Wetlook World ForumCurrent time: Thu 25/04/24 07:12:00 GMT |
Message # 16635.1 Subject: Additional helpful (hopefully) tip Date: Fri 17/06/05 20:23:24 GMT Name: ender |
Report Abuse or Problem to Nigel at Minxmovies
|
There is also a somewhat cruder way of blocking spyware and even other unwanted sites accessed by code you download (intentionally or not).
Normally, when you use site names in the URL or address, your computer translates te name into an IP address by requesting the IP address from a Domain Name Service (DNS) server. Your computer then uses the IP address to gain access to the site you requested. However, there is a file stored locally on your computer called "hosts" (note: it has no file extention - it is just "hosts"). On my system, it is in the following folder:
C:\WINNT\system32\drivers\etc
This file in its original form will look like what follows:
# Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
---------------- End of hosts file sample --------------------------
Your computer uses this file as an override for the DNS server - that is, if the name you request is found in this file, you computer will use the IP address associated with the name in this file, and not query the DNS server.
So now, if you add the names of sites that you find spyware accessing from your system associating the 127.0.0.1 IP address with these sites, you will effectively block the spyware from working. (127.0.0.1 is defined as a "loopback" address for your computer.)
In my case, I ran the spyware scanner from Zone Labs, as per Nigel's recommendation, and found a list of spyware cookies, and the sites they referenced. I added these sites to my hosts file as follows:
... # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost 127.0.0.1 2o7.net 127.0.0.1 www4.addfreestats.com 127.0.0.1 ads.addynamix.com 127.0.0.1 z1.adserver.com 127.0.0.1 adtech.de 127.0.0.1 servedby.advertising.com 127.0.0.1 advertising.com 127.0.0.1 as-us.falkag.net 127.0.0.1 atdmt.com 127.0.0.1 bluestreak.com 127.0.0.1 bravenet.com 127.0.0.1 doubleclick.net 127.0.0.1 exitexchange.com 127.0.0.1 fastclick.net 127.0.0.1 hit.gemius.pl 127.0.0.1 imrworldwide.com 127.0.0.1 mediaplex.com 127.0.0.1 paycounter.com 127.0.0.1 qksrv.net 127.0.0.1 questionmarket.com 127.0.0.1 realmedia.com 127.0.0.1 revenue.net 127.0.0.1 sextracker.com 127.0.0.1 counter4.sextracker.com 127.0.0.1 counter1.sextracker.com 127.0.0.1 statcounter.com 127.0.0.1 counter.sparklit.com 127.0.0.1 targetnet.com 127.0.0.1 tradedoubler.com 127.0.0.1 trafficmp.com 127.0.0.1 tribalfusion.com 127.0.0.1 valueclick.com 127.0.0.1 zedo.com
---------------- End of hosts file sample --------------------------
You will note some more commonly used sites in my list, such as realmedia.com, or bravenet.com. Right now, these sites are inaccessible to me, as trying to navigate to them just goes right back to my computer. So if you want to use any site like these, do not add them to your hosts file. I for one will not miss the popup and addware noise from either of these sites.
This does not remove any spyware or active programs from your computer. But it will prevent any further information from being sent back to their originators, and block any attempted pulling of dta or adds from these sites.
Good luck. |
In reply to Message (16635) Offtopic: Spyware - "9 out of 10 PC's Infected" - free online check...
By Nigel - nigel@wetlook.com Fri 17/06/05 02:02:04 GMT Website: www.wetlook.com Hi all,
following up on the spyware/infection issue, I've found that there is a good, and free, online checker on the www.zonelabs.com website, go to http://download.zonelabs.com/bin/promotions/spywaredetector/offer5.html
This MUST be run in Internet Explorer, not FireFox, as it used ActiveX, it found 78 items to remove on my 'secured' machine - so don't think to yourself "I'm clean" - that is very unlikely. Unfortunately, the free scan doesn't remove the infections, but it should scare you into getting/buying something that will !
Spyware can can cause all sorts of problems on the machine, misdirecting your searches, urls and even monitoring you typing your longins and passwords.
PLEASE all go and scan your machines now !
Also, while you are on the website, download at least the free version of ZoneAlarm - the software firewall, to help protect you and the rest of us from infection.
Nigel
|
Report Abuse or Problem to Nigel at Minxmovies
If you enjoy this forum, then please make a small donation to help with running costs:
(you can change amount)
|
[ This page took 0.037 seconds to generate ]