Specific url blocked by Hosts file while not listed in it

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
Specific url blocked by Hosts file while not listed in it
Avatar
Flying Dutchman
Member
Forum Posts: 278
Member Since:
September 2, 2010
sp_UserOfflineSmall Offline
1
January 10, 2011 - 1:55 pm
sp_Permalink sp_Print

Here's a little quiz for you:

On a friend's Win XP SP3 system, fully patched, fanboy.co.nz (with and without "www.") is being blocked by the Hosts file (as per the message appearing "[Hosts] Access denied" and "Blocked: (with and without "www.")fanboy.co.nz"), but that url is not listed in the Hosts file.

Some details about this:
My friend was trying out the latest Opera browser using the new feature to install it as portable. Following my advice, he wanted to get Fanboy's adblock list, which he got succesfully the first time. But the next time, he got the above message. I checked his Hosts file, but the url for Fanboy's site is not listed - he's using MVP's and hpHosts lists and managing them with HostsMan. I restored the original Hosts file, rebooted and visited that site with no problem (used Firefox). Then loaded back the lists, and was still able to visit the site (again using Firefox).
A couple of days later, he noticed that Opera's feature "Clean All Private Data" didn't work as expected, so he deleted it and downloaded and configured Opera@USB. Yesterday, when he opened it, it started loading Fanboy's site and ended up with the message of it being blocked by the Hosts file . I checked the Hosts file and the url is still not listed. I run the routine of restoring the original and loading back the lists, but I had no success this time. I even uninstalled HostsMan with Revo and used the portable version when restoring the lists, but the site keeps showing as blocked by the Hosts file. Checked the registry, cleared the DNS cache, Firefox cache, added the urls to the exclusion list, nth helped.
I did a search on the Internet, but the only relevant reference I found was restoring the original Hosts file (which I had already tried).

In the mean time, my friend is convinced that Opera caused this mess and has wiped every trace of it from his system.
Could it be that HostsMan is not reading/ "managing" the entries correctly? If yes, why did uninstalling it not help?

I'm baffled and can't think of anything else to try.
Could use advice/ suggestions, thanks.

I am human

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
2
January 11, 2011 - 3:58 pm
sp_Permalink sp_Print

Hi!

Well the first thing that jumps out at me: when an entry is blocked by the hosts file there is no notification. A browser will either time out, throw a 404 (if a web server is running) or load the completely wrong page. What the error message tells me is that something else is interrupting the web calls.

What else is installed on this machine? My first guess would be malware, but some programs (Ad Aware, Spy Sweeper, etc) install "blocking" software to manage the hosts file for windows. If that's the case, the configuration file moves from the default (c:windowssystem32driversetc) to wherever this program is managing it. It updates the registry and essentially tells Windows to ignore its built in one.

I've never used HostsMan, but does it have an option to move the HOSTS file? Is something else moving it? It's very possible that HostsMan isn't even using the correct hosts file - especially because from the looks of it, Hostsman doesn't throw up errors either, it just manages the HOSTS file.

I would start with a standard antimalware sweep and see what comes back.

Avatar
David Hartsock
Admin
Forum Posts: 1105
Member Since:
August 7, 2011
sp_UserOfflineSmall Offline
3
January 12, 2011 - 9:43 am
sp_Permalink sp_Print


I did a search on the Internet, but the only relevant reference I found was restoring the original Hosts file (which I had already tried).[/quote:1tjqgjfl]
My personal belief is to not mess around with programs that modify the hosts file such as HostsMan. I really see no need (with good security measures in place) and there are some possibilities that could cause issues down the road depending on how the program is written and performs its' intended actions. Does HostsMan just modify the hosts file? Does it insert itself into the tcp/ip stack? Who knows exactly? The site lists "Local HTTP server" as a feature and has references to "internal DNS resolver" which have me a little concerned.

You've done quite the troubleshooting job, but you always do! Have you actually checked the DNS cache? It would be interesting to see if/what the program is doing. Also, just to make double sure verify that extensions for known file types is unchecked and the hosts file you are working with is indeed "hosts" without an extension. I'm sure that's not it, but sometimes a little frustrations leads to a small error.

