Avatar
Please consider registering
guest
sp_LogInOut Log Insp_Registration Register
Register | Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Feed Topic RSSsp_topic_old
Specific url blocked by Hosts file while not listed in it
Avatar
Flying Dutchman
Member
Members
January 10, 2011 - 1:55 pm
Member Since: September 2, 2010
Forum Posts: 278
sp_UserOfflineSmall Offline

Here's a little quiz for you:

On a friend's Win XP SP3 system, fully patched, fanboy.co.nz (with and without "www.") is being blocked by the Hosts file (as per the message appearing "[Hosts] Access denied" and "Blocked: (with and without "www.")fanboy.co.nz"), but that url is not listed in the Hosts file.

Some details about this:
My friend was trying out the latest Opera browser using the new feature to install it as portable. Following my advice, he wanted to get Fanboy's adblock list, which he got succesfully the first time. But the next time, he got the above message. I checked his Hosts file, but the url for Fanboy's site is not listed - he's using MVP's and hpHosts lists and managing them with HostsMan. I restored the original Hosts file, rebooted and visited that site with no problem (used Firefox). Then loaded back the lists, and was still able to visit the site (again using Firefox).
A couple of days later, he noticed that Opera's feature "Clean All Private Data" didn't work as expected, so he deleted it and downloaded and configured Opera@USB. Yesterday, when he opened it, it started loading Fanboy's site and ended up with the message of it being blocked by the Hosts file . I checked the Hosts file and the url is still not listed. I run the routine of restoring the original and loading back the lists, but I had no success this time. I even uninstalled HostsMan with Revo and used the portable version when restoring the lists, but the site keeps showing as blocked by the Hosts file. Checked the registry, cleared the DNS cache, Firefox cache, added the urls to the exclusion list, nth helped.
I did a search on the Internet, but the only relevant reference I found was restoring the original Hosts file (which I had already tried).

In the mean time, my friend is convinced that Opera caused this mess and has wiped every trace of it from his system.
Could it be that HostsMan is not reading/ "managing" the entries correctly? If yes, why did uninstalling it not help?

I'm baffled and can't think of anything else to try.
Could use advice/ suggestions, thanks.

I am human

Avatar
Chad Johnson
Mod
Members
January 11, 2011 - 3:58 pm
Member Since: August 11, 2011
Forum Posts: 867
sp_UserOfflineSmall Offline

Hi!

Well the first thing that jumps out at me: when an entry is blocked by the hosts file there is no notification. A browser will either time out, throw a 404 (if a web server is running) or load the completely wrong page. What the error message tells me is that something else is interrupting the web calls.

What else is installed on this machine? My first guess would be malware, but some programs (Ad Aware, Spy Sweeper, etc) install "blocking" software to manage the hosts file for windows. If that's the case, the configuration file moves from the default (c:windowssystem32driversetc) to wherever this program is managing it. It updates the registry and essentially tells Windows to ignore its built in one.

I've never used HostsMan, but does it have an option to move the HOSTS file? Is something else moving it? It's very possible that HostsMan isn't even using the correct hosts file - especially because from the looks of it, Hostsman doesn't throw up errors either, it just manages the HOSTS file.

I would start with a standard antimalware sweep and see what comes back.

Avatar
David Hartsock
Admin
January 12, 2011 - 9:43 am
Member Since: August 7, 2011
Forum Posts: 1117
sp_UserOfflineSmall Offline

[quote="Flying Dutchman":1tjqgjfl]
I did a search on the Internet, but the only relevant reference I found was restoring the original Hosts file (which I had already tried).[/quote:1tjqgjfl]
My personal belief is to not mess around with programs that modify the hosts file such as HostsMan. I really see no need (with good security measures in place) and there are some possibilities that could cause issues down the road depending on how the program is written and performs its' intended actions. Does HostsMan just modify the hosts file? Does it insert itself into the tcp/ip stack? Who knows exactly? The site lists "Local HTTP server" as a feature and has references to "internal DNS resolver" which have me a little concerned.

You've done quite the troubleshooting job, but you always do! Have you actually checked the DNS cache? It would be interesting to see if/what the program is doing. Also, just to make double sure verify that extensions for known file types is unchecked and the hosts file you are working with is indeed "hosts" without an extension. I'm sure that's not it, but sometimes a little frustrations leads to a small error.

That said, open a command prompt and type:
[code:1tjqgjfl]ipconfig /displaydns[/code:1tjqgjfl]

[quote:1tjqgjfl]In the mean time, my friend is convinced that Opera caused this mess and has wiped every trace of it from his system.
Could it be that HostsMan is not reading/ "managing" the entries correctly? If yes, why did uninstalling it not help?[/quote:1tjqgjfl]
It is really hard to tell. I would run AutoRuns and see if anything strange is listed in the Network and Winsock providers tab.

I just went to the HostsMan site and this has me a little worried

Avatar
Flying Dutchman
Member
Members
January 12, 2011 - 5:17 pm
Member Since: September 2, 2010
Forum Posts: 278
sp_UserOfflineSmall Offline

Hi Dave and Ziggie,

Thanks for replying. To answer your questions:
1. No infection say Avast, Malwarebytes, SuperAntispyware, Hitman Pro, Gmer.
2. The Hosts file is as it should be (no extensions) and where it should be (C:WINDOWSsystem32driversetc).
3. Run AutoRuns - no funny entries anywhere, just the usual MS stuff.
4. Can't make use of ipconfig /displaydns - DNS Cache gets flushed with CCleaner at the end of each day.
5. HostMan is just a hosts manager that automates the use of multiple lists as your Hosts file - instead of doing it manually, it downloads/ updates the lists, deletes any duplicates and manages an exclusion list (if you wish). After it does its job, it's not required to run and one does close it.
6. The "Local HTTP server" refers to HostsServer (included with HostsMan, but a separate .exe and process), which acts as a small HTTP server on the computer in use to respond to requests that are redirected to 127.0.0.1. You can turn this off and have Windows handle requests to 127.0.0.1.
7. The "internal DNS resolver" is used to Resolve Host Names by contacting the DNS server directly, but is unchecked by default, so the usual Windows DNS resolution mechanism is used.
8. The notification about the blocked site is created by HostsServer.

Anyway, problem is now solved. I went through the same routine, but this time found some registry entries in relation to WinPatrol Plus which I also deleted - don't know if that could have anything to do with the issue, maybe act like some sort of "memory"?
After all the trouble I went through, I'm also starting to believe it was related to Opera - the fact that a different package of Opera picked up from where the previous one stopped (both allegedly portable) makes me think that Opera didn't play nice on my friend's PC. Maybe Opera doesn't play nice with a larger Hosts file - some sort of conflict with Opera's build-in content blocker or the (parallel) use of an urlfilter.ini file.
Or maybe Opera just doesn't like HostsMan - or the other way around .

Thanks again.

I am human

Avatar
David Hartsock
Admin
January 12, 2011 - 9:26 pm
Member Since: August 7, 2011
Forum Posts: 1117
sp_UserOfflineSmall Offline

[quote="Flying Dutchman":1e3qepy8]Anyway, problem is now solved. I went through the same routine, but this time found some registry entries in relation to WinPatrol Plus which I also deleted - don't know if that could have anything to do with the issue, maybe act like some sort of "memory"?
After all the trouble I went through, I'm also starting to believe it was related to Opera - the fact that a different package of Opera picked up from where the previous one stopped (both allegedly portable) makes me think that Opera didn't play nice on my friend's PC. Maybe Opera doesn't play nice with a larger Hosts file - some sort of conflict with Opera's build-in content blocker or the (parallel) use of an urlfilter.ini file.
Or maybe Opera just doesn't like HostsMan - or the other way around .
[/quote:1e3qepy8]
Glad it's fixed. It may be related to Opera. Quite a few portable programs read/store data in the registry in the same location as the "installed" version - have to have some way to store data. It also could be a conflict, but I'm not sure how Opera's content blocker works. None the less it's good that you fixed it. That's one of the biggest pains, but more rewarding aspects of computers. Logically working through unexplainable problems!

Avatar
Chad Johnson
Mod
Members
January 12, 2011 - 10:37 pm
Member Since: August 11, 2011
Forum Posts: 867
sp_UserOfflineSmall Offline

Hooray!

Glad it's working. Now to convince him not to use HostsMan...

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online:
Guest(s) 40
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 677
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Member Stats:
Guest Posters: 11
Members: 3230
Moderators: 7
Admins: 3
Forum Stats:
Groups: 8
Forums: 20
Topics: 1954
Posts: 13563
Newest Members:
smartwindows, instaproapk, mousetesteronline, keshamatt, Patriciabin
Moderators: Carol Bratt: 67, dandl: 740, Jason Shuffield: 1, Jim Canfield: 8, Terry Hollett: 0, Stuart Berg: 0, John Durso: 0
Administrators: Jim Hillier: 2709, Richard Pedersen: 210, David Hartsock: 1117
Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!