Microsoft Help Centre message

Discussion in 'Computer Security' started by Peter James, Dec 25, 2003.

  1. Peter James

    Peter James Guest

    On occasions during using Help Centre on Windows XP, I get the
    following message from Kerio, my firewall.
    "Microsoft Help Centre Hosting Server" from your computer wants to
    send UDP datagram to ad.free6.com [127.0.0.1] port 1123.
    details about application
    C:|windows\pchealth\helpctr\binaries\helphost.exe
    ends
    Now am I a bit paranoid about this? Why should Windows want to access
    ad.free6.com? Up to now I am denying each and every request on an
    individual basis. Should I allow Kerio to write a rule and deny
    automatically? May thanks.
    --

    Peter James
    Change AT to @ to reply
     
    Peter James, Dec 25, 2003
    #1
    1. Advertising

  2. Peter James

    Kevin Guest

    That's a very good question? Have you done a Google search for
    ad.free6.com? I don't think you are paranoid at all, I think you're making
    good security decisions. Never allow anything or anyone access to your
    system if you have any doubts as to who or what they are. Until you find
    out more about ad.free6.com, I would let my firewall do the job you
    purchased it to do.

    "Peter James" <> wrote in message
    news:...
    > On occasions during using Help Centre on Windows XP, I get the
    > following message from Kerio, my firewall.
    > "Microsoft Help Centre Hosting Server" from your computer wants to
    > send UDP datagram to ad.free6.com [127.0.0.1] port 1123.
    > details about application
    > C:|windows\pchealth\helpctr\binaries\helphost.exe
    > ends
    > Now am I a bit paranoid about this? Why should Windows want to access
    > ad.free6.com? Up to now I am denying each and every request on an
    > individual basis. Should I allow Kerio to write a rule and deny
    > automatically? May thanks.
    > --
    >
    > Peter James
    > Change AT to @ to reply
     
    Kevin, Dec 26, 2003
    #2
    1. Advertising

  3. Peter James

    sponge Guest

    On Thu, 25 Dec 2003 10:25:07 +0000, Peter James
    <> wrote:

    >On occasions during using Help Centre on Windows XP, I get the
    >following message from Kerio, my firewall.
    >"Microsoft Help Centre Hosting Server" from your computer wants to
    >send UDP datagram to ad.free6.com [127.0.0.1] port 1123.
    >details about application
    >C:|windows\pchealth\helpctr\binaries\helphost.exe
    >ends
    >Now am I a bit paranoid about this? Why should Windows want to

    access
    >ad.free6.com? Up to now I am denying each and every request on an
    >individual basis. Should I allow Kerio to write a rule and deny
    >automatically? May thanks.


    This some kind of hijacker/spyware that just happens to operate
    coincident with you access to Microsoft. I checked out www.free6.com
    and it is some porn site, so I'm almost certain you have some kind of
    spyware. (Even though I would not put it past Microsoft to start
    including adware or spyware in their products, I don't think they
    dabble in porn.) So the usual advice applies, below. One thing I might
    ask - if neither Ad-Aware nor SpyBot find it, and you have to use
    HiJackThis! to root out the problem, I'd appreciate a copy of the
    malware if you find it so that it can be submitted to Ad-Aware,
    SpyBot, and a number of other anti-virus vendor's databases. (Or, if
    you want, I can give you instructions on how to do this yourself - the
    key thing is all the anti-parasite program vendors need a copy of the
    malicious program for analysis.) At any rate, here is the standard
    advice:

    Run the "Big Four" -- Ad-Aware (http://www.lavasoft.de), SpyBot
    (http://security.kolla.de), SpywareBlaster
    (http://www.javacoolsoftware.com/spywareblaster.html) and CWShredder
    (http://www.merijn.org/files/cwshredder.zip.) The latter won't nuke
    eZula, but I recommend keeping it in your toolbox if you are going to
    use Internet Explorer, which is probably going to cause you headaches
    in the future. Run their updaters (CWS shredder doesn't have an online
    update feature, just make sure to have the latest version), restart
    them, and let them rip.

