I installed HostsMan on my Dell Inspiron 530 running Windows XP Service Pack 2 with Zone Alarm Security Suite, Spy Sweeper, and Cisco Broadband Router. When I used HostsMan to download one of the hosts files, I started getting a large number of Spy Sweeper attack notices, several per minute. This is the first time I ever got such notices.
The only noteworthy event at the time the attacks started was that HostsMan popped up a box with a question involving the term "DNS". As I remember it, it wanted to turn off a DNS service, but that may not be exactly accurate. Assuming this was a routine step, I agreed. Perhaps I should not have done. I may have been too trusting.
I have uninstalled HostsMan and reinstalled Zone Alarm Security Suite, and these steps have not stopped the constant attack notices.
Can you suggest how I can approach the restoration of the level of security I had before installing HostsMan?
Richard Hatch
rhatch, welcome.
What is the model number of the Cisco Broadband Router?
How are you connected?
By DSL or cable and what is the model number of the connection modem.
The DNS Client Service is only required if you are part of a corporation's network.
I think that you are going a bit overboard on system protection as Spy Sweeper is an excellent application that will protect your system from malicious attacks.
I am not fond of suite applications as they tend to be system resource hungry and so interdependent on each other that you can't select to run only one function that you need to free up resources.
| QUOTE |
| I have uninstalled HostsMan and reinstalled Zone Alarm Security Suite, and these steps have not stopped the constant attack notices. |
What are the attack notices and what application are they coming from?
Welcome, rhatch.
You're not being attacked. Zone Alarm is probably misidentifying the redirections made by the hosts file as attacks, since there's nothing to receive the traffic that's being redirected.
This can be solved by telling Zone Alarm to ignore those "attacks" (if it allows that) or by running HostsServer. Replacing the IP 127.0.0.1 with 0.0.0.0 in hosts file (except for localhost entry) may solve that too.
If you still want to revert to the state before installing HostsMan, and if HostsMan is still installed, go to menu Hosts > Manage Backups, select * Original hosts * and press the Restore Backup button. Alternatively, open \Windows\System32\drivers\etc\hosts with Notepad and delete everything except for the 127.0.0.1 localhost line.
If you also want to enable the DNS Client service, with HostsMan, just go to menu Tools > Options, select System and press the Enable Service button. Without HostsMan, go to Start Menu > Run..., type services.msc and press OK, then, right-click on DNS Client, select Properties, and in Startup type, change to Automatic and press the Apply button. Finally, press the Start button and then OK.
As you suggested, these appear to be false attack reports. They are generated by Spy Sweeper. I checked, and in a period of 20 minutes or so, all of the 30-40 reported "attacks" involved URLs that appear in the HOSTS file. There was no exception.
Changing all the IP addresses except for localhost in the HOSTS file to 0.0.0.0 did not stop the reports. I have an inquiry in to the Spy Sweeper forum to see whether I can get Spy Sweeper to ignore these events. If I find a way, I'll pass the info along.
As you predicted, turning the DNS service back on did not help. Thanks for the instructions, anyway, so I could give it a try.
I appreciate your helpful support.
Richard Hatch