Jump to content

Recommended Posts

This is an annoyance. I've encountered issues with NOD32 flagging the hosts file as the following:

 

Win32/Qhost trojan

 

 

Please update your application. There is nothing malicious included in the hosts file. I have several systems, including other relatives systems, setup to download and update hosts file via Spybot Search & Destroy and the MVPS Hosts file on each schedule system restart, as well change all address', excluding the loopback address, to 0.0.0.0 to minimize the hosts file size and eliminate the cpu (100%) usage.

 

The main reason for setting address' within the hosts file to 0.0.0.0, and not going into explicit detail, is to minimize the file space from nearly over 5-10mb to 1mb. If thousands of address' were pointing to the loopback address of 127.0.0.1 the system will check the address on the local machine and will eventually give up, whereas 0.0.0.0 it will explicitly block the site with no checks.

 

Link to post
Share on other sites

A legitimate host file will not be flagged by ESET.

A modified host file by malware will, however. Your host file may have been tampered with. It has nothing to do with your loopback IP or 0.0.0.0.

Manually go through your host file and make sure you don't have any real antivirus companies address inside being blocked, as well as sending a copy to ESET for evaluation.

Link to post
Share on other sites

You can download the hosts file from both SBS&D and MVPS.

 

I have gone through the entire hosts file. Each address points to 0.0.0.0, exlcuding the loopback address 127.0.0.1

 

My systems are not infected period. End of story.

Link to post
Share on other sites

I don't see the file size, all you could have done is scanned the default Microsoft file.

 

Had you bothered appending BOTH SBS&D and MVPS?! Not to mention the address' they point to? Neither SBS&D or MVPS change the address' to 0.0.0.0, they leave them to point to 127.0.0.1, already stated I have a script to change the address' upon system cycles after each file update. 

 

 

Edit:

Had not mentioned SpywareBlaster appending their data to the hosts file. So it's SBS&D, MVPS, and SpywareBlaster appending to the hosts file.

Link to post
Share on other sites
  • Administrators

We've found malware that redirects one of the addresses listed in the hosts file to 0.0.0.0 which is the reason why it's detected. We'll make this hosts file undetected.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...