In previous articles I’ve discussed URLs in depth. Part of that article also explained DNS (Domain Name System) server. The Windows OS has something similar to its’ own DNS server built into the operating system. It’s called a HOSTS file. Every time you type an address into the address bar of a browser Windows looks to the HOSTS file before it calls out to a DNS server on the internet. The HOSTS file actually takes precedence over anything found on a DNS server, which is its’ best and worst trait.
With the HOSTS file you can prevent entire sites from loading, as well as redirect sites to entirely different sites. Using our example from last time of – www.cnn.com – we could prevent CNN’s site from loading, or we could direct those requests to www.msnbc.com. This is also where spyware and malware have a field day (worst trait). Often spyware/malware tampers with the HOSTS file to prevent loading of helpful sites, redirect searches to sites that provide income for the spyware author, and redirect normal, innocent, traffic to porn or other non-desirable sites. Because of this possibility many anti-spyware programs monitor the HOSTS file and/or prevent changes. This is one of the reasons I didn’t mention the HOSTS file in the original article. It would have taken a whole issue to cover the possible anti-spyware programs and how to disable their HOSTS file protection.
But I do think it is important to see the hosts file, it’s contents, and how to edit it. This will allow you to block specific sites, and may help you trouble shoot a spyware infection in the future.
The HOSTS file is located in c:\windows\system32\drivers\etc. If you navigate to that folder you will find several files. Notice that there is no file extension on the HOSTS file.
Right click on the file and choose open. You will recieve an "Open With" dialog window. Choose Notepad.
What you see here is a fresh HOSTS file that has not been modified. Notice the lines which begin with a "#". The pound sign tells Windows that this is a comment and to skip the line. If you make changes it is a good way to leave a note for yourself.
Your computer has an IP address to the outside world. Windows also uses an IP address for itself, which is 127.0.0.1. By adding this internal IP address and a domain name we can block a website. The browser will look at the internal IP address, which has no internet connection. Let’s use our www.cnn.com example.
Clicking File>Save will save the file without an extension. If you should happen to add a file extension, such as .txt, to the HOSTS file it will not work.
If you try to visit www.cnn.com with your browser you would receive the following error in your browser instead of the actual website.
There are also programs available on the internet that make changing the HOSTS file a little easier. Most include a graphic interface. Check out HostsXpert. Several places on the internet even include pre-built HOSTS files. I’m not a fan, but you can check out one of the more popular ones at MVPS.org (Thanks Stephen & Rohn).
There you have it. Probably more than you wanted to know, but important nonetheless.
Will try this on the RASppoe.sys problem. Have seen literally hundreds of comments about this connection problem (this one resulted from a trojan, on a friend’s machine) and some talk about renaming/ deleting but none talk about how specifically to do it.
(re: ownership issue)