Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: windows 7 host file contents auto deleted!

12 Apr 2015   #11
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

I installed using admin account and malware byte/avast didn't detect anything so i suppose you're right.


My System SpecsSystem Spec
.
12 Apr 2015   #12
carwiz

Windows 7 Pro-x64
 
 

If you're using a Firewall, which you should be, check for entries you don't recognize. It could be that the "game" read the ETC folder and used it to create ports. It wouldn't surprise me that the install did a "write-back" without regard to the contents. Most user hosts files are empty anyway and would never be noticed. Mine is over 450KB.
My System SpecsSystem Spec
12 Apr 2015   #13
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

You've got UAC on max settings? You should get a prompt if your Hosts file is modified.

Personally I use other software with HIPS protection to notify me of important changes. I'm not sure that Avast + MBAM has got you covered.

You can back up your host file manually - just copy it. Or you can use software to manage your hosts file.

windows 7 host file contents auto deleted!-backup.jpg

Additionally it's possible to monitor important registry keys for changes but it might be too much hassle for some users.

windows 7 host file contents auto deleted!-regwatcher.jpg

It's also possible to make the Hosts file "read only" but that's a pain if you need to edit it!


My System SpecsSystem Spec
.

12 Apr 2015   #14
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

If making it read only will solve the issue, I can do that but I have a question, if I make it read only .. then the software that tries backdooring, cant they just reverse it? I mean just wondering, if they can make changes without permission, wouldn't it be rather easy for them to edit read only files as well?

About backup, I know I can and honestly I have never faced this type of issues before, viruses and etc ... ya but something that edits host file, this will be first and although I didn't lose anything with utmost importance (i added the urls back) but what was and is concerning me .. is that, if a legal game used by millions of people can make such drastic changes to systems core files without permission ... then well additional protection is the best idea I think.

About firewall, I have windows default firewall, I thought sometimes to get better ones but well being honest I can't afford paid ones, any suggestions which can I use that won't effect my usability much and still provide decent protection?
My System SpecsSystem Spec
12 Apr 2015   #15
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Re: Firewall - I can't recommend one. Personally I've used Zone Alarm, Private Firewall and a couple of others but settled on Comodo Firewall. It's probably too complicated for most users but you can check out the installation guide here:

How to Install Comodo Firewall

It includes instructions for Comodo AV but if installing only the firewall it's still a good guide. Maybe wait for other suggestions.

As for Hosts file protection my current method is: Using software that informs me of important registry changes with the option to block. Again that's probably too much hassle for most users. The Hosts file is backed up anyway by HostsMan but it's just as easy to manually copy it and rename the copy to something like HOSTS.bak or HOSTS.old

I could sort of recommend Threatfire as it will warn you if anything attempts to modify or delete your Hosts file - see screenshot from my machine:

windows 7 host file contents auto deleted!-tf.jpg

However to get such notifications the sensitivity level needs to be on maximum:

windows 7 host file contents auto deleted!-level.jpg

The problem with that is that for the first day or two you are likely to recieve a lot of notifications prompting you to allow or block something. The only blocking options are to kill the process or kill process and quarantine. This can cause a problem when a program is detected connecting to the internet. Maybe you want to block it but still use the software. In this case you choose to kill the process then block it from connecting using your firewall. Then relaunch the process and it's all good.

Threatfire is no longer available to download from the manufacturer's website unless you know the direct download link. Let us know if you wish to try it and I will PM you the download link.


My System SpecsSystem Spec
13 Apr 2015   #16
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

Thanks for your suggestions, I'll checkout Comodo firewall.

Threatfire sounds good, can you please send the url and also what if for instance I'm blocking a connection that's integrated to a certain program, what are the changes of this making the program inactive? ofcourse I know this will probably vary depending on the program in question but still give me a general idea if you have one? and if I do make a mistake, I can reverse it, right?
My System SpecsSystem Spec
14 Apr 2015   #17
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Threatfire

Okay I will PM you the download link from the manufacturer's website.

You need to know: It works alongside existing security products and flags up alerts on suspicious actions depending upon the sensitivity level that's set. Any changes that you make are indeed fully reversible and it's also possible to suspend the program via right a click on the icon in the system tray.

There's no need to check for updates or set it to check for updates because there won't be any. It doesn't rely on a virus definitions database in order to work. It just flags up any actions it considers suspicious.

Here's an interesting chart:

windows 7 host file contents auto deleted!-threatfirechart.jpg

I will try posting some more details on how to use Threatfire soon. Basically if you install it before seeing these instructions just be ready for quite a few pop ups as programs connect to the internet. In most cases just allow the connection and choose the option to "remember my choice" as you can review your decisions at any point. If you want to block these connections then you need to do it via Firewall if you still wish to allow the software that creates the connection to run.

The main thing though is that Threatfire will also prompt you on any suspicious stuff like programs trying to modify your Hosts file. For the first day or two you will get a lot of pop ups about connections but these will stop once you,ve responded to them.


