[ALERT] This candle don't burn, it just runs away...

Discuss whatever you like here! ( ...that's not spam!)

Moderators: Support Staff², Support Staff, AvantGuard, Developer

Post Reply
User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

[ALERT] This candle don't burn, it just runs away...

Post by MysteryFCM » Wed May 11, 2005 9:57 pm

11 May 2005

2-spyware.com that is supposed to help users get rid of adware like IBIS websearch, etc. also owns a site called 2-files.com and yup you guessed it they use google ads and not only offer nude wallpapers of women but also the IBIS websearch adware!
Full story: http://www.webhelper4u.com/nontranspond ... s_com.html

Get their site's filtered!!!

Additional HOSTS file entries to be made

2-files.com 127.0.0.1
2-spyware.com 127.0.0.1
2-downloads.com 127.0.0.1

Adding entries to your HOSTS file
http://forum.avantbrowser.com/viewtopic ... 0490#70490

More site's to avoid:
http://forums.maddoktor2.com/index.php?showtopic=545

User avatar
TOMaxwell
Semi-Fan
Semi-Fan
Posts: 68
Joined: Sun Jul 11, 2004 5:46 pm
Avant Version:

Post by TOMaxwell » Thu May 12, 2005 3:56 am

:..sigh..:


Do they ever give up???


I had just recently cut nearly 1/3rd of my HOSTS entries after checking to see if they are still in operation. The old HOSTS was more than 33,000 sites, and now around 24,000.

I guess it's time to start adding back to it.
Some days, it's just not worth biting through the leather straps :-#

gary100856
Fan
Fan
Posts: 148
Joined: Thu Dec 09, 2004 9:50 pm
Avant Version:

Post by gary100856 » Thu May 12, 2005 5:40 am

Mystery, thx for the tip, regarding the bad sites.

TOM, how did you check the sites in your hosts file? Do you have some automated method? If so could you advise?

Thx
Avant 10.1 build 17
XP pro, IE 6
Kerio Firewall

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Post by MysteryFCM » Thu May 12, 2005 10:20 am

gary100856 wrote:TOM, how did you check the sites in your hosts file? Do you have some automated method? If so could you advise?
Strangely I'm planning on developing a new service in the near future that will do just that .... (I've got an hour and a half or so before I have to go to the hospital so I'll start on it after I've had my coffee ;)).

User avatar
TOMaxwell
Semi-Fan
Semi-Fan
Posts: 68
Joined: Sun Jul 11, 2004 5:46 pm
Avant Version:

Post by TOMaxwell » Thu May 12, 2005 12:40 pm

gary100856 wrote:TOM, how did you check the sites in your hosts file? Do you have some automated method? If so could you advise?

Thx
I have a couple batch files that lookup the DNS entries without pinging them (that way, they never have a record of my IP Address).

I have them uploaded to my webserver, but not enough time to find them - LATE FOR WORK!!!

I'll be back later tonight if you are interested ...
Some days, it's just not worth biting through the leather straps :-#

gary100856
Fan
Fan
Posts: 148
Joined: Thu Dec 09, 2004 9:50 pm
Avant Version:

Post by gary100856 » Thu May 12, 2005 4:34 pm

Thx for the reply, TOMaxwell, I would be interested to see how it is done.

After reading the thread I updated my Hosts file from the source at which I originally obtained it, but it would be more thorough to verify the sites as well.
Avant 10.1 build 17
XP pro, IE 6
Kerio Firewall

User avatar
TOMaxwell
Semi-Fan
Semi-Fan
Posts: 68
Joined: Sun Jul 11, 2004 5:46 pm
Avant Version:

Post by TOMaxwell » Fri May 13, 2005 3:28 am

Copy and paste this into your Text Editor of choice, and name it " HostsExpired.bat " (without the quotes). Run it in a Command Prompt, and it will create a text file named " HostsExpired.txt " which contains all the names of the dead entries.

But BEWARE: It will take a long time to run its course, and suck a LOT of Memory during that time. You do NOT want to run it while you are working on the W3, or if you need to check you e-mail. It will timeout at 10 seconds PER entry in your HOSTS file for any entries that no longer exist, and be relatively quick for the ones that do still exist. When I initially ran it for ~34,000 HOSTS entries, it took about 52 hours. Actually, I chopped up the HOSTS file, and ran it in much smaller chunks over the course of a week. This is because if you ever need to stop it, it cannot start up again at the place you left off, it will start from the beginning of the HOSTS.

After I removed 11,000 dead entries, and only about ~23,000 remained, it *only* took about 5 hours to run through it again (testing for accuracy), and there were no new dead entries.


Please also note that this will ping the Domain's NAMESERVER, not the Domain itself. You must NEVER Ping the Domain of these Slick Advertising Bass Turds.

Code: Select all

@echo off

:: Test to see if we are on Win 9x by how ampersands are handled
> HostsExpired.tmp echo 1234&rem
type HostsExpired.tmp | find "rem" > nul
if errorlevel 1 goto NOT9X
goto ISWIN9X

:NOT9X
if exist HostsExpired.tmp del HostsExpired.tmp
echo This batch file will read the HOSTS file looking for
echo machine names that don't have a DNS "A" entry. A list 
echo of those machines will be appended to a file named
echo "HostsExpired.txt" in the default directory (usually
echo the same directory the batch file is in).

