September 2, 2010
Here's a little quiz for you:
On a friend's Win XP SP3 system, fully patched, fanboy.co.nz (with and without "www.") is being blocked by the Hosts file (as per the message appearing "[Hosts] Access denied" and "Blocked: (with and without "www.")fanboy.co.nz"), but that url is not listed in the Hosts file.
Some details about this:
My friend was trying out the latest Opera browser using the new feature to install it as portable. Following my advice, he wanted to get Fanboy's adblock list, which he got succesfully the first time. But the next time, he got the above message. I checked his Hosts file, but the url for Fanboy's site is not listed - he's using MVP's and hpHosts lists and managing them with HostsMan. I restored the original Hosts file, rebooted and visited that site with no problem (used Firefox). Then loaded back the lists, and was still able to visit the site (again using Firefox).
A couple of days later, he noticed that Opera's feature "Clean All Private Data" didn't work as expected, so he deleted it and downloaded and configured Opera@USB. Yesterday, when he opened it, it started loading Fanboy's site and ended up with the message of it being blocked by the Hosts file . I checked the Hosts file and the url is still not listed. I run the routine of restoring the original and loading back the lists, but I had no success this time. I even uninstalled HostsMan with Revo and used the portable version when restoring the lists, but the site keeps showing as blocked by the Hosts file. Checked the registry, cleared the DNS cache, Firefox cache, added the urls to the exclusion list, nth helped.
I did a search on the Internet, but the only relevant reference I found was restoring the original Hosts file (which I had already tried).
In the mean time, my friend is convinced that Opera caused this mess and has wiped every trace of it from his system.
Could it be that HostsMan is not reading/ "managing" the entries correctly? If yes, why did uninstalling it not help?
I'm baffled and can't think of anything else to try.
Could use advice/ suggestions, thanks.
I am human
August 11, 2011
Hi!
Well the first thing that jumps out at me: when an entry is blocked by the hosts file there is no notification. A browser will either time out, throw a 404 (if a web server is running) or load the completely wrong page. What the error message tells me is that something else is interrupting the web calls.
What else is installed on this machine? My first guess would be malware, but some programs (Ad Aware, Spy Sweeper, etc) install "blocking" software to manage the hosts file for windows. If that's the case, the configuration file moves from the default (c:windowssystem32driversetc) to wherever this program is managing it. It updates the registry and essentially tells Windows to ignore its built in one.
I've never used HostsMan, but does it have an option to move the HOSTS file? Is something else moving it? It's very possible that HostsMan isn't even using the correct hosts file - especially because from the looks of it, Hostsman doesn't throw up errors either, it just manages the HOSTS file.
I would start with a standard antimalware sweep and see what comes back.
August 7, 2011
[quote="Flying Dutchman":1tjqgjfl]
I did a search on the Internet, but the only relevant reference I found was restoring the original Hosts file (which I had already tried).[/quote:1tjqgjfl]
My personal belief is to not mess around with programs that modify the hosts file such as HostsMan. I really see no need (with good security measures in place) and there are some possibilities that could cause issues down the road depending on how the program is written and performs its' intended actions. Does HostsMan just modify the hosts file? Does it insert itself into the tcp/ip stack? Who knows exactly? The site lists "Local HTTP server" as a feature and has references to "internal DNS resolver" which have me a little concerned.
You've done quite the troubleshooting job, but you always do! Have you actually checked the DNS cache? It would be interesting to see if/what the program is doing. Also, just to make double sure verify that extensions for known file types is unchecked and the hosts file you are working with is indeed "hosts" without an extension. I'm sure that's not it, but sometimes a little frustrations leads to a small error.
That said, open a command prompt and type:
[code:1tjqgjfl]ipconfig /displaydns[/code:1tjqgjfl]
[quote:1tjqgjfl]In the mean time, my friend is convinced that Opera caused this mess and has wiped every trace of it from his system.
Could it be that HostsMan is not reading/ "managing" the entries correctly? If yes, why did uninstalling it not help?[/quote:1tjqgjfl]
It is really hard to tell. I would run AutoRuns and see if anything strange is listed in the Network and Winsock providers tab.
I just went to the HostsMan site and this has me a little worried
September 2, 2010
Hi Dave and Ziggie,
Thanks for replying. To answer your questions:
1. No infection say Avast, Malwarebytes, SuperAntispyware, Hitman Pro, Gmer.
2. The Hosts file is as it should be (no extensions) and where it should be (C:WINDOWSsystem32driversetc).
3. Run AutoRuns - no funny entries anywhere, just the usual MS stuff.
4. Can't make use of ipconfig /displaydns - DNS Cache gets flushed with CCleaner at the end of each day.
5. HostMan is just a hosts manager that automates the use of multiple lists as your Hosts file - instead of doing it manually, it downloads/ updates the lists, deletes any duplicates and manages an exclusion list (if you wish). After it does its job, it's not required to run and one does close it.
6. The "Local HTTP server" refers to HostsServer (included with HostsMan, but a separate .exe and process), which acts as a small HTTP server on the computer in use to respond to requests that are redirected to 127.0.0.1. You can turn this off and have Windows handle requests to 127.0.0.1.
7. The "internal DNS resolver" is used to Resolve Host Names by contacting the DNS server directly, but is unchecked by default, so the usual Windows DNS resolution mechanism is used.
8. The notification about the blocked site is created by HostsServer.
Anyway, problem is now solved. I went through the same routine, but this time found some registry entries in relation to WinPatrol Plus which I also deleted - don't know if that could have anything to do with the issue, maybe act like some sort of "memory"?
After all the trouble I went through, I'm also starting to believe it was related to Opera - the fact that a different package of Opera picked up from where the previous one stopped (both allegedly portable) makes me think that Opera didn't play nice on my friend's PC. Maybe Opera doesn't play nice with a larger Hosts file - some sort of conflict with Opera's build-in content blocker or the (parallel) use of an urlfilter.ini file.
Or maybe Opera just doesn't like HostsMan - or the other way around .
Thanks again.
I am human
August 7, 2011
[quote="Flying Dutchman":1e3qepy8]Anyway, problem is now solved. I went through the same routine, but this time found some registry entries in relation to WinPatrol Plus which I also deleted - don't know if that could have anything to do with the issue, maybe act like some sort of "memory"?
After all the trouble I went through, I'm also starting to believe it was related to Opera - the fact that a different package of Opera picked up from where the previous one stopped (both allegedly portable) makes me think that Opera didn't play nice on my friend's PC. Maybe Opera doesn't play nice with a larger Hosts file - some sort of conflict with Opera's build-in content blocker or the (parallel) use of an urlfilter.ini file.
Or maybe Opera just doesn't like HostsMan - or the other way around .
[/quote:1e3qepy8]
Glad it's fixed. It may be related to Opera. Quite a few portable programs read/store data in the registry in the same location as the "installed" version - have to have some way to store data. It also could be a conflict, but I'm not sure how Opera's content blocker works. None the less it's good that you fixed it. That's one of the biggest pains, but more rewarding aspects of computers. Logically working through unexplainable problems!
