. Thanks!

    @Hiltihome -- I have used the MVPS list for my hosts file since Win XP, plus I add some personal stuff to it. Hosts file is presently 328 KB & has a waaaaay LOT more than 15 entries. My aging laptop is very very zippy, thank you. So is my browser. The hosts file works great for blocking ads & other ap-cray.
     
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,654
    I cant tell you, because i dont use one. i need to keep my system clear from malware, thats all. But i know that any antivirus (incl. Defender*) is able to protect hosts file from altering.

    * Defender has nullified my hosts several times even when entries are not used, so i removed the unwanted entries and now is ok.

    I think there exists another bunch of protection tools - i would stick with the windows methods like rights aso.
    Not here. But DNS service is off, also on Windows 10 (needs registry mod because the services dialog wont let you) With DNS service i remember a slower performance. anyhow i dont need it, no domain present, only lan and the rest is done by router. (i also dont use the firefox dns cache)

    ofc i tried a much larger hosts file >250k entries, pointless because those are addresses which only can occur in browser and those are protected with an adblocker. the hosts file limit here the impact of malware (in special unwanted gifts) when installing software. in the past (since XP) it prevents such behavior very well. and since sandboxie i could elaborate in a secure environment.

    hosts file here is a combination of host-file.net/ad_servers (bought by malwarebytes and no longer existent) and mvps hosts. i dont screw that often on it that i need a special tool for it.

    and yes, ofc, hosts file also has impact on any browser here although i use an adblocker. i can safely turn it off (in browser) to check if adblocker is doing wrong.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    I have never had any problems with any slowdown. Normally I wouldn't mess with the hosts-file but Spybot Anti-Beacon modifies it to block phoning home by Windows. I use SysMate - Hosts File Walker to monitor stuff. BTW, I'm using the last freeware version of Spybot AB.

    https://www.softpedia.com/get/Network-Tools/IP-Tools/SysMate-Hosts-File-Walker.shtml
    https://www.softpedia.com/get/Tweak/System-Tweak/Spybot-Anti-Beacon.shtml
     
  11. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,654
    Spybot is futile on any system, it has only negative impacts on software - could not update, immunization, etc pp, just crappy software.
     
  12. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,440
    Agreed. I used HostsMan a couple of years ago when I needed a decent Hosts file editor. It always did a good job, no problems whatsoever. If I felt the need to edit my Hosts file again, HostsMan would be my first choice.
     
  13. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    476
    Location:
    Island of Woman
    EDIT: I got bad redirection when doing research, basically I opened 1 site, and then it redirected to several porn sites and some adware sites (reallifecam, and similar some pseudo voyeur stuff). Despite the fact that the clicked page was immediately blocked by ublock after clicking (browser plugins are not effective?) several redirects happened . Sometimes the content of the page does not match what you see in the google page preview, that form of phishing gets me sometimes. I got blackfog, ublock, malwarebytes, emsisoft (plugins) on but they did not protect, so I want to add that reallifecam ( two "l") to host and some more for precaution, added adguard browser plugin 2, the more layers the better until I see slowdown or compatibility problem. Eset is very good too at stopping such pages
     
    Last edited: Apr 11, 2021 at 12:27 PM
  14. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    476
    Location:
    Island of Woman
    anyway can't edit with hostman its locked by System, I guess I must go into safe mode. In win 10 the host is locked at startup, opened by system automatically and therefore permalocked, thats why I was searching for a programme
     
    Last edited: Apr 10, 2021 at 2:29 PM
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,748
    Location:
    The Netherlands
    Haven't noticed anything that so far. On the other hand I did have problems with the Windows Store, will try to disable the tweaks in Spybot AB.
     
  16. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    982
    Location:
    Baden Germany
    @lucd :
    There must be something seriously wrong.
    Either your machine, or router ist compromised.
    Better find the reason, instead of curing the symptoms.
     
  17. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    476
    Location:
    Island of Woman
    nothing wrong (I think) host is locked by system at startup, host is empty , there is no sign of compromise, apart that I cannot move or edit host in any way, even with admin privileges . Typically I would move host to temp folder, edit , delete old host and paste my version (admin prompt), now I can't touch host. System is above admin, and host is locked by System (NT Authority/System?) in windows 10 20h2
    Need to go into safe mode or edit from second OS/USB
     
    Last edited: Apr 10, 2021 at 3:12 PM
  18. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    476
    Location:
    Island of Woman
    anyway this host file editor is cool, you can block facebook, windows telemetry, and some major companies , interesting. Also edited host with host editor no problem, probably I do not know how to use hostman properly but I'll stick with host file editor for now, virus total shows nothing suspicious and the file is hosted on major geeks
    EDIT: I do not recommend to block some software companies, as it is perhaps illegal, just examining what the software does, I was very happy I can block facebook, the program is cool for that reason
     

    Attached Files:

    Last edited: Apr 11, 2021 at 12:21 PM
  19. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,654
    The whole windows folder is protected and thus the hosts file too. you cant go there with additional rights or settings.

    Rasheed - without its extra "features" Spybot is good as any other antivirus working in Background, in special when using windows 10 any other antivirus is futile and not helpful. sounds weird but the overall experience with negative impacts from other antivirus is happening each day. anyhow it can work, but there are only few antivirus with very small or none impact. defender is not perfect - others same - but all have same scan results in currents test.
     
  20. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    2,721
    it's quite obvious that this tool in your screenshot is for use with cracked sw. :cautious:
     
  21. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    982
    Location:
    Baden Germany
    I didn't meant locked host file, but your getting frequent redirects.

    With all that over armoring, you already did, there must be something seriously wrong.
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,654
    After reading #13 again, yes, there is dubious going on. Could be a fraud extension or malware on system. Use AdwCleaner for a first analysis, then Malwarebytes 4 free or Emsisoft Emergency Kit (EEK). And its mandatory to reset browsers profile(s). btw current browsers cant use any plugin, only addons (so called extensions). Flash, Java and similar were plugins. If you really meant plugins then there is something fishy going on including a very outdated browser which have been hijacked.
     
  23. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    476
    Location:
    Island of Woman
    I thought the same, still useful to block facebook though, 1 function ads alot of entries to host for facebook only, I was kind of impressed how many entries facebook got. Anyway I uninstalled the program wanted to add wpad entry and 'reallifecams'
    that said, the software (host file editor) tends to freeze every 2-3 minutes for like 2-3 seconds

    not frequent redirects, just one, by clicking by mistake (human error, not automated stuff)
    basically I finally found a solution to a problem but it was a fake/adware site with the text to lure me into clicking it, the interesting part is that ublock origin blocked it, but I still got redirected
    I wonder how they do it because the text preview was good, text really seamed to contain the answer. I do not randomly click stuff but I was in a hurry

    thanks I didn't know, will scan with adwcleaner, but I think it's already part of malwarebytes, those redirect sites (sites that I did not wat to visit) were not malware according to virustotal, just some legal porn sites, with shocking element involved (voyeurism). In some ip lists they call these sites "shock sites".
     
    Last edited: Apr 11, 2021 at 11:38 AM
  24. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,654
    adwcleaner is more specific on adware than malwarebytes 4. and for browsers. the only reasons to use both.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.