Your browser is obsolete!

The page may not load correctly.

Configure it!

Настрой-ка!

Other issues in this category (31)
  • add to favourites
    Add to Bookmarks

Making Dr.Web and the hosts file co-exist on friendly terms

Read: 1570 Comments: 3 Rating: 8

And when I enable host file protection in Dr.Web, all the changes will be reversed.

@a13x, https://www.drweb.ru/pravda/issue/?number=321&lng=ru

The hosts file is one of a system’s most important files. Its contents can be used to block access to sites or redirect users to addresses specified by criminals.

What does the hosts file look like after a system has been infected? By the way, sometimes legitimate applications also add their parameters to the file. If you’ve opened the file only to see something like this, you need to stop and think.

#drweb

Today’s malicious programs are very cunning: they hide their strings in the bottom lines.

#drweb

Of course, your hosts file can contain different addresses. If you have doubts or your browser is unable to reach a certain file, remove all the unnecessary strings except for the localhost. And one small tip. You can fix your hosts file with the free anti-virus utility Dr.Web CureIt! When launched, it automatically checks the file for redundant entries.

http://smartronix.ru/fajl-hosts-skachat-fail-hosts-windows-gde-naxoditsya

The problem is that an anti-virus can't determine who modified a file and why. Did the user change it manually or was it changed by a hacker who gained access to the machine, or did a malicious program do it?

Below you can see an example of how the hosts file was compromised by TrojanHosts.75, which at some point caused a lot of trouble for many users. Trojan.Hosts.75 redirects users to a scam page that looks like it’s related to social media. Here the visitor is given the impression that the site’s administrator is inviting them to register in the system using SMS activation. This measure is ostensibly necessary due to a sharp increase in spam messages.

#drweb

When launched, Trojan.Hosts.75 saves a bat file to the disk which in turn modifies the hosts file. When this is accomplished, the file’s contents looks like this:

#drweb

Upon attempting to visit one of the sites listed in the file, the user is redirected to a bogus page at http://211.xx.xx.xx/index.html. Attackers add so many addresses of popular sites into the file in order to increase the probability that users will end up on a scam site where they will be prompted to send a chargeable SMS.

http://www.internetua.com/fishing--kak-lovyat-v-internete

Upon attempting to visit one of the sites listed in the file, the user is redirected to a bogus page at http://211.xx.xx.xx/index.html. Attackers add so many addresses of popular sites into the file in order to increase the probability that users will end up on a scam site where they will be prompted to send a chargeable SMS.

Then what should you do if you want to modify the file on your own?

Then what should you do if you want to modify the file on your own? ExclusionsFiles and Folders. By default, this section is blank.

#drweb

Click the plus button; then select Browse and navigate to the hosts file (under Windows 10, the default location is %SystemRoot%\System32\drivers\etc).

#drweb

Check the boxes next to Exclude from scanning by SpIDer Guard and Exclude from scanning by Scanner, and press OK.

#drweb

#drweb

Half the job is done.

But Dr.Web’s preventive protection monitors changes in the file in real time (SettingsProtection componentsPreventive protectionChange parameters of suspicious activity blocking). Open the hosts file, add a harmful line, and try to save it. To open the file in Notepad, select FileOpen, and navigate to the folder where hosts is located. In the field that lists the types of files, select All files and choose the hosts file with no extension.

#drweb

#drweb

#drweb

That didn't work. Why? Because to modify its contents, you need to launch a text editor under an administrator account (required). For example, edit the file in Notepad. In Windows 10, start entering "Notepad" in the search field, and as soon as the application appears in the search results, right-click on its entry, and in the drop-down list, select Run as administrator.

#drweb

Now you can save the changes. Now let's get to the preventive protection settings:

#drweb

Grant access to the hosts file, make the necessary adjustments, and once again set Dr.Web to block any changes from being made to the file.

And now the most important thing.

#Dr.Web_settings #Hosts #Windows

Dr.Web recommends

By adding the hosts file to an anti-virus's exception list, you are allowing anyone to change it. That's why Dr.Web Preventive Protection is necessary. It controls attempts to modify system files in real time (if it is configured to do so) and blocks them or warns the user. This module is only available in Dr.Web Security Space and Dr.Web KATANA.

Adding exceptions of this kind to Dr.Web’s settings is considered unsafe and is emphatically not recommended.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments