• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
Draster

Redirected Hostfile entry

6 posts in this topic

There's already a topic made about this but i think it's in the wrong section:

 

http://www.lavasoftsupport.com/index.php?s...amp;#entry85802

 

 

Basically since 0122.0000 there are 9 host files that are detected as malware, all with ip 127.0.0.1 :

 

Therealsearch.com

greg-search.com

approvedlinks.com

vse-moe.biz

aifind.info

find4u.net

i-lookup.com

ie-search.com

itseasy.us

 

 

They can't be removed either, at least not on my PC

 

Since the mentioned ip is 127.0.0.1 i'm thinking it's a false positive, from what i could find through google a host file with that ip is actually there to defend your computer, not sure about this as my computer knowledge is very limited though

Edited by Tyki

Share this post


Link to post
Share on other sites
There's already a topic made about this but i think it's in the wrong section:

 

http://www.lavasoftsupport.com/index.php?s...amp;#entry85802

Basically since 0122.0000 there are 9 host files that are detected as malware, all with ip 127.0.0.1 :

 

Therealsearch.com

greg-search.com

approvedlinks.com

vse-moe.biz

aifind.info

find4u.net

i-lookup.com

ie-search.com

itseasy.us

They can't be removed either, at least not on my PC

 

Since the mentioned ip is 127.0.0.1 i'm thinking it's a false positive, from what i could find through google a host file with that ip is actually there to defend your computer, not sure about this as my computer knowledge is very limited though

 

Hi Tyki!

 

We will take a closer look at these entries that clearly look to be inserted in the Hosts file in order to block access to the listed domains as the malicious hostnames are redirected to 127.0.0.1 (local address or localhost). We will correct this as of the next definition file update. The blocking may have been done by some other application that you may have installed and and it may also have locked(write protected) the Hosts file in order to protect it from changes (this can also be done by the Ad-Aware Hosts File Editor, by ticking "Write-Protect Hosts File"). The Ad-Aware 2008 Hosts File Editor can be reached via the Tools & Plug-Ins button.

 

Spybot Search & Destroy is an example of an application that let their users "Add Spybot S&D hosts lists" in order to block access to certain malicious sites. If the Hosts file is locked down by the application the entries cannot be removed for as long as the the lock(write-protection) is applied.

 

Thank´s for informing us about the issue!

 

As mentioned previously it will be corrected as of the next definition file update.

 

Regards,

 

LS Pekka

 

Lavasoft Research

Share this post


Link to post
Share on other sites
Hi Tyki!

 

We will take a closer look at these entries that clearly look to be inserted in the Hosts file in order to block access to the listed domains as the malicious hostnames are redirected to 127.0.0.1 (local address or localhost). We will correct this as of the next definition file update. The blocking may have been done by some other application that you may have installed and and it may also have locked(write protected) the Hosts file in order to protect it from changes (this can also be done by the Ad-Aware Hosts File Editor, by ticking "Write-Protect Hosts File"). The Ad-Aware 2008 Hosts File Editor can be reached via the Tools & Plug-Ins button.

 

Spybot Search & Destroy is an example of an application that let their users "Add Spybot S&D hosts lists" in order to block access to certain malicious sites. If the Hosts file is locked down by the application the entries cannot be removed for as long as the the lock(write-protection) is applied.

 

Thank´s for informing us about the issue!

 

As mentioned previously it will be corrected as of the next definition file update.

 

Regards,

 

LS Pekka

 

Lavasoft Research

Here are the hostnames that Ad-Aware 2008 with Definitions 0122.0000 updated 09/18/08 at 7:26 AM (GMT-07:00 US Mountain time) reported as Critical Objects. Please note that my host file is the 08/06/08 version from MVPS HOSTS and is read-only, which is probably why Ad-Aware could not remove them:

 

563 Redirected hostfile entry Misc 4

[500000035] IP Address: 127.0.0.1 Host Name: THEREALSEARCH.COM

[500000049] IP Address: 127.0.0.1 Host Name: INSTALL.XXXTOOLBAR.COM

[500000062] IP Address: 127.0.0.1 Host Name: 1-SE.COM

[500000070] IP Address: 127.0.0.1 Host Name: CRACKS.AM

[500000076] IP Address: 127.0.0.1 Host Name: IE-SEARCH.COM

[500000078] IP Address: 127.0.0.1 Host Name: ITSEASY.US

 

Thanks

Share this post


Link to post
Share on other sites
Spybot Search & Destroy is an example of an application that let their users "Add Spybot S&D hosts lists" in order to block access to certain malicious sites.
I just had this happen for the first time recently, and it is indeed SpyBot placing blocks on known bad URLs via it's Immunize feature. I not only found lots of 127.0.0.1 entries in the host file under SpyBot, I Googled and one person said it's a current glitch in Ad-Aware, or basically false positive, which sometimes happens between two security applications. The IP address 127.0.0.1 is a loopback. When URLs are placed in the host file under that address they cannot be accessed, just SpyBot doing it's good deeds. You can just click on the Ignore feature of Ad-Aware and it won't read them as malware next time. Edited by Name User

Share this post


Link to post
Share on other sites
Update 0123.0000 just released has corrected this on both my home pc's. Thanks Lavasoft

 

Hi!

 

Yes, the issue is fixed in the current definition file, 0123.0000.

 

Thank you all for reporting this issue :)

 

Regards,

 

LS Pekka

 

Lavasoft Research

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0