Hi, i don't know if anyone is aware of the dnsapi.dll thing, where certain MS domains are white-listed. So even if you block them in the "hosts" file, the dnsapi overrides it and microsoft.com keeps working. 2K didn't have that yet, and in XP only the SP1 version of the dnsapi.dll is without those exceptions. And to remove those domains in the Win 7 dnsapi.dll we need to do some hex editing, replacing in the... SysWOW64 6.1.7601.17570 (win7sp1_gdr.110302-1503) dnsapi.dll: Code: .....www.msdn.com....msdn.com....www.msn.com.msn.com.go.microsoft.com....msdn.microsoft.com..office.microsoft.com....microsoftupdate.microsoft.com...wustats.microsoft.com...support.microsoft.com...www.microsoft.com...microsoft.com...update.microsoft.com....download.microsoft.com..microsoftupdate.com.windowsupdate.com...windowsupdate.microsoft.com with: Code: .....000000000000....00000000....00000000000.0000000.0000000000000000....000000000000000000..00000000000000000000....00000000000000000000000000000...000000000000000000000...000000000000000000000...00000000000000000...0000000000000...00000000000000000000....0000000000000000000000..0000000000000000000.00000000000000000...000000000000000000000000000 or System32 6.1.7601.17570 (win7sp1_gdr.110302-1503) dnsapi.dll: Code: .....msdn.com........www.msn.com.....msn.com.go.microsoft.com........msdn.microsoft.com......office.microsoft.com....microsoftupdate.microsoft.com...wustats.microsoft.com...support.microsoft.com...www.microsoft.com.......microsoft.com...update.microsoft.com....download.microsoft.com..microsoftupdate.com.....windowsupdate.com.......windowsupdate.microsoft.com with: Code: .....00000000........00000000000.....000000000000000000000000........000000000000000000......00000000000000000000....00000000000000000000000000000...000000000000000000000...000000000000000000000...00000000000000000.......0000000000000...00000000000000000000....0000000000000000000000..0000000000000000000.....00000000000000000.......000000000000000000000000000 That in combination with this hosts file would then really block all ms domains! http://www.angelfire.com/comics2/fatboy9175/MShosts.txt While in the newer Win 8 dnsapi.dll, i no longer see those domains in the dnsapi.dll, but they are still white-listed! Maybe the domains are now hexadecimal instead of plain text, i don't know... any ideas? Thanks! Also, long time lurker, first time poster. Edit/addendum: It turns out it is still there, even on 10TP, but in unicode, i can't believe unicode derailed me, doh! And a big thanks to the folks over at mydigitallife for figuring it out
I checked a WinXP Media Center Edition SP3 ( dnsapi.dll is version 5.1.2600.6089 ) PC here and the dll doesn't contain the whitelisted entries. FWIW, Skype was never installed to that PC, and BITS along with AutomaticUpdates and other various services remained disabled. Along the way, MSIE8 and Windows Media Player 10 were updated, though, so I wonder how it managed to escape having the newer (tainted) dll version pushed onto it. Looks like nothing beyond Microsoft.NET v3.5 is installed. Maybe the dll would have been pushed if we had permitted the KBxxxxx updates for "DotNet assemblies" and related cruft.
Confirmed in versions 5.1.2600.2938 and 5.1.2600.5512 as well. I extracted dnsapi.dl_ from both the SP2 and SP3 archives. As extracted, neither contains those strings.
