Solved Hosts file-S??

rubyrubyroo

rubyrubyroo

I defy U 2 define me
Guru
Local time
2:06 AM
Messages
1,108
Location
tampa bay area, fl
can the hosts file be changed to, or amended by, another file? IOW can there be a file named xyz that essentially replaces the hosts file, or adds entries to it?

Possibly by a registry key or configuration setting? Of course it could by altering library fxns, but by other "simpler" means?

I ask this with the interest/intent of thoroughly checking systems that have been recovered from an malware infection.


Thanks
Mike :sarc:
 

My Computer

Computer Manufacturer/Model Number
Custom self build - Desktop
OS
MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
CPU
AMD Phenom II X6: Black Ed 1090T - AM3 / 3.2GHz / 8MB
Motherboard
Biostar TA790XE3
Memory
2 dual ch sets OCZ DDR3 PC3-10666 Platinum 1333MHz 8GB total
Graphics Card(s)
Onboard
Sound Card
Onboard 5.1 channel HD
Monitor(s) Displays
SyncMaster "Legal-sized" LCD (rotatable)
Screen Resolution
unknown (8.5"x15")? pixels are not known
Hard Drives
HDD1: WD RE3 Enterprize [p/n: WD500ABYS-NDW]
________SATA-II (3Gb/s) 500GB/7200rpm/16MB

HDD2: Deskstar 7K1000.C [p/n: HDS721010CLA332]
________SATA-II (3Gb/s) 1TB/7200rpm/32MB
PSU
Antec 900W mATX 20+4 w/6-8SATA;2MLX;4x6(+2)PCIe[p/n HCG-900]
Case
Mid 10-bay tower - free space design interior & well vented
Cooling
CPU HS cooler, 14.5" Case-sysfan1, dual sysfan2, exhaust
Keyboard
Blue Star Ergonomic - ps/2
Mouse
LED coorded w/v. roller wheel - ps/2
Internet Speed
GbLAN 10/100/1000 & WLAN - on T1 (Peer Network)
Other Info
Harmon-Karden speakers (L,R @ sub)

APC (Lead/Acid Batt backup UPC+Surge protector+etc)

Sony DVD SATA(300) - RW DVD/CD SATA-II(300)
i do believe that any file can be changed by a craftily written program.

even if a file has been set to read-only, the attributes can be changed. especially a file that has a known name and fixed location on any system.

more details please?
 

My Computer

Computer Manufacturer/Model Number
mickey megabyte 1234
OS
ultimate 64 sp1
CPU
i5 2500K [email protected]
Motherboard
MSI P67A-GD53
Memory
8 gigs GSkill Ripjaws 1600
Graphics Card(s)
amd hd6950
Sound Card
creative x-fi gamer
Monitor(s) Displays
samsung 24"
Screen Resolution
1920x1080
Hard Drives
ocz vertex 2e 60 gig, samsung f3 1tb, buffalo 2tb ext
PSU
antec 550
Case
antec three hundred
Cooling
i'm a cooling fan
Keyboard
saitek eclipse ii
Mouse
logitech g3
Internet Speed
about 4 Mbps
Other Info
i love win7
mickey,

hey, thanks for the response, but that not what I meant (my explanation is poorly worded)

like is there a reg key (for instance) that might hold the value "Hosts" which a evil proggie might change to "xyz" or "Hosts, xyz" for a CRUDE example - and ignoring the path in my example

mike
 

My Computer

Computer Manufacturer/Model Number
Custom self build - Desktop
OS
MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
CPU
AMD Phenom II X6: Black Ed 1090T - AM3 / 3.2GHz / 8MB
Motherboard
Biostar TA790XE3
Memory
2 dual ch sets OCZ DDR3 PC3-10666 Platinum 1333MHz 8GB total
Graphics Card(s)
Onboard
Sound Card
Onboard 5.1 channel HD
Monitor(s) Displays
SyncMaster "Legal-sized" LCD (rotatable)
Screen Resolution
unknown (8.5"x15")? pixels are not known
Hard Drives
HDD1: WD RE3 Enterprize [p/n: WD500ABYS-NDW]
________SATA-II (3Gb/s) 500GB/7200rpm/16MB

HDD2: Deskstar 7K1000.C [p/n: HDS721010CLA332]
________SATA-II (3Gb/s) 1TB/7200rpm/32MB
PSU
Antec 900W mATX 20+4 w/6-8SATA;2MLX;4x6(+2)PCIe[p/n HCG-900]
Case
Mid 10-bay tower - free space design interior & well vented
Cooling
CPU HS cooler, 14.5" Case-sysfan1, dual sysfan2, exhaust
Keyboard
Blue Star Ergonomic - ps/2
Mouse
LED coorded w/v. roller wheel - ps/2
Internet Speed
GbLAN 10/100/1000 & WLAN - on T1 (Peer Network)
Other Info
Harmon-Karden speakers (L,R @ sub)

APC (Lead/Acid Batt backup UPC+Surge protector+etc)

Sony DVD SATA(300) - RW DVD/CD SATA-II(300)
No. Their is no configuration to change what Windows uses as a hosts file.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Alienware Aurora ALX R4
OS
Windows 10 Pro (x64)
CPU
Intel Core i7-3930K (3.2GHz - 4.5GHz)
Motherboard
Alienware Aurora-R4 x79
Memory
4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card(s)
Nvidia Geforce GTX 690
Sound Card
SteelSeries Siberia Elite
Monitor(s) Displays
Dell UltraSharp U3011
Screen Resolution
2560x1600
Hard Drives
Samsung 850 Pro 256 GB, Seagate 1TB Desktop Hybrid HDD, 2x Western Digital 4TB Green HDD
PSU
875W Some Dell PSU <.<
Case
Alienware Aurora ALX
Cooling
Custom Liquid Cooling (EK CPU & GPU blocks) dual EK 480RAD
Keyboard
Logitech G710+ Mechanical
Mouse
Logitech G700s
Internet Speed
Verizon Fios (50 mbps average)
Other Info
Server: Intel NUC D54250WYK: i5-4250U, 16GB, 256 GB mSATA, Windows Server 2012 R2
Thank you LogicEarth
 

My Computer

Computer Manufacturer/Model Number
Custom self build - Desktop
OS
MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
CPU
AMD Phenom II X6: Black Ed 1090T - AM3 / 3.2GHz / 8MB
Motherboard
Biostar TA790XE3
Memory
2 dual ch sets OCZ DDR3 PC3-10666 Platinum 1333MHz 8GB total
Graphics Card(s)
Onboard
Sound Card
Onboard 5.1 channel HD
Monitor(s) Displays
SyncMaster "Legal-sized" LCD (rotatable)
Screen Resolution
unknown (8.5"x15")? pixels are not known
Hard Drives
HDD1: WD RE3 Enterprize [p/n: WD500ABYS-NDW]
________SATA-II (3Gb/s) 500GB/7200rpm/16MB

HDD2: Deskstar 7K1000.C [p/n: HDS721010CLA332]
________SATA-II (3Gb/s) 1TB/7200rpm/32MB
PSU
Antec 900W mATX 20+4 w/6-8SATA;2MLX;4x6(+2)PCIe[p/n HCG-900]
Case
Mid 10-bay tower - free space design interior & well vented
Cooling
CPU HS cooler, 14.5" Case-sysfan1, dual sysfan2, exhaust
Keyboard
Blue Star Ergonomic - ps/2
Mouse
LED coorded w/v. roller wheel - ps/2
Internet Speed
GbLAN 10/100/1000 & WLAN - on T1 (Peer Network)
Other Info
Harmon-Karden speakers (L,R @ sub)

APC (Lead/Acid Batt backup UPC+Surge protector+etc)

Sony DVD SATA(300) - RW DVD/CD SATA-II(300)

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Hi, Mike.

WinPatrol is one of my favorite programs. Among many other features, WinPatrol has a feature to monitor/edit the HOSTS file. From WinPatrol Features: Options
"Warn if changes are made to my Internet HOSTS file"

The HOSTS file is like a local road map to the internet. When you enter in a web address like BillP Studios - WinPatrol, the request is first sent out to a special internet server (known as a DNS server) that converts the web address into the numerical IP address like 217.146.53.2, which is the actual address for the web site you're visiting. You are then connected via that IP address to the web site. A HOSTS file simply speeds up the process by storing matched pairs of web addresses and their IP address equivalents so that your web browser can skip requesting the actual IP address from a DNS server.

Malicious programs have been known to use bogus entries in the HOSTS file to misdirect web surfers to sites to potentially dangerous, unwanted web sites. These malicious programs might add a known web address like Google but assign it the numerical IP address of an advertiser or even a more dangerous site. When you type in Google to your browser, you end up going to an unwanted, unexpected web site instead of where you wanted to go.

WinPatrol can monitor your HOSTS file and warn you when changes are made. You can also check your HOSTS file by clicking the View HOSTS file... button. By default the only entry you should see in your hosts file is:
127.0.0.1 Localhost
Click to expand...
 

My Computer

OS
Windows 7 & Windows Vista Ultimate
You must log in or register to reply here.
Back
Top