Need some computer help: anyone know anything about the HOSTS File?

Yvsa

Yvsa

Joined
May 18, 1999
Messages
15,395
For some odd reason that I can't figure or Google out there's an "om.symantec.com" url in my HOSTS File.
Normally it probably wouldn't be a problem but when I click on the Live Update button in Norton I get a popup notice that the url is there and it needs to be removed or I won't be able to get my latest updates.
I have Windows Defender and WinPatrol that can block any editing of the HOSTS File and I haven't tried disabling either of them as yet and that could be my problem.

However after I click the "okay" button on the popup it goes away and then Norton's Live Update box will come up and I can check for any new updates.
It may not be anything but this just started happening.
Also there is "pop3.norton.antivirus" & "pop3.spa.norton.antivirus" addresses in the HOSTS File that seemingly Norton added. Why would they want to block their own pages? :eek: :confused: :(

Anyone got any ideas? I sure do need some help! :D
 
Hi Yvsa

The definitive answer is "it depends" :) Please provide the whole lines you are concerned about, then a reverse lookup of the IP addresses will be able to determine if these are malicious entries or safe entries.

Cheers
omniphile
 
the hosts file is there to associate a domain name (like foo.com to an IP # like 128.07.56.45)...

a virus might put their own definitions in there to fool you into going to the wrong place. if you see the # "127.0.0.1" (also called localhost) that means your own machine, so if something is being associated with your own machine, instead of what you think is the real company, there could be a problem.

sometimes, the definitions are put there so the software that depends upon it can guarantee of going to the right place, just in case they can't look those IP #s up (which is done via DNS, but that's another story)... HOSTS is supposed to pre-empt DNS. so, it's a blessing or a trap, depending on what's going on, when those entries were placed. hard to tell.

honestly? i'd probably copy the file to HOSTS.backup-2006-Jun-29 and then edits HOSTS to remove the errant lines, reboot, and see what's up.

that's about that.

bladite


Yvsa said:
For some odd reason that I can't figure or Google out there's an "om.symantec.com" url in my HOSTS File.
Normally it probably wouldn't be a problem but when I click on the Live Update button in Norton I get a popup notice that the url is there and it needs to be removed or I won't be able to get my latest updates.
I have Windows Defender and WinPatrol that can block any editing of the HOSTS File and I haven't tried disabling either of them as yet and that could be my problem.

However after I click the "okay" button on the popup it goes away and then Norton's Live Update box will come up and I can check for any new updates.
It may not be anything but this just started happening.
Also there is "pop3.norton.antivirus" & "pop3.spa.norton.antivirus" addresses in the HOSTS File that seemingly Norton added. Why would they want to block their own pages? :eek: :confused: :(

Anyone got any ideas? I sure do need some help! :D
Click to expand...
 
if you see the # "127.0.0.1" (also called localhost) that means your own machine, so if something is being associated with your own machine, instead of what you think is the real company, there could be a problem.
Click to expand...

Sometimes that can be a good thing though, if ads etc are looking for their ad server and trying to connect to your system instead (and therfore failing to download the advert). It's what is known as "blackholing".
 
Thanks Guys. The url I'm concerned about is the one that's marked as "127.0.0.1 om.symantec.com" in my HOSTS File.
Let me see if I can clear things up a bit. I was being lazy when I posted the inquiry.:o ;)

When I open my Norton AntiVirus so that I can check for the LiveUpDates and I click on the button to do so I get the following popup:

LU1860: LiveUpdate has detected a potential security compromise on your computer: one or more entries for Symantec LiveUpdate servers exist in your Windows hosts files.

A malicious entry in your hosts files could prevent LiveUpdate from retrieving updates for your Symantec products, including anti-virus updates. Generally, Symantec LiveUpdate server entries should not appear in your Windows hosts files

Then it gives the IP Address as
127.0.0.1 and the Host Name as the "om.symantec.com"

In a drop down list it says:
Remove these entries from the hosts files (Recommended)

I click the button that says "Perform This Action" and I get the following popup:

Windows Hosts Files UpDate Failed.

LU 1862: Live UpDate was unable to remove the hosts entries from all Windows hosts files. As a result, the Live UpDate Security Warning dialog may appear again in future runs of LiveUpDate.

Then there's a url that takes you to the Symantec Website where you can download the latest Live UpDate updates. ( I did that earlier, twice even, and it didn't help.)

Below that is another button that says "Okay" and when I click on it the Live UpDate box comes up and I can go ahead and check for any live updates.
The helluvit is that I have Norton to set up to receive Automatic UpDates and all I have to do is acknowledge that they did come through.

