Author Topic: Malware or false alarm  (Read 2737 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32437
  • malware fighter
Malware or false alarm
« on: April 24, 2005, 12:42:55 AM »
Dear forum,

Just after installing a hosts file to block unwanted sites in my Firefox browser and further ads, Spybot Search and Destroy alarms on MySoft redirected.host desktop.kazaa.com=127.0.0.1

Is this because of the hosts file (read-only, but Spybot is unaware of that and alarms on kazaa) or is it something more serious. I heard of alarms on verisign sites in hosts files as well. Who is the expert to tell me. Is it true that viruses can change hosts files, I regularly check it with a file-analyzer on CRC-32 & MD5 but the check-sum are the same. Please fill me in with the details.

Greetings from me,

POLONUS
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re: Malware or false alarm
« Reply #1 on: April 24, 2005, 05:19:36 PM »
Hi polonus,

I installed the same host file, and got the same warning.

I just stuck it on Ignore list as im almost certain its a false positve.

You can also inform Spybot team of this is you want (i didn't), they will fix it then.

--lee

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32437
  • malware fighter
Re: Malware or false alarm
« Reply #2 on: April 24, 2005, 07:18:12 PM »
Hi Lee16,

Thanks for your comment. I decided to have Spybot S&D delete it. Now they did this fine, adding two lines to my hostsfile, not but slightly changing it at the bottom,  and restoring the original hosts file as a backup file.
I checked it thoroughly with FileAlyzer and everything seems now all right.
Good thing nothing was actually wrong, and one learns a lot from these things.
Just a tip for you from a spyware forum I got a link to a nice and complete startup checker, awful this one, by the name of StartDreck (must be of Germanic origin by the name of it). If you know your way around with HijackThis, this one will please you as well..loads of possibilities to configure your findings). Have a nice day Lee,

Kindest regards,

POLONUS
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32437
  • malware fighter
Re: Malware or false alarm
« Reply #3 on: May 10, 2005, 10:17:09 PM »
Hi lee 16,

I have a question for you. Some hijackers can change your hostfile and redirect to their smut sites or block anti-spyware or anti-virus sites. There are not that many that can change the settings of your hosts file. See: richardthelionhearted this site has an interesting manual on the net for us on host files. After you have checked your entries scrolling up from bottom to top in .txt (notepad) or with bintscan (a small binairy text scanner, everybody should have, a gorgious little tool to scan files, you do not trust)  so that the hosts file is clean. Do you lee advise it to be set non-read. I know that Spybot S&D watches it. Does it also correct the file, whenever it gets corrupted. Because of hijackers some advice never to update anti-spyware automatically, but only manually. Because else you might just as easy reinstall the malware hosts (bFast and some others). What is your feeling about this? For windows XP they say that having  long Hosts files may slow up your comp considerably, their advice DNSKong. Is that proggy any good? They say it acts like a DNS server, but in the real is n't and empty. I don't know what to make of it. I do not like to run any server when I can do without it, paid the price when inproc server was hacked. Like to hear from ye?

Receive kindest regards from me here on the other site of the fishing pond,

Yours faithfully,

POLONUS
« Last Edit: May 10, 2005, 10:21:07 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!