Spybot S&D configuration

Discussion in 'other anti-malware software' started by Antarctica, Jul 17, 2003.

Thread Status:
Not open for further replies.
  1. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,666
    Location:
    Canada
    When I click on the icon "immunize", there is a section in the bottom
    "Recommended miscallaneous protection".

    I put a check mark in the box "Lock Hosts file read-only as protection against hijackers". Now every time I close Spybot S&D and re-open it, the check mark is gone!

    Any idea?

    Thanks
     
    Antarctica, Jul 17, 2003
    #1
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hi Antarctica.

    I have SpyBot but I don't use the tools listed under Immunize.
    Have you tried the Spybot forum?

    I'll put a link below.


    http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi
     
    the Tester, Jul 17, 2003
    #2
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,666
    Location:
    Canada
    The tester,

    Thank you for the link . :)
     
    Antarctica, Jul 18, 2003
    #3
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hey Antarctica,

    I'm glad the link helped you.

    There is a link to the Spybot forum by following this path in the Spybot console also:
    info&license>credits. ;)
     
    the Tester, Jul 18, 2003
    #4
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,966
    Location:
    New England
    I'm wondering if you have any other tools that act upon or scan the Hosts file? For example, running HijackThis appears to clear the Read-only flag on the Hosts file. I'm sure there must be other tools that do this, as well.

    This protection from this option in Spybot S&D's Immunize screen is provided simply from setting the read-only file attribute, which is really just a flag on the file's directory entry. Spybot doesn't attempt to maintain this setting with any active guard feature, so if something comes along after (even immediately after Spybot has set this flag) and overrides this setting, the protection is gone until you reset it.

    Ideally, you'd want to find out what else is running on your system that is accessing and resetting the file attributes on the Hosts file. It would just be good to know.

    Just as an aside, effectively what Spybot is doing is equivalent to this DOS command when to check that box on the Immunize screen:

    attrib +r C:\WINNT\system32\drivers\etc\Hosts
     
    LowWaterMark, Jul 20, 2003
    #5
  6. FanJ

    FanJ Guest

    Oops.....

    My HOSTS file is also not set as read-only.....
    Thanks !!!

    I consider my HOSTS file as too important, that's why I have added it to my three "file-integrity-checkers":
    1- in TDS-3 crcfiles.txt
    2- NISFileCheck
    3- ADinf32 Pro

    In this way I will be at least get an alert in case it is changed.

    You could also add it too your FileChecker from JavaCool.

    My personal opinion: use any kind of "file-integrity-checker" and add your HOSTS file to its database, so you will be notified in case it might have been changed (that could be the case if you yourself changed it, but it could also be the case if some "nasty" did that....).

    On my Windows 98 SE system it is here:
    C:\WINDOWS\HOSTS
     
    FanJ, Jul 20, 2003
    #6
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,382
    Location:
    Netherlands
    Lots of legitimate programs change your hosts file.
    I tried with AdAware, but that returned the read only attribute after changing the offending entry.

    Regards,

    Pieter
     

    Attached Files:

    Pieter_Arntz, Jul 21, 2003
    #7
  8. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,666
    Location:
    Canada
    Thanks to all of you for your suggestions.

    I will make some tests when I have time to find out which program or application is changing my host file. :)
     
    Antarctica, Jul 21, 2003
    #8
  9. Drifter

    Drifter Registered Member

    Joined:
    Jul 21, 2003
    Posts:
    1
    Location:
    Australia
    Try going into 'settings' then under 'main settings' check the box next to 'save all settings'.
    I just tried it with mine & the box you mentioned remained checked. :)
     
    Drifter, Jul 21, 2003
    #9
  10. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,666
    Location:
    Canada
    Thanks Drifter,
    I had tried that before "save all settings" and it didn't do the trick.

    But I found the culprit, thanks to LouWaterMark :) It is HijackThis that is clearing the Read-only flag on the Hosts file.
     
    Antarctica, Jul 21, 2003
    #10
Loading...
Similar Threads
  1. klarm

    spybot search & destroy strange results...

    klarm, Jul 12, 2017
    Replies:
    7
    Views:
    298
    klarm
    Jul 14, 2017
  2. Mops21

    Spybot - Search & Destroy 2.x Thread

    Mops21, Jun 20, 2017
    Replies:
    1
    Views:
    276
    NormanF
    Jun 20, 2017
  3. Scotlarock2013

    What do you think of my configuration

    Scotlarock2013, Apr 7, 2017
    Replies:
    14
    Views:
    772
    Bill_Bright
    Apr 8, 2017
  4. NICK ADSL UK

    Password reset required(Spybot)

    NICK ADSL UK, Mar 11, 2017
    Replies:
    0
    Views:
    161
    NICK ADSL UK
    Mar 11, 2017
Thread Status:
Not open for further replies.