 |
Windows 7: Hosts file-S??
|
23 Nov 2011
|
#1 | |
MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade tampa bay area, fl |
Hosts file-S??
can the hosts file be changed to, or amended by, another file? IOW can there be a file named xyz that essentially replaces the hosts file, or adds entries to it?
Possibly by a registry key or configuration setting? Of course it could by altering library fxns, but by other "simpler" means?
I ask this with the interest/intent of thoroughly checking systems that have been recovered from an malware infection.
Thanks
Mike  | My System Specs |
| System Manufacturer/Model Number Custom self build - Desktop
OS MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
CPU AMD Phenom II X6: Black Ed 1090T - AM3 / 3.2GHz / 8MB
Motherboard Biostar TA790XE3
Memory 2 dual ch sets OCZ DDR3 PC3-10666 Platinum 1333MHz 8GB total
Graphics Card Onboard
Sound Card Onboard 5.1 channel HD
Monitor(s) Displays SyncMaster "Legal-sized" LCD (rotatable)
Screen Resolution unknown (8.5"x15")? pixels are not known
Keyboard Blue Star Ergonomic - ps/2
Mouse LED coorded w/v. roller wheel - ps/2
PSU Antec 900W mATX 20+4 w/6-8SATA;2MLX;4x6(+2)PCIe[p/n HCG-900]
Case Mid 10-bay tower - free space design interior & well vented
Cooling CPU HS cooler, 14.5" Case-sysfan1, dual sysfan2, exhaust
Hard Drives HDD1: WD RE3 Enterprize [p/n: WD500ABYS-NDW]
________SATA-II (3Gb/s) 500GB/7200rpm/16MB
HDD2: Deskstar 7K1000.C [p/n: HDS721010CLA332]
________SATA-II (3Gb/s) 1TB/7200rpm/32MB
Internet Speed GbLAN 10/100/1000 & WLAN - on T1 (Peer Network)
Other Info Harmon-Karden speakers (L,R @ sub)
APC (Lead/Acid Batt backup UPC+Surge protector+etc)
Sony DVD SATA(300) - RW DVD/CD SATA-II(300)
|
23 Nov 2011
|
#2 | |
|
i do believe that any file can be changed by a craftily written program.
even if a file has been set to read-only, the attributes can be changed. especially a file that has a known name and fixed location on any system.
more details please? | | My System Specs | | System Manufacturer/Model Number mickey megabyte 1234
OS ultimate 64 sp1
CPU i5 2500K 3.3@4.2GHz
Motherboard MSI P67A-GD53
Memory 8 gigs GSkill Ripjaws 1600
Graphics Card amd hd6950
Sound Card creative x-fi gamer
Monitor(s) Displays samsung 24"
Screen Resolution 1920x1080
Keyboard saitek eclipse ii
Mouse logitech g3
PSU antec 550
Case antec three hundred
Cooling i'm a cooling fan
Hard Drives ocz vertex 2e 60 gig, samsung f3 1tb, buffalo 2tb ext
Internet Speed about 4 Mbps
Other Info i love win7
|
23 Nov 2011
|
#3 | |
MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade tampa bay area, fl |
mickey,
hey, thanks for the response, but that not what I meant (my explanation is poorly worded)
like is there a reg key (for instance) that might hold the value "Hosts" which a evil proggie might change to "xyz" or "Hosts, xyz" for a CRUDE example - and ignoring the path in my example
mike | | My System Specs | | System Manufacturer/Model Number Custom self build - Desktop
OS MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
CPU AMD Phenom II X6: Black Ed 1090T - AM3 / 3.2GHz / 8MB
Motherboard Biostar TA790XE3
Memory 2 dual ch sets OCZ DDR3 PC3-10666 Platinum 1333MHz 8GB total
Graphics Card Onboard
Sound Card Onboard 5.1 channel HD
Monitor(s) Displays SyncMaster "Legal-sized" LCD (rotatable)
Screen Resolution unknown (8.5"x15")? pixels are not known
Keyboard Blue Star Ergonomic - ps/2
Mouse LED coorded w/v. roller wheel - ps/2
PSU Antec 900W mATX 20+4 w/6-8SATA;2MLX;4x6(+2)PCIe[p/n HCG-900]
Case Mid 10-bay tower - free space design interior & well vented
Cooling CPU HS cooler, 14.5" Case-sysfan1, dual sysfan2, exhaust
Hard Drives HDD1: WD RE3 Enterprize [p/n: WD500ABYS-NDW]
________SATA-II (3Gb/s) 500GB/7200rpm/16MB
HDD2: Deskstar 7K1000.C [p/n: HDS721010CLA332]
________SATA-II (3Gb/s) 1TB/7200rpm/32MB
Internet Speed GbLAN 10/100/1000 & WLAN - on T1 (Peer Network)
Other Info Harmon-Karden speakers (L,R @ sub)
APC (Lead/Acid Batt backup UPC+Surge protector+etc)
Sony DVD SATA(300) - RW DVD/CD SATA-II(300)
|
23 Nov 2011
|
#4 | |
|
No. Their is no configuration to change what Windows uses as a hosts file. | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Alienware Aurora ALX R4