With the "127.0.0.1 om.symantec.com" in my HOSTS File I'm concerned whether my Automatic UpDates will work.:(

I have already put an octothorpe # in front of the "127.0.0.1 om.symantec.com" entry in the HOSTS File and saved it as HOSTS.txt

I have tried to rename the HOSTS file with the offending entry and my computer won't let me do it.
I have even renamed the backup file to HOSTS and then renamed the offending file to HOSTS.txt and the computer won't let me do that either.:grumpy: :mad:And that's why I said I had the Windows Defender Beta 2 and WinPatrol downloaded but that I hadn't disabled either of them and that may be why I can't do anything with my HOSTS Files.
I know how to turn WinPatrol off but I'm not so sure about the Windows Defender Beta 2.
I may have to uninstall it until I get things squared away.:confused: :grumpy: :foot:

In my research I understand that Norton put the other two urls relating to them in the HOSTS File and I was just wondering why they would do that? Doesn't make a lot of sense to me.:rolleyes:
Those are the --- "pop3.norton.antivirus" and the "pop3.spa.norton.antivirus"
Mostly I'm just curious about them but there's a lot of folks that have had trouble with those being in the HOSTS File as well because they send a person's email to where it doesn't belong or such from what I have read on the different forum the last couple of days.:rolleyes:
 
Hi Yvsa

Under no circumstances should "om.symantec.com" point to 127.0.0.1

I did a reverse lookup and I got some firm addresses that it should resolve to. Without getting too technical, it is a round-robin system that point to definite external computers and NOT your own machine. You should delete that entire line line.

In terms of the "pop3" lines, they SHOULD both point to 127.0.0.1.

If you still have concerns or questions, don't hesitate to ask here or email me privately at blades@accessunited.com.au

Cheers
omniphile
 
hi yvsa,

a number of anti-spyware progs will set the 'read-only' attribute on the hosts file to prevent illicite changes, open 'my computer', find the hosts file name, right click the file name in explorer, choose properties, way down the bottom in the resulting window are tick boxes - ensure the read-only one is unticked & ok back out (file is in c:\windows\system32\drivers\etc) it should then allow editing & saving.

ad-blocking, anti-porn, anti-spyware etc. will sometimes use hosts to block access to the sites they consider bad by redirecting the host name url lookup (dns) to localhost (your pc) which can be 127.0.0.1, 0.0.0.0 or possibly 255.255.255.255. the 127. address is the usual one tho.

you can use a hash mark (#) at the beginning of a line entry to change the line to a comment, thus preventing its use without deleteing it and thus allowing it to be restored by removing the hash later. it can be added to the end of a line entry to add notes, ie:

#192.168.0.1 router #this is my old router
#127.0.0.1 om.symantec.com # symantec is a pain in the.....
10.0.0.1 router # this is my new router

as in other replies above, the hosts file is a local DNS server of sorts, allows resolution of host name to ip address and is a left-over from the early roots of windows, dos, and unix. windows checks this file first to do it's lookups, if it does not find an entry it will look in it's dns client cache, if not there it will go out to your dns servers address, wait for a reply with the requested ip address looked up, and add it to the cache & then connect you. pc's do not use host names to connect, only ip addresses.

on a local file & print sharing network, the network broadcasts a list of pc's on the network from one of the pc's which is 'elected' to do that, a lot of traffic is produced, sometimes this is broken or blocked & you cannot connect to the 'name' of the remote pc via a mapped' drive (ie. \\fredsPC\c$\sharedfiles). an entry in the HOSTS file restores the connection ability (ie the entry might be: 192.168.0.12 fredspc)

multiple names can be used also, you could use an entry:

216.26.139.58 www.bladeforums.com cantina

then in ie you could use

http://cantina or http://www.bladeforums.com

so you can use it to save a bit of typing if you hate bookmarks/favourites in ie.
 
disable your protectors...

remove the offending entries

reenable...

see what happens.

you might have to also run a couple scans from lavasoft's ad-aware and "spybot search and destroy", maybe you have a boogie boogie that's messing with you.

worst case, learn how, if you don't know already, to boot into safe mode and try things from there?

bladite

Yvsa said:
Thanks Guys. The url I'm concerned about is the one that's marked as "127.0.0.1 om.symantec.com" in my HOSTS File.
Let me see if I can clear things up a bit. I was being lazy when I posted the inquiry.:o ;)

When I open my Norton AntiVirus so that I can check for the LiveUpDates and I click on the button to do so I get the following popup:

LU1860: LiveUpdate has detected a potential security compromise on your computer: one or more entries for Symantec LiveUpdate servers exist in your Windows hosts files.

A malicious entry in your hosts files could prevent LiveUpdate from retrieving updates for your Symantec products, including anti-virus updates. Generally, Symantec LiveUpdate server entries should not appear in your Windows hosts files

Then it gives the IP Address as
127.0.0.1 and the Host Name as the "om.symantec.com"

In a drop down list it says:
Remove these entries from the hosts files (Recommended)

I click the button that says "Perform This Action" and I get the following popup:

Windows Hosts Files UpDate Failed.

LU 1862: Live UpDate was unable to remove the hosts entries from all Windows hosts files. As a result, the Live UpDate Security Warning dialog may appear again in future runs of LiveUpDate.

Then there's a url that takes you to the Symantec Website where you can download the latest Live UpDate updates. ( I did that earlier, twice even, and it didn't help.)