That said, open a command prompt and type:
[code:1tjqgjfl]ipconfig /displaydns[/code:1tjqgjfl]

In the mean time, my friend is convinced that Opera caused this mess and has wiped every trace of it from his system.
Could it be that HostsMan is not reading/ "managing" the entries correctly? If yes, why did uninstalling it not help?[/quote:1tjqgjfl]
It is really hard to tell. I would run AutoRuns and see if anything strange is listed in the Network and Winsock providers tab.

I just went to the HostsMan site and this has me a little worried

Avatar
Flying Dutchman
Member
Forum Posts: 278
Member Since:
September 2, 2010
sp_UserOfflineSmall Offline
4
January 12, 2011 - 5:17 pm
sp_Permalink sp_Print

Hi Dave and Ziggie,

Thanks for replying. To answer your questions:
1. No infection say Avast, Malwarebytes, SuperAntispyware, Hitman Pro, Gmer.
2. The Hosts file is as it should be (no extensions) and where it should be (C:WINDOWSsystem32driversetc).
3. Run AutoRuns - no funny entries anywhere, just the usual MS stuff.
4. Can't make use of ipconfig /displaydns - DNS Cache gets flushed with CCleaner at the end of each day.
5. HostMan is just a hosts manager that automates the use of multiple lists as your Hosts file - instead of doing it manually, it downloads/ updates the lists, deletes any duplicates and manages an exclusion list (if you wish). After it does its job, it's not required to run and one does close it.
6. The "Local HTTP server" refers to HostsServer (included with HostsMan, but a separate .exe and process), which acts as a small HTTP server on the computer in use to respond to requests that are redirected to 127.0.0.1. You can turn this off and have Windows handle requests to 127.0.0.1.
7. The "internal DNS resolver" is used to Resolve Host Names by contacting the DNS server directly, but is unchecked by default, so the usual Windows DNS resolution mechanism is used.
8. The notification about the blocked site is created by HostsServer.

Anyway, problem is now solved. I went through the same routine, but this time found some registry entries in relation to WinPatrol Plus which I also deleted - don't know if that could have anything to do with the issue, maybe act like some sort of "memory"?
After all the trouble I went through, I'm also starting to believe it was related to Opera - the fact that a different package of Opera picked up from where the previous one stopped (both allegedly portable) makes me think that Opera didn't play nice on my friend's PC. Maybe Opera doesn't play nice with a larger Hosts file - some sort of conflict with Opera's build-in content blocker or the (parallel) use of an urlfilter.ini file.
Or maybe Opera just doesn't like HostsMan - or the other way around .

Thanks again.

I am human

Avatar
David Hartsock
Admin
Forum Posts: 1105
Member Since:
August 7, 2011
sp_UserOfflineSmall Offline
5
January 12, 2011 - 9:26 pm
sp_Permalink sp_Print

Anyway, problem is now solved. I went through the same routine, but this time found some registry entries in relation to WinPatrol Plus which I also deleted - don't know if that could have anything to do with the issue, maybe act like some sort of "memory"?
After all the trouble I went through, I'm also starting to believe it was related to Opera - the fact that a different package of Opera picked up from where the previous one stopped (both allegedly portable) makes me think that Opera didn't play nice on my friend's PC. Maybe Opera doesn't play nice with a larger Hosts file - some sort of conflict with Opera's build-in content blocker or the (parallel) use of an urlfilter.ini file.
Or maybe Opera just doesn't like HostsMan - or the other way around .
[/quote:1e3qepy8]
Glad it's fixed. It may be related to Opera. Quite a few portable programs read/store data in the registry in the same location as the "installed" version - have to have some way to store data. It also could be a conflict, but I'm not sure how Opera's content blocker works. None the less it's good that you fixed it. That's one of the biggest pains, but more rewarding aspects of computers. Logically working through unexplainable problems!

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
6
January 12, 2011 - 10:37 pm
sp_Permalink sp_Print

Hooray!

Glad it's working. Now to convince him not to use HostsMan...

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 188

Currently Online:
14 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 1272

Moderators: 3

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1538

Posts: 11824

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Judy Novotny, Jason Shuffield, Mail Poet