My System SpecsSystem Spec
14 Apr 2015   #18
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Threatfire Guide

Okay so here's more details. It's going to sound complicated but it isn't. Threatfire will just do it's own thing once configured and alert you to anything it considers suspicious but that won't happen often one it's configured. Once installed you'll probably start getting pop ups like this one:

windows 7 host file contents auto deleted!-alert.jpg

If you click on "File Activity Details" you get more info:

windows 7 host file contents auto deleted!-activity-details.jpg

So the correct response here as it's security software that wants to connect is to allow and remember the choice. If you just installed something like an image editing program you might want to prevent it connecting and uploading usage statistics and who knows what else? The correct thing to do is to allow Threatfire to let it connect but block the connection using your firewall. Once you've done that you can remove the rule created in Threatfire. More on that later.

Settings Tab:

windows 7 host file contents auto deleted!-settings.jpg

Protection On
Sensitivity - click and move slider to maximum.
Default Actions - set as shown below.
Do not register in security center.

windows 7 host file contents auto deleted!-setting2.jpg

Threat Control Tab (and undoing previous choices)

You find a list of all custom choices that you made. For more information click the information button:

windows 7 host file contents auto deleted!-log.jpg

Example for "Device driver loaded" information from my machine. You can see any File. Registry, Network or other information.

windows 7 host file contents auto deleted!-log-details.jpg

To remove the rule (undo your choice) tick the checkbox (you can choose multiple checkboxes) then click "Remove"

windows 7 host file contents auto deleted!-remove-rule.jpg

Advanced Tools Tab:

windows 7 host file contents auto deleted!-hosts-1.jpg

Default Rules.
There's a set of default rules that you don't really need to touch. They're configured for best protection but you can modify them if you wish or create new custom rules. Ususally there's no need to do this.

Lets take a look at the Hosts file protection rule. Leave checkboxes blank for the default rules (usually the best option)

Here's what you see when you click through each Hosts file option. The other rules work in a similar way.

windows 7 host file contents auto deleted!-hosts-2.jpg

windows 7 host file contents auto deleted!-hosts-3.jpg

windows 7 host file contents auto deleted!-hosts-4.jpg

windows 7 host file contents auto deleted!-hosts-5.jpg

windows 7 host file contents auto deleted!-hosts-6.jpg

windows 7 host file contents auto deleted!-hosts-7.jpg

windows 7 host file contents auto deleted!-hosts-8.jpg

System Activity Monitor:

windows 7 host file contents auto deleted!-system-activity-monitor.jpg

Shows what's currently happening on your machine. It's useful on the odd occasion!

It sounds complicated but it's not. Just get it up and running and after a day or two you won't notice it unless something new pops up. If something pops up out of the blue when you're not expecting it then it's time to investigate. When installing software you can expect to see pop ups. When installing trusted software or Windows Updates it's best to suspend protection by right clicking on the icon in the system tray.

If you have any questions I'll do my best to answer them.


My System SpecsSystem Spec
15 Apr 2015   #19
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

Thanks a lot Callender

BTW as it will be running on background, how mcuh system process does it consume, both in idle/active or passive(if any) mode?

Also wondering something, seems like it can monitor quite a lot, would it be able to to monitor any auto installation from browsers (you know malwares/rootkit etc) ... if it ever comes to that I mean.

Thanks again man!
My System SpecsSystem Spec
15 Apr 2015   #20
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

I'm not at home at the moment so I'll let you know about memory usage later. As for monitoring installs - it will only show important changes and unless you choose to quarantine something those changes cam be undone manually or just by uninstalling software in some cases. All you'd really use it for is to alert you on important changes. I've been using it for at least four years and only ever quarantined something twice but denied important changes to files/ registry many times.

Auto Monitoring installations: I use software that does that. I can post details later.
My System SpecsSystem Spec
Reply

 windows 7 host file contents auto deleted!




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows 7 and Searching File Contents
Hey guys, I'm having an issue with searching file contents. We have a folder set up for emails to be placed for archiving. The folder is shared, and located in a server 2003 machine. From my windows 7 machine, searching "reed" generates no results, but searching "Reed" will correctly find the...
General Discussion
deleted the HDD contents by mistake around 500Gb
HI I deleted HDD contents by mistake around 500Gb I need to recover the files (Movies) is there any way pls help
General Discussion
Windows file contents to text file
i need a list of everything on my hard drive i can access in a text file without manually pounding the folder/sub folder and contents names into notepad is there anyway this can be achieved?
General Discussion
Windows 7 Host File
Hi all, just joined, so hope I'm in the right area :D When editting the Windows Host File to block web sites, does editting this file affect EVERY user on the system? I'm running Windows 7 Ulimate with 2 users. Me, being Administrator. Thank you.
Customization
Could Temp folder contents be deleted?
Hi, These past few months, i've been noticing my C drive space getting smaller and smaller even if i did not download/install anything. I did a search for folders in my C drive that's taking up a lot of space and i landed in my temp folder ( C:\Windows\Temp ). That folder is packing hard with...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:36.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App