Guest Jesse Posted April 25, 2009 Posted April 25, 2009 Could someone please clarify why whenever I open the "view HOST file" in WinPatrol I get a text list hundreds of nasty malwares? It says "127.0.0.1, local host" "#start of lines added by WinHelp2002", then the list., ending with "#end of lines added by WinHelp2002". .. How do you interpret this -- is this a list of blocked HOSTS or something? Thank you, Jesse Quote
Guest Alan Edwards Posted April 25, 2009 Posted April 25, 2009 Please read this: (it is where your HOSTS file came from) Blocking Unwanted Parasites with a Hosts File: http://www.mvps.org/winhelp2002/hosts.htm ....Alan -- Alan Edwards, MS MVP Windows - Internet Explorer http://dts-l.com/index.htm On Fri, 24 Apr 2009 19:25:23 -0500, in microsoft.public.security, "Jesse" <Jessestall@NOTcs.com> wrote: <span style="color:blue"> >Could someone please clarify why whenever I open the "view HOST file" in >WinPatrol I get a text list hundreds of nasty malwares? > >It says "127.0.0.1, local host" > > "#start of lines added by WinHelp2002", > > then the list., ending with > > "#end of lines added by WinHelp2002". > >. How do you interpret this -- is this a list of blocked HOSTS or something? > >Thank you, > >Jesse ></span> Quote
Guest FromTheRafters Posted April 25, 2009 Posted April 25, 2009 "Jesse" <Jessestall@NOTcs.com> wrote in message news:eS89PxTxJHA.2588@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > Could someone please clarify why whenever I open the "view HOST file" > in WinPatrol I get a text list hundreds of nasty malwares? > > It says "127.0.0.1, local host" > > "#start of lines added by WinHelp2002", > > then the list., ending with > > "#end of lines added by WinHelp2002". > > . How do you interpret this -- is this a list of blocked HOSTS or > something?</span> The "hosts" file is not really for blocking anything. It functions in a way similar to a DNS (Domain Name Service) which looks up an IP address when given a domain name. The hosts file is like a local lookup table for matching names to addresses. If blocking is desired, the "loopback" address of 127.0.0.1 (localhost) is used. The hosts file can also be used maliciously by malware to send the browser to addresses other than 127.0.0.1 so the list you see may have both blocked (returns 127.0.0.1 to the browser) names and redirected names so that malware can get you to visit their site (browser hijacking). Quote
Guest Jesse Posted April 25, 2009 Posted April 25, 2009 "FromTheRafters" <erratic @nomail.afraid.org> wrote in message news:%23Rp3XXZxJHA.4116@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > "Jesse" <Jessestall@NOTcs.com> wrote in message > news:eS89PxTxJHA.2588@TK2MSFTNGP02.phx.gbl...<span style="color:green"> >> Could someone please clarify why whenever I open the "view HOST file" in >> WinPatrol I get a text list hundreds of nasty malwares? >> >> It says "127.0.0.1, local host" >> >> "#start of lines added by WinHelp2002", >> >> then the list., ending with >> >> "#end of lines added by WinHelp2002". >> >> . How do you interpret this -- is this a list of blocked HOSTS or >> something?</span> > > The "hosts" file is not really for blocking anything. It functions in a > way similar to a DNS (Domain Name Service) which looks up an IP address > when given a domain name. The hosts file is like a local lookup table for > matching names to addresses. If blocking is desired, the "loopback" > address of 127.0.0.1 (localhost) is used. The hosts file can also be used > maliciously by malware to send the browser to addresses other than > 127.0.0.1 so the list you see may have both blocked (returns 127.0.0.1 to > the browser) names and redirected names so that malware can get you to > visit their site (browser hijacking).</span> Thanks. So, in brief, this list is probably a good thing -- I use updated XP SP2 and use those blocked browser warnings, do not frequent sleazy or forewarned pages, have a serious array of anti- malware apps (all set to max protect nagging-- I don't mind getting prompts for everything). I will study the mvp.org page in more depth later to check out the additional apps mentioned there, but right now it appears the only thing I need to look at is to make sure the size of the list is not excessively wasting space. I seem to remember having gone to mvp.org in the past and applying some type of hosts files tweak. So I'm probably good here, right? it's just that the list looks daunting because I more or less stumbled upon it.<span style="color:blue"> ></span> jesse> Quote
Guest FromTheRafters Posted April 26, 2009 Posted April 26, 2009 "Jesse" <Jessestall@NOTcs.com> wrote in message news:eDcNl9hxJHA.480@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > > "FromTheRafters" <erratic @nomail.afraid.org> wrote in message > news:%23Rp3XXZxJHA.4116@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> "Jesse" <Jessestall@NOTcs.com> wrote in message >> news:eS89PxTxJHA.2588@TK2MSFTNGP02.phx.gbl...<span style="color:darkred"> >>> Could someone please clarify why whenever I open the "view HOST >>> file" in WinPatrol I get a text list hundreds of nasty malwares? >>> >>> It says "127.0.0.1, local host" >>> >>> "#start of lines added by WinHelp2002", >>> >>> then the list., ending with >>> >>> "#end of lines added by WinHelp2002". >>> >>> . How do you interpret this -- is this a list of blocked HOSTS or >>> something?</span> >> >> The "hosts" file is not really for blocking anything. It functions in >> a way similar to a DNS (Domain Name Service) which looks up an IP >> address when given a domain name. The hosts file is like a local >> lookup table for matching names to addresses. If blocking is desired, >> the "loopback" address of 127.0.0.1 (localhost) is used. The hosts >> file can also be used maliciously by malware to send the browser to >> addresses other than 127.0.0.1 so the list you see may have both >> blocked (returns 127.0.0.1 to the browser) names and redirected names >> so that malware can get you to visit their site (browser hijacking).</span> > > > Thanks. > So, in brief, this list is probably a good thing -- I use updated XP > SP2 and use those blocked browser warnings, do not frequent sleazy or > forewarned pages, have a serious array of anti- malware apps (all set > to max protect nagging-- I don't mind getting prompts for everything). > I will study the mvp.org page in more depth later to check out the > additional apps mentioned there, but right now it appears the only > thing I need to look at is to make sure the size of the list is not > excessively wasting space. I seem to remember having gone to mvp.org > in the past and applying some type of hosts files tweak. So I'm > probably good here, right? it's just that the list looks daunting > because I more or less stumbled upon it.<span style="color:green"> >></span> > jesse></span> Yes, it is a good thing if you want to use it for blocking (the list has 127.0.0.1 as the IP addresses). It is a bad thing only if other addresses are there when they shouldn't be. I haven't seen the list you have, but my guess is that you have some safer browsing software that gives you a good list of "baddies" to block (127.0.0.1) and that list was compiled by those that know what is and isn't "bad" - and further, that you have no need for list of "goodies" because you rely entirely on your ISP's DNSs as most people do. At the risk of repercussions, I would like to state that antimalware and antivirus are different things and you do need an antivirus in addition to any antimalware you may have. If at least one of your antimalware applications is a qualified antivirus program (and you just didn't mention it) then you are okay. Don't worry too much about "all the space" taken up by a text file - they are tiny compared to pictures. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.