Spybot S&D configuration

Antarctica · Jul 17, 2003

When I click on the icon "immunize", there is a section in the bottom
"Recommended miscallaneous protection".

I put a check mark in the box "Lock Hosts file read-only as protection against hijackers". Now every time I close Spybot S&D and re-open it, the check mark is gone!

Any idea?

Thanks

the Tester · Jul 17, 2003

Hi Antarctica.

I have SpyBot but I don't use the tools listed under Immunize.
Have you tried the Spybot forum?

I'll put a link below.

http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi

Antarctica · Jul 18, 2003

The tester,

Thank you for the link .

the Tester · Jul 18, 2003

Hey Antarctica,

I'm glad the link helped you.

There is a link to the Spybot forum by following this path in the Spybot console also:
info&license>credits.

LowWaterMark · Jul 20, 2003

I'm wondering if you have any other tools that act upon or scan the Hosts file? For example, running HijackThis appears to clear the Read-only flag on the Hosts file. I'm sure there must be other tools that do this, as well.

This protection from this option in Spybot S&D's Immunize screen is provided simply from setting the read-only file attribute, which is really just a flag on the file's directory entry. Spybot doesn't attempt to maintain this setting with any active guard feature, so if something comes along after (even immediately after Spybot has set this flag) and overrides this setting, the protection is gone until you reset it.

Ideally, you'd want to find out what else is running on your system that is accessing and resetting the file attributes on the Hosts file. It would just be good to know.

Just as an aside, effectively what Spybot is doing is equivalent to this DOS command when to check that box on the Immunize screen:

attrib +r C:\WINNT\system32\drivers\etc\Hosts

FanJ · Jul 20, 2003

Oops.....

My HOSTS file is also not set as read-only.....
Thanks !!!

I consider my HOSTS file as too important, that's why I have added it to my three "file-integrity-checkers":
1- in TDS-3 crcfiles.txt
2- NISFileCheck
3- ADinf32 Pro

In this way I will be at least get an alert in case it is changed.

You could also add it too your FileChecker from JavaCool.

My personal opinion: use any kind of "file-integrity-checker" and add your HOSTS file to its database, so you will be notified in case it might have been changed (that could be the case if you yourself changed it, but it could also be the case if some "nasty" did that....).

On my Windows 98 SE system it is here:
C:\WINDOWS\HOSTS

Pieter_Arntz · Jul 21, 2003

Lots of legitimate programs change your hosts file.
I tried with AdAware, but that returned the read only attribute after changing the offending entry.

Regards,

Pieter

Antarctica · Jul 21, 2003

Thanks to all of you for your suggestions.

I will make some tests when I have time to find out which program or application is changing my host file.

Drifter · Jul 21, 2003

Try going into 'settings' then under 'main settings' check the box next to 'save all settings'.
I just tried it with mine & the box you mentioned remained checked.

Antarctica · Jul 21, 2003

Thanks Drifter,
I had tried that before "save all settings" and it didn't do the trick.

But I found the culprit, thanks to LouWaterMark It is HijackThis that is clearing the Read-only flag on the Hosts file.

Log in or Sign up

Spybot S&D configuration

Antarctica Registered Member

the Tester Registered Member

Antarctica Registered Member

the Tester Registered Member

LowWaterMark Administrator

FanJ Guest

Pieter_Arntz Spyware Veteran

Attached Files:

AAWhoststest2.jpg

Antarctica Registered Member

Drifter Registered Member

Antarctica Registered Member