Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi guys, I have a couple of questions for you. First, let me explain that I am trying to use the tool built in Spybot that adds tracking and spyware-installing sites to the Host File tool that blocks them.
Now that you know what I'm doing, let me explain my trouble. I have quite a few websites that use different variations of DoubleClick to put up advertising. Now in this tool, mulitple variations of DoubleClick are listed.
So I go to a site called Pogo.com, a nice game site, and the games no longer load. Well, I read the help file on the Spybot tool and see that it says to check a website you can't load against the list of bad sites in the Host File blocker.
I right-click the area where the ad normally loads and look at the properties to get the URL of it. It is "m3.doubleclick.net". I check it against the tool and see a few doubleclick.nets and an m and m2.doubleclick.net, no m3. So, can you tell me why if this particular variant is not listed in the blocker it still will not load?
Also, why is it that I can have SpywareBlaster and have SpywareGuard running, which both watch for Doubleclick, and neither block anything from loading yet Spybot does?
If I don't use the Host File tool in Spybot, need I be concerned that SpywareBlaster and SpywareGuard are letting things through since I can always load pages with them running? I love all my programs, but I have to wonder just what program is protecting me here and is it doing too much or too little.
Hey Bud,
Try this site for your questions, it is the official forum site for Spybot, moderated by the developer. Scroll down a bit
http://forums.net-integration.net/index.php?act=idx
Shep
0 
One more thing dw,
I use a program I highly recommend:
Under usual browsing circumstances you will get Doubleclick trackers and some others. If you run Adaware or Spybot, they will pick them up. With RTCC set up properly, they are gone on the next startup. I have a total of 12 cookies on my machine, and those are there are one's I want, with virtually no work at all. All I have to do is save those that I want. All others are deleted.
I haven't had to dive deeply into Spybot configuration, other than immunize. Between the programs all cookies are consumed.
hth
Shep
0
Hey dw226
In a previous post, you were in immediate post-format mode, when that thread got zapped.........
Never saw the follow up log to do a full check.
Also, check your host file for doubleclick entries and redirects.
0
Hey guys, how are ya? Here is the newest HijackThis log for ya.
Logfile of HijackThis v1.97.7
Scan saved at 7:24:10 PM, on 1/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\HijackThis\HijackThis.exeO2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -CC
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37987.38375
0
Looks pretty slick to me.I do however miss the Kremiln AV program in your previous logs.
It added a bit of drama.
Things going Ok ?
Shep
0
Hey iceblue, I'm not sure where to look as far as searching the Host file for those entries. Wouldn't they be listed in HijackThis? If so, I didn't notice anything unusual, those as you can see that browser hijack went poof :-)
I have left the Host file tool option in Spybot alone, it now has only my normal host in it instead of the Spybot ones. Shep, would I have to do a cold boot for the cookie cleaner to work or did you mean a restart?
0
Lol bud, Kremlin was there to protect some of my semi-private files locked down. My really important files are of course off-site. Really I just like playing with different security programs, which sometimes gets me in trouble, lol.
0
Trouble????, Nah.
RTCC will delete all cookies on any restart, cold or hot, if set up properly. Just have to pay attention if you happen to want one such as this site etc. so's you don't have to log in. If it is dumping all, you will have to logon everytime, everywhere.
As it is setup now for me, lemme look. 245 deleted this session, and back to square one on any reboot.
Good choice on the Spybot setup.
Shep
0
dw,
The log looks bellissima !HOSTS file info – help with rebuilding the Kremlin.
In Windows NT/2K/XP, the HOSTS file is located in c:\windows\system32\drivers\. In Windows 9x, the HOSTS file is located in c:\windows\. It’s the whole file HOSTS – with no file extension. When your browser needs to resolve a domain name to an IP address, it first looks for a file named HOSTS on the local computer.
Read this………
http://searchwin2000.techtarget.com/tip/1,289483,sid1_gci918711,00.html
http://www.accs-net.com/hosts/what_is_hosts.htmlfollow this conversation……
QUOTE:
Please have a look at this "HOSTS" file.
http://mvps.org/winhelp2002/hosts.htm
The URL is self-explanatory, if anyone has questions, please post them back to this thread.
Regards and enjoy, not difficult to set up or use.>Good article. Spybot will add a ton to your hosts file as well.
>Full Stop right there - *Never* use the SpyBot HOSTS, it's junk.
That's not opinion, it is fact.
SpyBot's HOSTS has tons of entries that no longer exist :-)
That causes what we call "DNS" lookup issues, or, Browser slowness.
Without getting too technincal the installed HOSTS file acts as a filter, if that filter has "stuff" that doesn't work, your Browser will take forever to load since it's looking through items that are non-existent on the Internet.>It can be dangerous too, sine if you're relying on a HOSTS file for an added layer of protection and it doesn't work, then you have a false security.
The only problem with keeping old/nonexistant entries in the hosts file is that ownership of the domain may have changed to something desireable.....
:UNQUOTEand look at this…
IESPyad
0
Hey shep, blue, you guys are awesome! I've gotten a lot of info from you two that really helps. I really appreciate it. Ok ice, I checked the Hosts file in Sys32 drivers and looked at it in Notepad. It lists my normal host, then it says "start of spybot host entries" then, underneath, "end of spybot host entries".