OS Windows 7 x64 (SP1)
CPU Intel Core i7-3930K (3.2GHz, Turbo 4GHz)
Motherboard Alienware Aurora-R4 x79
Memory 4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card Nvidia Geforce GTX 690 (Stock)
Sound Card RealTek Integrated Audio
Monitor(s) Displays Dell UltraSharp U3011
Screen Resolution 2560x1600
PSU 875W Some Dell PSU <.<
Hard Drives Samsung P830 256 GB, WD Raptor 150GB, 2x 1TB HDDs
Other Info Dell Inspiron Mini 10v (Intel Atom N270 1.6 GHz; 1GB; Windows 7 Ultimate)
|
23 Nov 2011
|
#5 | |
MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade tampa bay area, fl |
| | My System Specs | | System Manufacturer/Model Number Custom self build - Desktop
OS MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
CPU AMD Phenom II X6: Black Ed 1090T - AM3 / 3.2GHz / 8MB
Motherboard Biostar TA790XE3
Memory 2 dual ch sets OCZ DDR3 PC3-10666 Platinum 1333MHz 8GB total
Graphics Card Onboard
Sound Card Onboard 5.1 channel HD
Monitor(s) Displays SyncMaster "Legal-sized" LCD (rotatable)
Screen Resolution unknown (8.5"x15")? pixels are not known
Keyboard Blue Star Ergonomic - ps/2
Mouse LED coorded w/v. roller wheel - ps/2
PSU Antec 900W mATX 20+4 w/6-8SATA;2MLX;4x6(+2)PCIe[p/n HCG-900]
Case Mid 10-bay tower - free space design interior & well vented
Cooling CPU HS cooler, 14.5" Case-sysfan1, dual sysfan2, exhaust
Hard Drives HDD1: WD RE3 Enterprize [p/n: WD500ABYS-NDW]
________SATA-II (3Gb/s) 500GB/7200rpm/16MB
HDD2: Deskstar 7K1000.C [p/n: HDS721010CLA332]
________SATA-II (3Gb/s) 1TB/7200rpm/32MB
Internet Speed GbLAN 10/100/1000 & WLAN - on T1 (Peer Network)
Other Info Harmon-Karden speakers (L,R @ sub)
APC (Lead/Acid Batt backup UPC+Surge protector+etc)
Sony DVD SATA(300) - RW DVD/CD SATA-II(300)
|
24 Nov 2011
|
#6 | |
Windows 7 Ultimate 32bit SP1 |
| | My System Specs | | System Manufacturer/Model Number Bruce ... somewhere in his 40's
OS Windows 7 Ultimate 32bit SP1
CPU Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard INTEL/D975XBX2
Memory 4 GB
Graphics Card ATI Radeon HD 2600 Pro
Monitor(s) Displays Samsung SyncMaster 914v
Screen Resolution 1280 x 1024
Keyboard Standard PS/2 Keyboard
Mouse Microsoft PS/2 Mouse
PSU Rocketfish 700 W
Case G.Skill Gigabyte Chassis
Hard Drives 2/500GB each ... ST3500630AS ATA Device.
One is not connected
Internet Speed DSL
Antivirus Avira Internet Security
Browser IE 9
Other Info ATI HDMI Audio
|
24 Nov 2011
|
#7 | |
Windows 7 & Windows Vista Ultimate Upstate NY |
Hi, Mike.
WinPatrol is one of my favorite programs. Among many other features, WinPatrol has a feature to monitor/edit the HOSTS file. From WinPatrol Features: Options Quote: "Warn if changes are made to my Internet HOSTS file"
The HOSTS file is like a local road map to the internet. When you enter in a web address like BillP Studios - WinPatrol, the request is first sent out to a special internet server (known as a DNS server) that converts the web address into the numerical IP address like 217.146.53.2, which is the actual address for the web site you're visiting. You are then connected via that IP address to the web site. A HOSTS file simply speeds up the process by storing matched pairs of web addresses and their IP address equivalents so that your web browser can skip requesting the actual IP address from a DNS server.
Malicious programs have been known to use bogus entries in the HOSTS file to misdirect web surfers to sites to potentially dangerous, unwanted web sites. These malicious programs might add a known web address like Google but assign it the numerical IP address of an advertiser or even a more dangerous site. When you type in Google to your browser, you end up going to an unwanted, unexpected web site instead of where you wanted to go.
WinPatrol can monitor your HOSTS file and warn you when changes are made. You can also check your HOSTS file by clicking the View HOSTS file... button. By default the only entry you should see in your hosts file is: 127.0.0.1 Localhost | | My System Specs | | OS Windows 7 & Windows Vista Ultimate
All times are GMT -5. The time now is 05:45 PM. |  |