    If both Ad-Aware and SpyBot -- use them BOTH! -- don't take care of
    eZula (they will probably find a few other things, as eZula usually
    doesn't travel alone), then run HiJackThis!
    (http://tomcoyote.org/hjt). The thing is, no single tool is good at
    killing all spyware, but Ad-Aware and SpyBot, when up-to-date versions
    of both are run, will take out about 99% of the known stuff out there.
    HJT is a good fallback when one is dealing with a new parasite or one
    that AAW or SpyBot don't handle properly.

    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 att yahoo dott com
     
    sponge, Dec 26, 2003
    #3
  4. "Peter James" <> wrote in message
    news:...
    > On occasions during using Help Centre on Windows XP, I get the
    > following message from Kerio, my firewall.
    > "Microsoft Help Centre Hosting Server" from your computer wants to
    > send UDP datagram to ad.free6.com [127.0.0.1] port 1123.
    > details about application
    > C:|windows\pchealth\helpctr\binaries\helphost.exe
    > ends
    > Now am I a bit paranoid about this? Why should Windows want to access
    > ad.free6.com? Up to now I am denying each and every request on an
    > individual basis. Should I allow Kerio to write a rule and deny
    > automatically? May thanks.


    Does the address happen to mean anything?

    Don't suppose that you're running.have installed something that attempts to
    redirect "nasties" to localhost? It'll probably have something like "spy"
    and/or "dns" in the program name.

    The first line for 127.0.0.1 in your hosts file should read "localhost".

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Dec 26, 2003
    #4
  5. Peter James

    Peter James Guest

    On 25 Dec 2003 20:40:37 -0800, (sponge) wrote:


    >snipped
    >Run the "Big Four" -- Ad-Aware (http://www.lavasoft.de), SpyBot
    >(http://security.kolla.de), SpywareBlaster
    >(http://www.javacoolsoftware.com/spywareblaster.html) and CWShredder
    >(http://www.merijn.org/files/cwshredder.zip.) The latter won't nuke
    >eZula, but I recommend keeping it in your toolbox if you are going to
    >use Internet Explorer, which is probably going to cause you headaches
    >in the future. Run their updaters (CWS shredder doesn't have an online
    >update feature, just make sure to have the latest version), restart
    >them, and let them rip.
    >
    >If both Ad-Aware and SpyBot -- use them BOTH! -- don't take care of
    >eZula (they will probably find a few other things, as eZula usually
    >doesn't travel alone), then run HiJackThis!
    >(http://tomcoyote.org/hjt). The thing is, no single tool is good at
    >killing all spyware, but Ad-Aware and SpyBot, when up-to-date versions
    >of both are run, will take out about 99% of the known stuff out there.
    >HJT is a good fallback when one is dealing with a new parasite or one
    >that AAW or SpyBot don't handle properly.
    >
    >Sponge
    >Sponge's Secure Solutions
    >www.geocities.com/yosponge
    >My new email: yosponge2 att yahoo dott com

    I've run the "Big Four" and without any real success. SpyBot,
    Ad-Aware, Spywareblaster failed to find anything wrong. Hijac this
    produced the following log file:

    Logfile of HijackThis v1.97.7
    Scan saved at 15:08:35, on 26/12/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\ggviewer67-57.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Presorium\Frontgate MX\frntgate.exe
    C:\Program Files\Pyrenean\eDexter\eDexter.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
    C:\Program Files\MozillaFirebird\MozillaFirebird.exe
    C:\Program Files\VCOM\PowerDesk\PDExplo.exe
    C:\DOCUME~1\Pete\LOCALS~1\Temp\~~PDTEMP\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = http=localhost:8080
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe
    /startup
    O4 - HKCU\..\Run: [FG1_00] C:\Program Files\Presorium\Frontgate
    MX\frntgate.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program
    Files\Microsoft Works\WkDetect.exe
    O4 - Startup: eDexter.lnk = C:\Program
    Files\Pyrenean\eDexter\eDexter.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Packard Bell (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37870.4218055556
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446}
    (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
    Registry Information Class) -
    http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

    I'm a bit confused as to the mention of IE6 on line 4. I don't use IE
    6, I use Mozilla Firebird set up as per Sponge's Security page using a
    proxy setting.
    So I am very confused about this. Where is the malware? And how do I
    eradicate it? Many thanks for any help given.