Below that is another button that says "Okay" and when I click on it the Live UpDate box comes up and I can go ahead and check for any live updates.
The helluvit is that I have Norton to set up to receive Automatic UpDates and all I have to do is acknowledge that they did come through.

With the "127.0.0.1 om.symantec.com" in my HOSTS File I'm concerned whether my Automatic UpDates will work.:(

I have already put an octothorpe # in front of the "127.0.0.1 om.symantec.com" entry in the HOSTS File and saved it as HOSTS.txt

I have tried to rename the HOSTS file with the offending entry and my computer won't let me do it.
I have even renamed the backup file to HOSTS and then renamed the offending file to HOSTS.txt and the computer won't let me do that either.:grumpy: :mad:And that's why I said I had the Windows Defender Beta 2 and WinPatrol downloaded but that I hadn't disabled either of them and that may be why I can't do anything with my HOSTS Files.
I know how to turn WinPatrol off but I'm not so sure about the Windows Defender Beta 2.
I may have to uninstall it until I get things squared away.:confused: :grumpy: :foot:

In my research I understand that Norton put the other two urls relating to them in the HOSTS File and I was just wondering why they would do that? Doesn't make a lot of sense to me.:rolleyes:
Those are the --- "pop3.norton.antivirus" and the "pop3.spa.norton.antivirus"
Mostly I'm just curious about them but there's a lot of folks that have had trouble with those being in the HOSTS File as well because they send a person's email to where it doesn't belong or such from what I have read on the different forum the last couple of days.:rolleyes:
Click to expand...
 
Edward Teach said:
Sometimes that can be a good thing though, if ads etc are looking for their ad server and trying to connect to your system instead (and therfore failing to download the advert). It's what is known as "blackholing".
Click to expand...

only sometimes though. in this case, i think something either was installed improperly, or he's got a virus/thang; i'm thinking he didn't install that himself.

personally, i prefer running a proxy or something like adblock plus with firefox; in the windows world, "adsubtract" rocked my world.

bladite
 
Bladite said:
only sometimes though. in this case, i think something either was installed improperly, or he's got a virus/thang; i'm thinking he didn't install that himself.

personally, i prefer running a proxy or something like adblock plus with firefox; in the windows world, "adsubtract" rocked my world.

bladite
Click to expand...

Same here...I only like to mess with HOSTS if absolutely can't get an address to resolve any other way.
 
Hmmmm, get a Mac. No more issues with HOST files, whatever they are. No real viruses either.:rolleyes:

Sorry, couldn't resist. No flames, please....
 
tedwca said:
Hmmmm, get a Mac. No more issues with HOST files, whatever they are. No real viruses either.:rolleyes:

Sorry, couldn't resist. No flames, please....
Click to expand...
no flames, just my condolences;
rofyahoo.gif
you must feel so alone
island.gif
.

luckily apple have plans to fix that, you can now buy a windows pc from apple.
borg.gif
.
 
kronckew said:
no flames, just my condolences;
rofyahoo.gif
you must feel so alone
island.gif
.

luckily apple have plans to fix that, you can now buy a windows pc from apple.
borg.gif
.
Click to expand...

Hehe, funny thing is I only have one friend that uses a windoze machine. It's probably the field I work in(photography) but almost no one uses a windoze machine. ;)
 
Edward Teach said:
You can load the MAC OS on a PC too...
Click to expand...

i can run an amiga emulator on one too, don't mean i'd want to. :barf:

interesting article: Apple MAC OS Flaws

they're getting more like a real PC all the time.....warts and all.

real pirates use PC's, designer pirates use MAC's, Arhhhh!
 
btw - MAC = Media Access Control

Mac = Macintosh:)

What's wrong with Amiga??? I loved my Commodore 64
 
tedwca said:
btw - MAC = Media Access Control

Mac = Macintosh:)

What's wrong with Amiga??? I loved my Commodore 64
Click to expand...

picky, picky - was just echoing blackbeard's spellink! Arrrh! a pirate's work is nevverrrr done!

yerl nevver get me MAC address alive, matey.

an' there's nothing wrong with an amiga, it was a great pc back in 1634, galileo loaned his to kepler, who used it to prove his calculations on planetary movement. of course that was about 80 years before Blackbeard got his Macintosh apples from an english victim.
 
Thanks for the help guys!!!! :thumbup: :cool: :D
Come to find out it is a bug in ZoneAlarm that was causing the problem. In order to work around the bug you have to go into the "advanced" area and check the "lock HOSTS" box and then reboot. Then you have to go back into ZA and uncheck the same box and reboot again. Then and only then can you work on your HOSTS File.
However you can also boot up in Safe Mode and do the same thing and that's what I finally did.
The "Why of the matter bothered me as much as How to do it and I kept digging until I found the information.:thumbup: :cool: :D ;)

At least now when I click on the Live UpDate box in Norton I don't get any error popups... Out of curiosity I may try to find out why the pop3.norton.com and the pop3.spa.norton.com are also on the list, it just doesn't make any sense to me.:confused: :rolleyes:
 
You must log in or register to reply here.
Back
Top