Nod32 SysInspector says my HOSTS is risky...

Discussion in 'ESET NOD32 Antivirus' started by IanGear, Aug 18, 2009.

Thread Status:
Not open for further replies.
  1. IanGear

    IanGear Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    3
    What do I do now? It lists my HOSTS as level 8:risky, and includes a list of countless sketchy bad looking sites, various spyware places.

    It says the two localhost things are good, and everything else is bad. Why are all these other things even there? Can/should I just delete them all somehow?

    Or are these sites that are blocked? Which would be good? I'm confused.

    Thanks.

    I'm using Windows Vista Home Premium 32bit by the way.
     
    Last edited: Aug 18, 2009
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    SysInspector only tells you what entries are suspicious. It does not mean that files flagged as suspicious are necessarily bad or malicious.
     
  3. IanGear

    IanGear Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    3
    I can tell they're bad by looking at them though, they're a list to a bunch of spyware sites and the like.

    My question here, since I've never done this before, should/could I just delete all these things from my hosts, aside from the localhost part which I need?

    I mean, there's no reason to have any addresses to web sites in your hosts file, right?

    I've been alerted to this, now I just want to "take action". :cool:


    [edit:]Further research is showing that the listing of these sites could be to block those sites, which is good.

    Here's a sample line from the HOSTS:

    127.0.0.1 www.a-d-w-a-r-e.com

    So, does this mean it's blocking that site, rather than allowing it? So I shouldn't delete it? How can you tell if a listing in the hosts file is for prohibiting a site, rather than helping it? Thanks
     
    Last edited: Aug 18, 2009
  4. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    127.0.0.1 and " name " means it's blocking internet access to those listed.

    sometimes spybot or other antimalware programs add their own entries here from a list of known malicious sites.
     
  5. IanGear

    IanGear Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    3
    Ah, thanks, that's good.

    Here's a question, I've heard about spyware hijacking your HOSTS file and adding harmful things to it.

    What kind of line could be in a hosts file which can do you harm? What should I look out for?

    Thanks.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Most Hosts files are super long so easily scanning is tedious. However, if malware has altered your Hosts, sometimes they will add entries that will prevent you from updating your Antivirus program, Eset for instance. If Eset is unreachable, give thought to your Hosts file.

    127.0.0.1 www.eset.com sends you on a loopback to your PC's local host
     
  7. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    if the sites in your HOSTS files are bad-looking sites, then they were probably added by a security program such as Spyware Blaster, so that your PC can't acccess those malicious sites.

    Conversely if the sites in there are security sites etc. then they were probably added by a malicious program :)
     
  8. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    great explanation !
     
Thread Status:
Not open for further replies.