    --

    Peter James
    Change AT to @ to reply
     
    Peter James, Dec 26, 2003
    #5
  6. Peter James

    Peter James Guest

    On Fri, 26 Dec 2003 15:08:22 -0000, "Hairy One Kenobi"
    <abuse@[127.0.0.1]> wrote:

    >"Peter James" <> wrote in message
    >news:...
    >> On occasions during using Help Centre on Windows XP, I get the
    >> following message from Kerio, my firewall.
    >> "Microsoft Help Centre Hosting Server" from your computer wants to
    >> send UDP datagram to ad.free6.com [127.0.0.1] port 1123.
    >> details about application
    >> C:|windows\pchealth\helpctr\binaries\helphost.exe
    >> ends
    >> Now am I a bit paranoid about this? Why should Windows want to access
    >> ad.free6.com? Up to now I am denying each and every request on an
    >> individual basis. Should I allow Kerio to write a rule and deny
    >> automatically? May thanks.

    >
    >Does the address happen to mean anything?
    >
    >Don't suppose that you're running.have installed something that attempts to
    >redirect "nasties" to localhost? It'll probably have something like "spy"
    >and/or "dns" in the program name.
    >
    >The first line for 127.0.0.1 in your hosts file should read "localhost".

    I am getting rather concerned about this ad.free6.com. Just about
    every programme I use to access the net causes this message to be
    flagged up:
    "Microsoft Help Centre Hosting Server" from your computer wants to
    send UDP datagram to ad.free6.com [127.0.0.1] port 1123.
    details about application
    C:|windows\pchealth\helpctr\binaries\helphost.exe
    ends
    And I have had to get kerio to blanket ban every mention of it. I
    have used Ad-aware, Spybot and hijackthis but to no avail. How do I
    get rid of it, and where is it hiding on my HD. A search using
    Windows Explorer does not find any mention of it.
    --

    Peter James
    Change AT to @ to reply
     
    Peter James, Dec 27, 2003
    #6
  7. "Peter James" <> wrote in message
    news:...
    > On Fri, 26 Dec 2003 15:08:22 -0000, "Hairy One Kenobi"
    > <abuse@[127.0.0.1]> wrote:
    >
    > >"Peter James" <> wrote in message
    > >news:...
    > >> On occasions during using Help Centre on Windows XP, I get the
    > >> following message from Kerio, my firewall.
    > >> "Microsoft Help Centre Hosting Server" from your computer wants to
    > >> send UDP datagram to ad.free6.com [127.0.0.1] port 1123.
    > >> details about application
    > >> C:|windows\pchealth\helpctr\binaries\helphost.exe
    > >> ends
    > >> Now am I a bit paranoid about this? Why should Windows want to access
    > >> ad.free6.com? Up to now I am denying each and every request on an
    > >> individual basis. Should I allow Kerio to write a rule and deny
    > >> automatically? May thanks.

    > >
    > >Does the address happen to mean anything?
    > >
    > >Don't suppose that you're running.have installed something that attempts

    to
    > >redirect "nasties" to localhost? It'll probably have something like "spy"
    > >and/or "dns" in the program name.
    > >
    > >The first line for 127.0.0.1 in your hosts file should read "localhost".


    > I am getting rather concerned about this ad.free6.com. Just about
    > every programme I use to access the net causes this message to be
    > flagged up:
    > "Microsoft Help Centre Hosting Server" from your computer wants to
    > send UDP datagram to ad.free6.com [127.0.0.1] port 1123.
    > details about application


    Did you check the file? If you didn't (perhaps because you don't know what
    I'm on about), then please just say.

    I suspect that it's an anti-Spyware thing you've installed (stress: just a
    hunch) and easy to sort out what you're worrying about.

    Part of my logic is that you mentioned Sponge's site which - I believe - has
    something that /might/ do this. I'm not familiar enough what the exact tool
    to say for certain.. more info, please.

