On 6/14/2022 1:34 PM, RecentlyOrLately wrote:
> is left in the address bar.
> Tried Seamonkey, same results.
> Went to MajorGeeks and found link to Malwarebytes, clicked it and it also failed.
> Put C:\Windows\System32\drivers\etc\hosts in Explorer and it opened a dialog and opened Notepad.
> 127.0.0.1 www.Brenz.pl
> 127.0.0.1 localhost
> What is Brenz.pl ?
> # it out and testing.
You can scan URLs on virustotal.com
. That particular domain
doesn't have a good reputation.
That site has a suspicious rating, but none of the "evidence"
amounted to a hill of beans. It doesn't say exactly what item
or item type made it suspicious.
So rather than using the comments on Virustotal, doing a general
Google search got an answer for me.
When you map things in the HOSTS file, that is a local
DNS table. It says "if a browser tries to open www.Brenz.pl
then try address 127.0.0.1". Since 127.0.0.1 is the local computer
address (one of the shorthands for localhost and stated as such
in the HOSTS file itself), the browser will go to 127.0.0.1:80
Normally, users do not run web servers on their local computer,
so an attempt to "browse" 127.0.0.1 is a kind of packet sink.
People would put lists of eight hundred different sites, like
, to cause all the tracking site packets to be
dropped. That would be a normal usage of this trick.
I can't imagine an AV making that HOSTS entry, as I don't think
they normally battle malware in that way. The reason AVs don't
do that, is malware can use heuristically generated domain
names, as a function of time of day or day of week, and that
is an easy way to bypass a HOSTS file. The malware could
start using 12345678.com
at noon, and your HOSTS file would be
rendered useless. With heuristically generated domains, a
"thing" elsewhere on the Internet, registers 12345678.com
at 11:55AM in the morning, so it is ready to use by the
malware at noon.
Now, a question would be, what clever things could you do by
running a web server on someones computer (if the malware put
the entry there) ?
Maybe your antispyware put that entry there ?
In any case, with an infected machine, you might want to
reach malwarebytes with a second (uninfected) computer. If
something sufficiently nasty, got into your local LAN,
you may end up using the public library computer, take
a blank CD with you, and write one of these onto it.
There is the Kaspersky Rescue CD as an offline scanner.
The BitDefender CD still exists. Like Kaspersky, the OS on the
CD is based on Gentoo. But the BitDefender people are no where
near as good at setting up Gentoo, as the Kaspersky people are.
I did get BitDefender CD to run, but you have to set up an
Xserver on a second PC, set the display variable on BitDefender
when it cannot start the screen on the computer it is booted on.
to be able to reach the Xserver and draw the BitDefender
interface window on it. Which is fun as a bar bet, but
not all that practical for someone who "just wants to run
On the second computer, I was running this, and then BitDefender
would draw its operating screen, on my second computer.
I would not normally have even thought of doing that, but the
icon for that was staring me in the face on the second computer desktop
and "ding! ding! ding!" came to mind :-) Initially I'd been trying
to get the graphics running on the BitDefender machine, but
things were looking pretty hopeless, when I glanced at the
other machine and remembered X protocol as an option.