Hostfile redirections in Ad-Aware

Hi MG's,

Your site is my bible for trying to keep it clean! I have run across a roadblock trying to manage 6 hostfile redirections in Ad-Aware everytime I boot. I take care of 4 machines, work related, for a friend and myself, we are always transferring things across the network both here and at his house. They all have the same redirects.

I followed your directions in READ ME FIRST , running CCleaner, Ad-Aware(with VX2), Spybot, CWS, Kill2me, A2(I have only run the freeware version for a while,and did so here), and about:Buster. I followed each step and updated the programs before starting, all in Safe Mode. I also ran Trend Micro freebie scan. They all showed no problems. I also run other spyware programs : Spystopper, BHODemon, Spyware Doctor (freezes alot but finds some gems on occasion), SpywareBlaster, WindowWasher, and HiJackThis. I have been using Mozilla Firefox for several months, manually clearing out files daily. The redirects have occured while using Mozilla. I use McAfee Security Center and ran that Virus check as well.

I downloaded the latest version of HiJackThis and scanned and saved the log. For the most part I spend a lot of time referring to your site and the Windows list of system files to try to keep HiJackThis cleaned out, and to keep my running processess up to speed. I can't help but think I missed something along the way. The one entry that shows up in HiJackThis scan I am not sure about deleteing but think I should is an R1 HKCU overide proxy entry. Maybe I am blind, but I can't nail down any other entries in HJT to point to the hostfiles. I know I read on your site how to produce an in depth detailed log of HiJack this or Ad-Aware (although I run ADA with a custom scan), but I have looked and looked for that post and can't find it.

Any help you would give me is much appreciated! Besides my hairdresser has been making remarks about hair loss.

Lynmac

 

Thanks for helping me chaslang.

I am running Ad-Aware 6.0 Build 6.181 ref file 01R33926.08.2004
Yes, I ran CSShredder 1.59.01
I have not checked my hosts files, that is what stopped me from proceeding...I am not at all familiar with them, what to look for or what to do if I could find something.
Default in IE is http://

 

oops...running XP Pro SP1

 

I have now downloaded the correct version of Ad-Aware. My mistake was printing up the readme page to follow the directions from that. As a result I did not use the link you had provided, made sure the copy of Ad-aware that was already on my computer was up to date and did not download from the link you had on the original page.

I ran it in safe mode and saved the log.

 

Lynmac, pls read my thread on "real searcher internet homepage" re the problem that my sister had>>>sounds similar to yours. Let me know what happens. All she had to do was get rid of the links referred to in the HiJackThis logfile that had "redirect" in them and similar to the rogue homepage address and it solved her problem.

Bo Bo

 

Thank you! I took a quick look and will read further later. My homepage has not been affected, at least not yet.

Thanks for your interest!

Linda

 

Hosts file attached. You guys are amazing to weed through all this. Will the attachment show in my reply? I uploaded it, but must have done something wrong since I can't see it there.

 

I saved it in notepad as hosts.txt then attached it to my reply, but I will rename it and try again. Thanks for your patience. Yes I will send the HJT log too, was late for work and didn't get to it.

The file was too big. I had to zip it. Is there a way I can go through it and weed it out a little first to save you the time?

 

Tradestation entry is a valid program I use.

 

I run my spyware programs often. When Ad Aware first detected the redirects I would delete them, but whenever I rebooted they would be right back again. Tradestation is a program that really chews up the hard drive, so we need to reboot, scan, and defrag a minimum of 2 or 3 times a week. I don't run AA on startup, but do it manually.

I did a find in my hosts file and all of the redirects were in there! Whoooppeee!!

I will delete those entries in HJT, silly me for thinking a reputable company would be a safe bet.

I checked out the log in Spystopper but none of the redirects were in there. I find Spystopper really blocks thousands of unwanted pests as well as a scanner here and there, spyware and ads. However if it is loading up my hosts file is it wise to keep or or find something else?

 

After I upgraded Ad-Aware they showed up 2 more times, but the second time I had Ad-Aware delete them they have not reappeared as of today. I don't know why those 6 hung around for so long.

I prefer to call it SIGHDOOR. I tracked that one down through Eudora Lite. It is downloaded with Eudora and is I am afraid a necessary evil unless I want to purchase Eudora, which I do not. CYDOOR is unstoppable , as Eudora checks and if I delete it from Ad-Aware it will just reload it within an hour or less. I kept hearing this dull "click" sound and that was what it was. I checked the user agreement and if I delete it permanently Eudora will cease to work.

I am so glad to have those gone...thank you so much for your time and for sharing your expertise...I am not so shy of the hosts file anymore! Major Geeks is my home page and I imagine I am in the forums most weeks checking things out and trying to find answers to problems...which I almost always do.

I checked around to see if you accept donations but could not find any reference to that. I usually support those that take all the time to write the freeware programs. But your sites dedication to helping everyone brings it all together in a big way.

LM