    H1K
     
    Hairy One Kenobi, Dec 27, 2003
    #7
  8. Peter James

    sponge Guest

    Take a look at your HOSTS file and see if you have an entry called
    ad.free6.com. Microsoft products often send UDP to localhost
    (127.0.0.1). If you have an entry in HOSTS resolving ad.free6.com to
    127.0.0.1, then, when the firewall spots traffic to 127.0.0.1, it will
    to a reverse-DNS to find out the name, and may pick up the entry in
    your HOSTS.
    BTW, nothing stood out in your log file except a reference to Real.com
    (RealPlayer, RealJukeBox, etc.)


    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 att yahoo dott com
     
    sponge, Dec 28, 2003
    #8
  9. Peter James

    Peter James Guest

    On Sat, 27 Dec 2003 23:19:24 -0000, "Hairy One Kenobi"
    <abuse@[127.0.0.1]> wrote:


    >
    >Did you check the file? If you didn't (perhaps because you don't know what
    >I'm on about), then please just say.
    >
    >I suspect that it's an anti-Spyware thing you've installed (stress: just a
    >hunch) and easy to sort out what you're worrying about.
    >
    >Part of my logic is that you mentioned Sponge's site which - I believe - has
    >something that /might/ do this. I'm not familiar enough what the exact tool
    >to say for certain.. more info, please.
    >
    >H1K

    Yes, I did have a look at the Hosts file, that resides in
    C:\windows\system32\drives\etc\ It seems to be an enormous file at
    385,495 kb?
    The first two lines of the file are:
    127.0.0.1 ad.fr.doubleclick.net
    127.0.0.1 ad.free6.com
    The rest of the file is an andless listing of sites, a lot of which
    are Sex or "Adult" sites. How the hell do they get there. Should I
    edit the file and get rid of them, and should I amend the file for the
    first line to read:
    127.0.0.1 loclahost
    Many thanks for the help.
    --

    Peter James
    Change AT to @ to reply
     
    Peter James, Dec 28, 2003
    #9
  10. Peter James

    Peter James Guest

    On 27 Dec 2003 21:24:59 -0800, (sponge) wrote:

    >Take a look at your HOSTS file and see if you have an entry called
    >ad.free6.com. Microsoft products often send UDP to localhost
    >(127.0.0.1). If you have an entry in HOSTS resolving ad.free6.com to
    >127.0.0.1, then, when the firewall spots traffic to 127.0.0.1, it will
    >to a reverse-DNS to find out the name, and may pick up the entry in
    >your HOSTS.
    >BTW, nothing stood out in your log file except a reference to Real.com
    >(RealPlayer, RealJukeBox, etc.)
    >
    >
    >Sponge
    >Sponge's Secure Solutions
    >www.geocities.com/yosponge
    >My new email: yosponge2 att yahoo dott com

    Following on from the comments in this thread on the Hosts file, using
    Google I came across this site. The suggestion is that I might want
    to download this sample hosts file to replace my existing file and
    make the file read only. Would you be prepared to comment on this.
    Thanks.

    --

    Peter James
    Change AT to @ to reply
     
    Peter James, Dec 28, 2003
    #10
  11. Peter James

    Peter James Guest

    On Sun, 28 Dec 2003 18:22:10 +0000, Peter James
    <> wrote:

    >On 27 Dec 2003 21:24:59 -0800, (sponge) wrote:
    >
    >>Take a look at your HOSTS file and see if you have an entry called
    >>ad.free6.com. Microsoft products often send UDP to localhost
    >>(127.0.0.1). If you have an entry in HOSTS resolving ad.free6.com to
    >>127.0.0.1, then, when the firewall spots traffic to 127.0.0.1, it will
    >>to a reverse-DNS to find out the name, and may pick up the entry in
    >>your HOSTS.
    >>BTW, nothing stood out in your log file except a reference to Real.com
    >>(RealPlayer, RealJukeBox, etc.)
    >>
    >>
    >>Sponge
    >>Sponge's Secure Solutions
    >>www.geocities.com/yosponge
    >>My new email: yosponge2 att yahoo dott com

    >Following on from the comments in this thread on the Hosts file, using
    >Google I came across this site. The suggestion is that I might want
    >to download this sample hosts file to replace my existing file and
    >make the file read only. Would you be prepared to comment on this.
    >Thanks.

