-
add to favourites
Making Dr.Web and the hosts file co-exist on friendly terms
Thursday, July 13, 2017
And when I enable host file protection in Dr.Web, all the changes will be reversed.
@a13x, https://www.drweb.ru/pravda/issue/?number=321&lng=ru
The hosts file is one of a system’s most important files. Its contents can be used to block access to sites or redirect users to addresses specified by criminals.
What does the hosts file look like after a system has been infected? By the way, sometimes legitimate applications also add their parameters to the file. If you’ve opened the file only to see something like this, you need to stop and think.
Today’s malicious programs are very cunning: they hide their strings in the bottom lines.
Of course, your hosts file can contain different addresses. If you have doubts or your browser is unable to reach a certain file, remove all the unnecessary strings except for the localhost. And one small tip. You can fix your hosts file with the free anti-virus utility Dr.Web CureIt! When launched, it automatically checks the file for redundant entries.
http://smartronix.ru/fajl-hosts-skachat-fail-hosts-windows-gde-naxoditsya
The problem is that an anti-virus can't determine who modified a file and why. Did the user change it manually or was it changed by a hacker who gained access to the machine, or did a malicious program do it?
Below you can see an example of how the hosts file was compromised by TrojanHosts.75, which at some point caused a lot of trouble for many users. Trojan.Hosts.75 redirects users to a scam page that looks like it’s related to social media. Here the visitor is given the impression that the site’s administrator is inviting them to register in the system using SMS activation. This measure is ostensibly necessary due to a sharp increase in spam messages.
When launched, Trojan.Hosts.75 saves a bat file to the disk which in turn modifies the hosts file. When this is accomplished, the file’s contents looks like this:
Upon attempting to visit one of the sites listed in the file, the user is redirected to a bogus page at http://211.xx.xx.xx/index.html. Attackers add so many addresses of popular sites into the file in order to increase the probability that users will end up on a scam site where they will be prompted to send a chargeable SMS.
Upon attempting to visit one of the sites listed in the file, the user is redirected to a bogus page at http://211.xx.xx.xx/index.html. Attackers add so many addresses of popular sites into the file in order to increase the probability that users will end up on a scam site where they will be prompted to send a chargeable SMS.
Then what should you do if you want to modify the file on your own?
Then what should you do if you want to modify the file on your own? Exclusions ← Files and Folders. By default, this section is blank.
Click the plus button; then select Browse and navigate to the hosts file (under Windows 10, the default location is %SystemRoot%\System32\drivers\etc).
Check the boxes next to Exclude from scanning by SpIDer Guard and Exclude from scanning by Scanner, and press OK.
Half the job is done.
But Dr.Web’s preventive protection monitors changes in the file in real time (Settings → Protection components → Preventive protection → Change parameters of suspicious activity blocking). Open the hosts file, add a harmful line, and try to save it. To open the file in Notepad, select File → Open, and navigate to the folder where hosts is located. In the field that lists the types of files, select All files and choose the hosts file with no extension.
That didn't work. Why? Because to modify its contents, you need to launch a text editor under an administrator account (required). For example, edit the file in Notepad. In Windows 10, start entering "Notepad" in the search field, and as soon as the application appears in the search results, right-click on its entry, and in the drop-down list, select Run as administrator.
Now you can save the changes. Now let's get to the preventive protection settings:
Grant access to the hosts file, make the necessary adjustments, and once again set Dr.Web to block any changes from being made to the file.
And now the most important thing.
#Dr.Web_settings #Hosts #WindowsThe Anti-virus Times recommends
By adding the hosts file to an anti-virus's exception list, you are allowing anyone to change it. That's why Dr.Web Preventive Protection is necessary. It controls attempts to modify system files in real time (if it is configured to do so) and blocks them or warns the user. This module is only available in Dr.Web Security Space and Dr.Web KATANA.
Adding exceptions of this kind to Dr.Web’s settings is considered unsafe and is emphatically not recommended.
![[Twitter]](http://st.drweb.com/static/new-www/social/no_radius/twitter.png "Shared 0 times")
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Неуёмный Обыватель
04:24:45 2018-07-22
vasvet
11:36:15 2018-07-21