Wetlook World Forum

Normally, when you use site names in the URL or address, your computer translates te name into an IP address by requesting the IP address from a Domain Name Service (DNS) server. Your computer then uses the IP address to gain access to the site you requested. However, there is a file stored locally on your computer called "hosts" (note: it has no file extention - it is just "hosts"). On my system, it is in the following folder:

C:\WINNT\system32\drivers\etc

This file in its original form will look like what follows:

# Copyright (c) 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

---------------- End of hosts file sample --------------------------

Your computer uses this file as an override for the DNS server - that is, if the name you request is found in this file, you computer will use the IP address associated with the name in this file, and not query the DNS server.

So now, if you add the names of sites that you find spyware accessing from your system associating the 127.0.0.1 IP address with these sites, you will effectively block the spyware from working. (127.0.0.1 is defined as a "loopback" address for your computer.)

In my case, I ran the spyware scanner from Zone Labs, as per Nigel's recommendation, and found a list of spyware cookies, and the sites they referenced. I added these sites to my hosts file as follows:

...

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

127.0.0.1       2o7.net

127.0.0.1       www4.addfreestats.com

127.0.0.1       ads.addynamix.com

127.0.0.1       z1.adserver.com

127.0.0.1       adtech.de

127.0.0.1       servedby.advertising.com

127.0.0.1       advertising.com

127.0.0.1       as-us.falkag.net

127.0.0.1       atdmt.com

127.0.0.1       bluestreak.com

127.0.0.1       bravenet.com

127.0.0.1       doubleclick.net

127.0.0.1       exitexchange.com

127.0.0.1       fastclick.net

127.0.0.1       hit.gemius.pl

127.0.0.1       imrworldwide.com

127.0.0.1       mediaplex.com

127.0.0.1       paycounter.com

127.0.0.1       qksrv.net

127.0.0.1       questionmarket.com

127.0.0.1       realmedia.com

127.0.0.1       revenue.net

127.0.0.1       sextracker.com

127.0.0.1       counter4.sextracker.com

127.0.0.1       counter1.sextracker.com

127.0.0.1       statcounter.com

127.0.0.1       counter.sparklit.com

127.0.0.1       targetnet.com

127.0.0.1       tradedoubler.com

127.0.0.1       trafficmp.com

127.0.0.1       tribalfusion.com

127.0.0.1       valueclick.com

127.0.0.1       zedo.com

---------------- End of hosts file sample --------------------------

You will note some more commonly used sites in my list, such as realmedia.com, or bravenet.com. Right now, these sites are inaccessible to me, as trying to navigate to them just goes right back to my computer. So if you want to use any site like these, do not add them to your hosts file. I for one will not miss the popup and addware noise from either of these sites.

This does not remove any spyware or active programs from your computer. But it will prevent any further information from being sent back to their originators, and block any attempted pulling of dta or adds from these sites.

Good luck.