    Sorry, the site is: http://www.mvps.org/winhelp2002/hosts.htm
    --

    Peter James
    Change AT to @ to reply
     
    Peter James, Dec 28, 2003
    #11
  12. "Peter James" <> wrote in message
    news:...
    > On Sat, 27 Dec 2003 23:19:24 -0000, "Hairy One Kenobi"
    > <abuse@[127.0.0.1]> wrote:
    > >Did you check the file? If you didn't (perhaps because you don't know

    what
    > >I'm on about), then please just say.
    > >
    > >I suspect that it's an anti-Spyware thing you've installed (stress: just

    a
    > >hunch) and easy to sort out what you're worrying about.
    > >
    > >Part of my logic is that you mentioned Sponge's site which - I believe -

    has
    > >something that /might/ do this. I'm not familiar enough what the exact

    tool
    > >to say for certain.. more info, please.
    > >
    > >H1K

    > Yes, I did have a look at the Hosts file, that resides in
    > C:\windows\system32\drives\etc\ It seems to be an enormous file at
    > 385,495 kb?
    > The first two lines of the file are:
    > 127.0.0.1 ad.fr.doubleclick.net
    > 127.0.0.1 ad.free6.com
    > The rest of the file is an andless listing of sites, a lot of which
    > are Sex or "Adult" sites. How the hell do they get there. Should I
    > edit the file and get rid of them, and should I amend the file for the
    > first line to read:
    > 127.0.0.1 loclahost


    "localhost" should certainly be there - it's the "official" name for
    127.0.0.1

    As for the rest - as I said earlier, looks like you're currently using some
    form of spyware/whatever blocker.

    H1K
     
    Hairy One Kenobi, Dec 28, 2003
    #12
  13. Peter James

    sponge Guest

    On Sun, 28 Dec 2003 18:22:10 +0000, Peter James
    <> wrote:

    >On 27 Dec 2003 21:24:59 -0800, (sponge) wrote:
    >
    >>Take a look at your HOSTS file and see if you have an entry called
    >>ad.free6.com. Microsoft products often send UDP to localhost
    >>(127.0.0.1). If you have an entry in HOSTS resolving ad.free6.com to
    >>127.0.0.1, then, when the firewall spots traffic to 127.0.0.1, it

    will
    >>to a reverse-DNS to find out the name, and may pick up the entry in
    >>your HOSTS.
    >>BTW, nothing stood out in your log file except a reference to

    Real.com
    >>(RealPlayer, RealJukeBox, etc.)
    >>
    >>
    >>Sponge
    >>Sponge's Secure Solutions
    >>www.geocities.com/yosponge
    >>My new email: yosponge2 att yahoo dott com

    >Following on from the comments in this thread on the Hosts file,

    using
    >Google I came across this site. The suggestion is that I might want
    >to download this sample hosts file to replace my existing file and
    >make the file read only. Would you be prepared to comment on this.
    >Thanks.


    MVPS is a good one. hpguru's
    (http://webpages.charter.net/hpguru/hosts/hosts.html) is more
    complete, but also larger. Take a peek around one the site of the
    pioneers of HOSTS as an ad-blocking tool: http://smartin-designs.com/
    if you're interested.

    HOSTS is a good ad-blocking method. DNSKong is much faster and more
    efficient, and covers much more; it depends if you want to go to the
    trouble. The nice thing about HOSTS is that it's very easy. Just make
    sure that it is saved a with the name HOSTS, without an extension
    (Windows papplications like to append extensions to everything) and
    then save it over top of your current HOSTS. BTW, should you ever make
    the move to Linux or Unix, HOSTS also works on those platforms too.
    You may wish to use a program called eDexter which can prevent your
    system from appearing to hang on some lookups. Some older browsers
    have that problem. Allow eDexter access to the Internet, but customize
    a rule so it can only talk to IP address 127.0.0.1.

