Is not Prevx supposed to protect the hosts file?

Discussion in 'Prevx Releases' started by egghead, Nov 30, 2009.

Thread Status:
Not open for further replies.
  1. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    Hello,

    my setup:
    Prevx: real time protection
    Dr.Web & Counterspy: on demand (real time disabled)
    Once a month I do an on demand scan with Dr.Web & CS

    Yesterday, during an on demand scan Dr.Web notified me that the hosts file had been changed. A closer look at the hosts file indicated that "start of entries inserted by Spybot Search & Destroy".
    Dr.Web made it possible to go back to the "original" hosts file :thumb: which I did.

    I remember when making the latest UBCD4Win I included Spybot in UBCD4Win.
    This is probably when the hosts file has been altered.

    Should not I have gotten a warning from Prevx o_O
     
  2. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    If you modified the HOST file from a boot cd how can prevx give you a warning (as it was not loaded)?

    Anyway I am pretty sure (with safeonline anyway) that you are given an alert when you try to access a website that has a HOSTS file entry for it, not before.
     
  3. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    As Joe stated in this post:

    And yes Spybot adds "start of entries inserted by Spybot Search & Destroy" entry in the hosts file.
     
  4. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    I did not.

    When I wanted to burn UBCD4Win to CD, the program appeared to be too large for CD. I removed a couple of programs, Spybot being 1 of them, to fit the program on CD( before removal of Spybot, I had updated its signatures). Thus Hosts file has not being modified from boot cd (spybot was not on boot cd).

    I have just finished doing the same thing again.

    *I selected proggies I wanted to have on CD
    *I had Spybot in the selection. I updated its signatures.
    *After building (before burning to CD) I noticed that the hosts file has been changed. Confirmed
    by Dr.Web.

    No warning at all of Prevx. All the things mentioned above I do when I am in windows and Prevx is running.

    After this I ran a scan and a deep scan with Prevx, but nada, nichts, nothing o_O





    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    # This HOSTS file created by Dr.Web Scanner for Windows

    127.0.0.1 localhost
    # Start of entries inserted by Spybot - Search & Destroy

    ~~~ Removed sample websites from post as these are links to bad (spam, malware, porn and phishing) websites ~~~

    List is longer: total 351 KB
     
    Last edited by a moderator: Nov 30, 2009
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Prevx will detect malicious hosts file entries (i.e. ones that redirect AV websites) and SafeOnline will warn the user and correct the hosts file if they are being redirected while browsing.

    Legitimate modifications to it for blocking spam, etc. won't be warned about as the hosts file is a core operating system component which is used legitimately by a number of different services.

    Let me know if you have any questions with it :)
     
Thread Status:
Not open for further replies.