Warning: New hosts file "trojan" triggered by Microsoft Defender

Discussion in 'PC' started by Berek, Aug 5, 2020.

  1. Berek

    Berek Newbie

    Joined:
    Aug 3, 2020
    Messages:
    8
    Likes Received:
    1
    Just a warning for everyone:

    My hosts file was recently defaulted back to a blank slate, erasing any entries I had in it to block reg websites, etc. I've discovered the culprit behind my host file "hijack" in the first place: Microsoft.

    www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/

    "So it seems that Microsoft had recently updated their Microsoft Defender definitions to detect when their [telemetry] servers were added to the HOSTS file. [...] If you decide to clean this threat, Microsoft will restore the HOSTS file back to its default contents."

    If you use your hosts file as a bypass, PLEASE back it up to a secure location for safety, in the event it gets defaulted back. Location: C:\Windows\System32\drivers\etc\hosts

    Thanks a lot, Microsoft, you... well, language, y'know.
     
    • Useful Useful x 6
    • Like Like x 1
    • Interesting Interesting x 1
    • List
  2.  
  3. Gyro Gearloose

    Gyro Gearloose Audiosexual

    Joined:
    Jul 8, 2019
    Messages:
    4,234
    Likes Received:
    1,849
    Location:
    Germany
    :goodpost::thanks:
     
  4. Aranha_Musico

    Aranha_Musico Member

    Joined:
    Aug 5, 2020
    Messages:
    4
    Likes Received:
    7
    Another way is to show the file to windows defender and after the detection, you allow in the actions on defender interface that it's going to be whitelisted and you dont have to worry anymore
     
    • Useful Useful x 3
    • Like Like x 2
    • List
  5. evolasme

    evolasme Producer

    Joined:
    May 11, 2013
    Messages:
    373
    Likes Received:
    134
    Location:
    somewhere different almost every night
    easy fix, just set your host file to "read only"
     
    • Useful Useful x 4
    • Like Like x 2
    • Agree Agree x 1
    • List
  6. rudolph

    rudolph Audiosexual

    Joined:
    Jun 3, 2016
    Messages:
    920
    Likes Received:
    561
    Things like this make me love more my old trusty windows 7 :yes:
     
    • Agree Agree x 3
    • Like Like x 1
    • List
  7. Haliax

    Haliax Guest

    Or remove windows as a trusted owner of the file
     
    • Like Like x 4
    • Useful Useful x 1
    • List
  8. nyaa13

    nyaa13 Producer

    Joined:
    Jul 21, 2019
    Messages:
    102
    Likes Received:
    75
    Antiviruses are a bit overrated in my opinion. I stopped using them like 10 years ago and never had any issue with viruses or spywares or whatever. I have Windows Bitdefender telemetry blocked and basically whatever Microsoft tries to track from user activity all blocked. And everything running fine without problems. If you understand what are you doing it's hard to "get infected" with malicious programs.
     
    • Agree Agree x 2
    • Winner Winner x 2
    • Like Like x 1
    • List
  9. Jeff Maneville

    Jeff Maneville Ultrasonic

    Joined:
    May 24, 2016
    Messages:
    59
    Likes Received:
    24
    Location:
    Radium
    How did you block all this in Win10? That sounds like a great idea.
    Thanks!
     
  10. Daskeladden

    Daskeladden Rock Star

    Joined:
    Jan 7, 2018
    Messages:
    1,010
    Likes Received:
    388
    I added my Host file to exclusions in defender. Hope that works also
     
    • Interesting Interesting x 1
    • List
  11. Gyro Gearloose

    Gyro Gearloose Audiosexual

    Joined:
    Jul 8, 2019
    Messages:
    4,234
    Likes Received:
    1,849
    Location:
    Germany
    i also would make it read only...and
    hope is bigger then....just a few clicks
    --


    i think
    https://www.bitdefender.com
     
  12. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    4,435
    Likes Received:
    3,570
    Location:
    Where the sun doesn't shine.
    Disable MS Defender. In fact, give yourself a couple of hours and disable everything you can find in W10. Case solved. :wink:

    Oh, and never use any other Windows 10 but LTSC version.

    Win7 *professional* without any spectre, meltdown etc. patches, still rules for audio production. :wink: [although, I hate the user interface. It's so shit. Debian Mate Linux is so much easier to use, and better looking]
     
  13. Aileron

    Aileron Audiosexual

    Joined:
    Jan 5, 2017
    Messages:
    524
    Likes Received:
    545
    Location:
    Merseyside
    Spot on :guru:
     
  14. r4e

    r4e Audiosexual

    Joined:
    Sep 6, 2014
    Messages:
    869
    Likes Received:
    1,247
    Now I'm glad I removed Windows Defender completely from my installation image before I installed Windows.
    To be honest, I was glad before as well because without Defender, everything loads a lot faster, even with a different
    anti virus solution installed (compared to defender).
     
  15. Gyro Gearloose

    Gyro Gearloose Audiosexual

    Joined:
    Jul 8, 2019
    Messages:
    4,234
    Likes Received:
    1,849
    Location:
    Germany
    r4e which app did u use for making your win10 iso ?
     
  16. r4e

    r4e Audiosexual

    Joined:
    Sep 6, 2014
    Messages:
    869
    Likes Received:
    1,247
    NTLite with a legit Home license.
    Without license (in the free version), you're just allowed to edit simple things.
    But you also could use MSMG ToolKit. It comes with a lot of features and is completely free
    but it just has a batch interface, no GUI.

    Using these 2 tools, I basically created my own LTSC version but with the advantage to use it with a regular pro license.
    I additionally removed OneDrive, Defender, all the preinstalled ad- and bloat ware, FeedbackHub, OfficeHub, GetHelp,
    added some telemetry settings, patched uxtheme.dll to use custom themes, removed unnecessary context menu entries,
    integrated useful functions for my own workflow and pre-set everything that I normally do after the OS installation.

    What I ended up with is a very clean Win10 which just takes 7,5GB of space (regular installation takes 12-15GB).

    [​IMG]

    and no defender but the firewall when searching for

    [​IMG]
     
  17. r4e

    r4e Audiosexual

    Joined:
    Sep 6, 2014
    Messages:
    869
    Likes Received:
    1,247
    But there's also an option to disable defender afterwards by using Sordum Tools Defender Control.
    It disables it by highly privileged policies.
     
    • Like Like x 1
    • Useful Useful x 1
    • List
  18. Gyro Gearloose

    Gyro Gearloose Audiosexual

    Joined:
    Jul 8, 2019
    Messages:
    4,234
    Likes Received:
    1,849
    Location:
    Germany
    thx mate...
    :cheers:
     
Loading...
Similar Threads - Warning hosts file Forum Date
WARNING: ffmpeg, Adobe Audition: FAULTY EAC3-Decoding Software Nov 21, 2024
Need Help with Unsafe Download Warnings PC Aug 21, 2024
Youtube warning regarding adblockers Internet for Musician Dec 3, 2023
Removing noise from live bootlegs (newbie warning) Mixing and Mastering Sep 16, 2023
Audionamix: user data leak warning confirmed Industry News Mar 2, 2023
Loading...