    DNSKong is a much more streamlined version of HOSTS, but requires a
    small, free program to do it. I have a explanation of DNSKong info and
    installation at http://www.geocities.com/yosponge/8-steps.html. It
    comes with eDexter. The only caveat with DNSKong is that some people
    report the newer version (v1.39) works better on XP, while others say
    the older 1.06 (the version at my site) is better. Most people find it
    easier to install 1.39 first and install over top of 1.06 if
    necessary. It's a small program, so it's not like you're dealing with
    a 10 megabyte browser here.
    Hope one of them is of benefit to you.

    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 att yahoo dott com.
     
    sponge, Dec 28, 2003
    #13
  14. Peter James

    Jim Watt Guest

    On Sun, 28 Dec 2003 17:31:33 +0000, Peter James
    <> wrote:

    >On Sat, 27 Dec 2003 23:19:24 -0000, "Hairy One Kenobi"
    ><abuse@[127.0.0.1]> wrote:
    >
    >
    >>
    >>Did you check the file? If you didn't (perhaps because you don't know what
    >>I'm on about), then please just say.
    >>
    >>I suspect that it's an anti-Spyware thing you've installed (stress: just a
    >>hunch) and easy to sort out what you're worrying about.
    >>
    >>Part of my logic is that you mentioned Sponge's site which - I believe - has
    >>something that /might/ do this. I'm not familiar enough what the exact tool
    >>to say for certain.. more info, please.
    >>
    >>H1K

    >Yes, I did have a look at the Hosts file, that resides in
    >C:\windows\system32\drives\etc\ It seems to be an enormous file at
    >385,495 kb?
    >The first two lines of the file are:
    >127.0.0.1 ad.fr.doubleclick.net
    >127.0.0.1 ad.free6.com
    >The rest of the file is an andless listing of sites, a lot of which
    >are Sex or "Adult" sites. How the hell do they get there. Should I
    >edit the file and get rid of them, and should I amend the file for the
    >first line to read:
    >127.0.0.1 loclahost
    >Many thanks for the help.


    entries like that in a hosts file are simply a means of blocking
    access to the site rather than promoting it.

    So any links that attempt to load images popups etc from
    said porn sites etc fail.

    and don't enter loclahost, spelling matters.
    --
    Jim Watt http://www.gibnet.com
     
    Jim Watt, Dec 28, 2003
    #14
  15. Peter James

    Mimic Guest

    "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
    news:rDIHb.12218$...
    > "Peter James" <> wrote in message
    > news:...
    > > On Sat, 27 Dec 2003 23:19:24 -0000, "Hairy One Kenobi"
    > > <abuse@[127.0.0.1]> wrote:
    > > >Did you check the file? If you didn't (perhaps because you don't know

    > what
    > > >I'm on about), then please just say.
    > > >
    > > >I suspect that it's an anti-Spyware thing you've installed (stress:

    just
    > a
    > > >hunch) and easy to sort out what you're worrying about.
    > > >
    > > >Part of my logic is that you mentioned Sponge's site which - I

    believe -
    > has
    > > >something that /might/ do this. I'm not familiar enough what the exact

    > tool
    > > >to say for certain.. more info, please.
    > > >
    > > >H1K

    > > Yes, I did have a look at the Hosts file, that resides in
    > > C:\windows\system32\drives\etc\ It seems to be an enormous file at
    > > 385,495 kb?
    > > The first two lines of the file are:
    > > 127.0.0.1 ad.fr.doubleclick.net
    > > 127.0.0.1 ad.free6.com
    > > The rest of the file is an andless listing of sites, a lot of which
    > > are Sex or "Adult" sites. How the hell do they get there. Should I
    > > edit the file and get rid of them, and should I amend the file for the
    > > first line to read:
    > > 127.0.0.1 loclahost

    >
    > "localhost" should certainly be there - it's the "official" name for
    > 127.0.0.1
    >
    > As for the rest - as I said earlier, looks like you're currently using

    some
    > form of spyware/whatever blocker.
    >
    > H1K
    >
    >


    Oh shut up.
    Localhost isnt the "proper" name for 127.0.0.1, 127.0.0.1 is the proper name
    for 127.0.0.1, localhost is simply a more readable for, such as
    www.google.com is the readable form of 66.102.11.99 . It simply acts to make
    the address easier to remember.