I assume it is telling me that Spybot had listed hosts there but they are now gone, which is the way it should be since I stopped using that tool. Lol, you gave me 3 links to host file add-ons---now I don't know which one to pick :-) Which one have you tried?
I didn't see any conversation about Spybot at the links you gave, or did you just copy part of a conversation from elsewhere and post it? I'm glad I know about Spybots host tool being bad, it's just strange that such a trustworthy program wouldn't be adjusted to fix that issue.
Well, get back with me on which host file tool you think I should use, and, again, thanks to both of you.
0
just copied and posted that bit of conversation - personally being such a huge fan of Spybot, I would never say that any part of their magnificent program is bad.
That came from someone proposing that the mvps HOSTS is better.Using the HOSTS file to block spyware is just one of several layers of defence, and I am sure the differences in those products may well be marginal to the net added protection; just as long as one is used; so much better than none. Certainly it wouldn't take long for team spybot to sort that out. Probably just database updating old entries and they'll get around to it.
Did you note the hint to make HOSTS read only as an extra step? It was a nice touch,just remember to unhook it if you add new entries/make changes.
I use IESPYAD's HOSTS, which is based on Spybots database- winks - so ya know where my allegiances lie; plus a couple of other sources.Ice
0
Hey there, yes, I already had the Host file read-only. I think it was that way when I went to check it. Now, should I have unchecked the read-only option on the host file BEFORE I installed IESPyAd, or only when I want to change a specific entry?
I also don't think there is a bad part to Spybot, I believe it is just merely a database issue myself.
0
I might have answered my own question by reading the ReadMe for IESPyAd more closely (should have to begin with, lol). Now, should I use BOTH a Host file and IESpyAd, or will IESpyAd pretty much take care of things?
It seems to me after reading that ReadMe file that a Host file is better suited to restricting internet access to spyware already on your system, and IESpyAd is another line of defense in keeping spyware from getting on there to begin with. Am I correct in thinking that?
0
uncheck it, before any changes can be made..HOSTS file and Restricted Zones
Both a HOSTS file and IESPYAD will help you to rebuild the Kremlim to impregnable status. Both help with general safe surfing practice.
(I thought I had been really clear about Spybots HOSTS but I 'buried the headline'.)
So, here's a repeat "I use Spybots's HOSTS and IESPYAD which is based on Spybots database- winks - so ya know where my allegiances lie!" (And the read only check and spywareblaster’s hosts safe encrcypted backup.) heh heh I’m not paranoid…
And you had better read that info again;
look at the http://mvps.org/winhelp2002/hosts.htm for good explanations..“You can use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements.”
A HOSTS file tells your PC not to go to bad sites, by redirecting to the IP address on the left hand side of the entry. It won’t stop you going to Restricted zones sites, unless they are specically mentioned, but that’s when your IE setttings for restricted zones come into play. Some restricted sites you want to go to for info, but don’t want any added extras loaded onto your system.
“There is no need to install, turn on, or change any settings. Windows automatically looks for the existence of a HOSTS file and if found, checks the HOSTS file first for entries to the web page you just requested. The 127.0.0.1 is the location of your computer, so when the entry "ad.doubleclick.net" is requested your computer thinks 127.0.0.1 is the location of the file. When this file is not located it skips onto the next file and thus the ad server is blocked from loading the banner, Cookie, or some unscrupulous javascript file.” There is never any normal reason to go to, or let items from ad.doubleclick.net enter your system. So that’s an appropriate entry for your HOSTS file.
*special note for log readers. If you wanted to visit www.doubleclick.com/ or any other unsafe site to check it out for research purposes; you would have to remove that entry from your hosts file temporarily by manually editing.
“IESpyAd is another line of defense in keeping spyware from getting on there to begin with. Am I correct in thinking that?” Yes, Restricted zones entries will help prevent "drive-by" installs of unwanted software. It controls whose software can be installed on your system without asking you first. IE-SPYAD is not an ad blocker. It will not block standard banner ads in Internet Explorer. What this Restricted sites list of known advertisers and crapware pushers will do, however, is:
prevent the hijacking of your home page and other key Internet Explorer settings;
shut down ActiveX, Java, and scripting, all of which can be employed to push obnoxious advertising on you and compromise your privacy and security;
block cookies, which can be used to monitor and track your travels around the Internet;
combat obnoxious script-based popups that clutter your screen and force unwanted advertising on you.
It adds this list to your IE Restricted Zones; which you can set to custom levels of securityVery safe IE restricted zones settings
Click the Custom Level button and set all sections to Disable.
This will prevent any sites listed from running ActiveX or Javascript file or installing files.
more of this at http://mvps.org/winhelp2002/hosts.htmhth
FYI: For a definitive list of who has updated what and when:
http://www.dslreports.com/forum/remark,8644818~root=security,1~mode=flat
iceblue
0
Hey Ice, sorry about my confusion bud, it wasn't your explanations that caused the problem, it was my trying to understand it all. I tried that Host file link you gave me and had the same trouble.
I've read all the artcles on the subject, but it just runs together in my mind. I'm embarrased to admit it, but when I had trouble with that Host file, I saw no uninstall file for it, and stupidly deleted it, thereby denying internet access to me.
0
nodsnods..yep..that'll do it everytime...
take ya time...no hurry on it...it's all a learning curve...btw, just saw messages; never usually scroll down that far, duh!
Check em to feel better.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
