Jump to content

Recommended Posts

Posted

This is an annoyance. I've encountered issues with NOD32 flagging the hosts file as the following:

 

Win32/Qhost trojan

 

 

Please update your application. There is nothing malicious included in the hosts file. I have several systems, including other relatives systems, setup to download and update hosts file via Spybot Search & Destroy and the MVPS Hosts file on each schedule system restart, as well change all address', excluding the loopback address, to 0.0.0.0 to minimize the hosts file size and eliminate the cpu (100%) usage.

 

The main reason for setting address' within the hosts file to 0.0.0.0, and not going into explicit detail, is to minimize the file space from nearly over 5-10mb to 1mb. If thousands of address' were pointing to the loopback address of 127.0.0.1 the system will check the address on the local machine and will eventually give up, whereas 0.0.0.0 it will explicitly block the site with no checks.

 

  • Administrators
Posted

Please submit the hosts file to ESET for further analysis as per the instructions here.

Posted (edited)

A legitimate host file will not be flagged by ESET.

A modified host file by malware will, however. Your host file may have been tampered with. It has nothing to do with your loopback IP or 0.0.0.0.

Manually go through your host file and make sure you don't have any real antivirus companies address inside being blocked, as well as sending a copy to ESET for evaluation.

Edited by Arakasi
Posted (edited)

You can download the hosts file from both SBS&D and MVPS.

 

I have gone through the entire hosts file. Each address points to 0.0.0.0, exlcuding the loopback address 127.0.0.1

 

My systems are not infected period. End of story.

Edited by HOSTS
Posted

I just downloaded said host file from MVPS

Then i scanned it.

Here are my results.

post-1101-0-64340700-1382944696_thumb.jpg

Posted

I would send yours per Marcos instructions.

Good luck sir.

Posted (edited)

I don't see the file size, all you could have done is scanned the default Microsoft file.

 

Had you bothered appending BOTH SBS&D and MVPS?! Not to mention the address' they point to? Neither SBS&D or MVPS change the address' to 0.0.0.0, they leave them to point to 127.0.0.1, already stated I have a script to change the address' upon system cycles after each file update. 

 

 

Edit:

Had not mentioned SpywareBlaster appending their data to the hosts file. So it's SBS&D, MVPS, and SpywareBlaster appending to the hosts file.

Edited by HOSTS
  • Administrators
Posted

We've found malware that redirects one of the addresses listed in the hosts file to 0.0.0.0 which is the reason why it's detected. We'll make this hosts file undetected.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...