    As for the OP, the entries in the Hosts file are clearly there to stop
    popups. Nothing todo with spyware

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Dec 29, 2003
    #15
  16. "Mimic" <> wrote in message
    news:...
    > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message


    <snip>

    > Oh shut up.
    > Localhost isnt the "proper" name for 127.0.0.1, 127.0.0.1 is the proper

    name
    > for 127.0.0.1, localhost is simply a more readable for, such as
    > www.google.com is the readable form of 66.102.11.99 . It simply acts to

    make
    > the address easier to remember.
    >
    > As for the OP, the entries in the Hosts file are clearly there to stop
    > popups. Nothing todo with spyware


    Thank-you for your valuable contribution.

    Incidentally, you're incorrect. Have fun guessing which bits.

    H1K
     
    Hairy One Kenobi, Dec 29, 2003
    #16
  17. Peter James

    Mimic Guest

    "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
    news:Y22Ib.12737$...
    > "Mimic" <> wrote in message
    > news:...
    > > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message

    >
    > <snip>
    >
    > > Oh shut up.
    > > Localhost isnt the "proper" name for 127.0.0.1, 127.0.0.1 is the proper

    > name
    > > for 127.0.0.1, localhost is simply a more readable for, such as
    > > www.google.com is the readable form of 66.102.11.99 . It simply acts to

    > make
    > > the address easier to remember.
    > >
    > > As for the OP, the entries in the Hosts file are clearly there to stop
    > > popups. Nothing todo with spyware

    >
    > Thank-you for your valuable contribution.
    >
    > Incidentally, you're incorrect. Have fun guessing which bits.
    >
    > H1K
    >
    >


    oh i c, it was the typos wasnt it, i mean ,everything else i said was
    correct, so the bits your are talking about must be the typos.
    Oh course, if not, im sure you wouldnt mind explaining which parts of my
    post are wrong would you

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Dec 30, 2003
    #17
  18. "Mimic" <> wrote in message
    news:...
    > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
    > news:Y22Ib.12737$...
    > > "Mimic" <> wrote in message
    > > news:...
    > > > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message

    > >
    > > <snip>
    > >
    > > > Oh shut up.
    > > > Localhost isnt the "proper" name for 127.0.0.1, 127.0.0.1 is the

    proper
    > > name
    > > > for 127.0.0.1, localhost is simply a more readable for, such as
    > > > www.google.com is the readable form of 66.102.11.99 . It simply acts

    to
    > > make
    > > > the address easier to remember.
    > > >
    > > > As for the OP, the entries in the Hosts file are clearly there to stop
    > > > popups. Nothing todo with spyware

    > >
    > > Thank-you for your valuable contribution.
    > >
    > > Incidentally, you're incorrect. Have fun guessing which bits.


    > oh i c, it was the typos wasnt it, i mean ,everything else i said was
    > correct, so the bits your are talking about must be the typos.
    > Oh course, if not, im sure you wouldnt mind explaining which parts of my
    > post are wrong would you


    Go take a look at RFC 1630, then comment further. Localhost undoubtedly
    turned-up earlier, but it's built-in to URIs (which I'd say is what we're
    all talking about, just now. It's also handy, in that I needed to skim
    through it again yesterday)

    A Host file entry will also do as much to stop tracking as stopping popups.

    I wouldn't have bothered pointing this out if you'd been a little more
    polite in the first place.. ;o)

    H1K
     
    Hairy One Kenobi, Dec 30, 2003
    #18
  19. Peter James

    Mimic Guest

    "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
    news:yg9Ib.12904$...
    >
    > "Mimic" <> wrote in message
    > news:...
    > > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
    > > news:Y22Ib.12737$...
    > > > "Mimic" <> wrote in message
    > > > news:...
    > > > > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
    > > >
    > > > <snip>
    > > >
    > > > > Oh shut up.
    > > > > Localhost isnt the "proper" name for 127.0.0.1, 127.0.0.1 is the

    > proper
    > > > name
    > > > > for 127.0.0.1, localhost is simply a more readable for, such as
    > > > > www.google.com is the readable form of 66.102.11.99 . It simply acts

    > to
    > > > make
    > > > > the address easier to remember.
    > > > >
    > > > > As for the OP, the entries in the Hosts file are clearly there to

    stop
    > > > > popups. Nothing todo with spyware
    > > >
    > > > Thank-you for your valuable contribution.
    > > >
    > > > Incidentally, you're incorrect. Have fun guessing which bits.

    >
    > > oh i c, it was the typos wasnt it, i mean ,everything else i said was
    > > correct, so the bits your are talking about must be the typos.
    > > Oh course, if not, im sure you wouldnt mind explaining which parts of my
    > > post are wrong would you

    >
    > Go take a look at RFC 1630, then comment further. Localhost undoubtedly
    > turned-up earlier, but it's built-in to URIs (which I'd say is what we're
    > all talking about, just now. It's also handy, in that I needed to skim
    > through it again yesterday)
    >
    > A Host file entry will also do as much to stop tracking as stopping

    popups.
    >
    > I wouldn't have bothered pointing this out if you'd been a little more
    > polite in the first place.. ;o)
    >
    > H1K
    >
    >


    *sigh* again you show your stupidity. You cant just read something and spew
    it out without understanding it.

    Now if you LOOK and READ the first entry in RFC 1630 CLEARLY states

    "This memo provides information for the Internet community. This memo does
    NOT specify an Internet standard of any kind. Distribution of this memo is
    unlimited. "

    And no, we are NOT talking about UNI's we are talkign about URL's and DNS,
    perhaps you should go read some more, RFC's
    1738 and 1123 might be a start, infact **** it, you can do your own
    research.

    And I stand by my original comment, a character based URL is merely a more
    memorable for of an IP based URL.

    Oh heres a question for you then tracker, if the character based URL is the
    "proper" name, why does the DNS translate all character based URLs to IP
    based ?

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Dec 31, 2003
    #19
  20. "Mimic" <> wrote in message
    news:...
    > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
    > news:yg9Ib.12904$...


    <snip>

    > > I wouldn't have bothered pointing this out if you'd been a little more
    > > polite in the first place.. ;o)


    > *sigh* again you show your stupidity. You cant just read something and

    spew
    > it out without understanding it.
    >
    > Now if you LOOK and READ the first entry in RFC 1630 CLEARLY states
    >
    > "This memo provides information for the Internet community. This memo does
    > NOT specify an Internet standard of any kind. Distribution of this memo is
    > unlimited. "


    > And no, we are NOT talking about UNI's we are talkign about URL's and DNS,
    > perhaps you should go read some more, RFC's
    > 1738 and 1123 might be a start, infact **** it, you can do your own
    > research.


    I think you need to revise your knowledge of how the RFC system works. As
    well as check the RFC references for one of those you've quoted (clue: one
    of the authors just got a knighthood)

    University? Presumably a typo for URI (couldn't be a misunderstanding of
    what a URL is a subset of, I'm sure)

    Still, always happy to find out something new - I didn't know (f'instance)
    that localhost is now a whole TLD, rather than "just" the loopback address.
    Interesting what one finds on a semi-random "dig".

    > And I stand by my original comment, a character based URL is merely a more
    > memorable for of an IP based URL.


    Correct (but only if you substitute "domain" for "URL", which I imagine is
    what you meant).

    It would have helped if you'd orignally replied to what I /said/, as opposed
    to what you translated it to in your head ;o)

    Happy New Year..

    H1K
     
    Hairy One Kenobi, Dec 31, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rachael the Wiccan Rat

    Sort of OT but not - Pinnacle show centre

    Rachael the Wiccan Rat, Sep 17, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    441
    Rachael the Wiccan Rat
    Sep 17, 2004
  2. Justin Dutoit

    Re: exam centre in london

    Justin Dutoit, Aug 15, 2003, in forum: MCSD
    Replies:
    0
    Views:
    456
    Justin Dutoit
    Aug 15, 2003
  3. Slarty Bartfast
    Replies:
    11
    Views:
    1,450
  4. drvnguy

    help centre

    drvnguy, Jan 11, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    514
    Boomer
    Jan 11, 2004
  5. Replies:
    1
    Views:
    642
    Toolman Tim
    Aug 16, 2005
Loading...

Share This Page