:: Wake the system up by pinging the primary DNS
call :PINGDNS

:: now read the first two words in each line of the HOSTS file
if not exist %windir%\System32\drivers\etc\hosts goto DONE
for /f "tokens=1,2" %%x in (%windir%\System32\drivers\etc\hosts) do call :TESTLINE %%x %%y
goto DONE

:TESTLINE
:: Arguments (dirty) - IP, MachineName
:: Did we get two arguments (was it a blank line)?
if [%2]==[] goto DONE
:: Is it a commented line?
echo %1 | find "#" > nul
if not errorlevel 1 goto DONE
:: Do a NS lookup. If "Address" shows up twice, it is good.
nslookup -type=A %2 2>nul | find /c "Address" | find "2" > nul
if errorlevel 1 call :TESTAGAIN %1 %2
echo %2
goto DONE

:TESTAGAIN
:: Arguments (clean) - IP, MachineName
:: Use ping as a time delay in case NS needed more time to 
:: look up or in case my !@#$%?! DHCP lease expired again.
call :PINGDNS
:: Do a NS lookup. If "Address" shows up twice, it is good.
nslookup -type=A %2 2>nul | find /c "Address" | find "2" > nul
if errorlevel 1 call :LOG %1 %2
goto DONE

:LOG
:: Arguments (clean) - IP, MachineName
:: Add the IP/name entry to the list.
echo %1	%2>> HostsExpired.txt
goto DONE

:PINGDNS
:: Used as a delay or to wake up the system by pinging the primary DNS.
:: Read the ipconfig command and separate things by the colon.
for /f "tokens=1,2 delims=:" %%x in ('ipconfig /all') do call :PINGDNS2 "%%x" %%y

:PINGDNS2
:: Arguments (dirty) - IpconfigEntry, IpconfigValue
:: If %1 (the beginning of the ipconfig line) has "DNS Servers"
:: in it, then %2 (the end of the ipconfig line) has the DNS IP.
echo %1 | find "DNS Servers" > nul
if errorlevel 1 goto DONE
:: Ping the DNS server, but limit the hop count so we *probably* will
:: get out of our local network, but *probably* won't harrass the DNS.
ping -i 4 %2 > nul
ping -i 4 %2 > nul
goto DONE

:ISWIN9X
if exist HostsExpired.tmp del HostsExpired.tmp
echo This batch file requires Windows NT or newer. 
goto DONE

:DONE


On top of my New, Leaner Meaner HOSTS file, I have a wicked cool no-ads.PAC file that runs through a BlackHole Proxy. You could say, I have effectively eliminated virtually all unwanted Internet advertising. There are actually a few cases where I have to turn it off or else I won't see something I want to see, but that is quite rare...

The No-ads.PAC will be tomorrow's lesson. :)
Some days, it's just not worth biting through the leather straps :-#

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Post by MysteryFCM » Sat May 14, 2005 1:39 am

Just an update on my previous post.

I started working on the HOSTS file analyzer and have gotten it sort of working (to an extent). However, I've currently run into a rather major problem with it (driving me bonkers it is..... been trying since Thursday to sort it out lol) so unfortunately, it's not yet available to the public as it were.

Anywho, in the meantime, once the bug is worked out, the homepage for it will be;

http://mysteryfcm.plus.com/?mode=Hosts

An example of the output results can be found at;

http://mysteryfcm.plus.com/?mode=Hosts& ... ts.txt.htm

Edit

TOMaxwell,
I hope you don't mind, I've put a copy of that batch file into the AB Archive downloads (under Tools). I've also included a readme.txt file for it (if you'd like anything within it changed, please let me know).

Filename: hostsexpired.zip (2K)
http://avant.it-mate.co.uk/?c=Download&cat=Tools

User avatar
TOMaxwell
Semi-Fan
Semi-Fan
Posts: 68
Joined: Sun Jul 11, 2004 5:46 pm
Avant Version:

Post by TOMaxwell » Sat May 14, 2005 3:11 am

/me = honored and :oops:
Some days, it's just not worth biting through the leather straps :-#

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Post by MysteryFCM » Mon May 16, 2005 12:04 am

14 May 2005

New Transponder site to watch for - MANMEDNW.NET

I just ran a whois for for direct-revenue.com and it lists them and their abetterinternet.com for the same IP, however a new one is listed:MANMEDNW.NET.

Whois shows domains by proxy right now so the owners can be hidden and the only page so far only shows "welcome".

Why do I say transponder? Most of their sites have always been kept in the same IP addresses.

direct-revenue.com 64.124.153.144
abetterinternet.com 64.124.153.144
manmednw.net 64.124.153.144

IP block data
Direct Revenue INAP-NYM-DIRECTREV-1466 (NET-64-74-242-0-1)
64.74.242.0 - 64.74.242.255

MANMEDNW.NET Created on: 12-Mar-05

This can mean only 1 of 2 things. The plan on creating a new variant (they normally name it after a site), or they plan on creating another IPinsight sentry stub like farmmext.exe, alchem.exe, belt.exe, conscorr.exe variant where they name the file after a website yet never place any pages on the website except to say unerconstruction, welcome, etc.
*****************


13 May 2005
In 2004, I found a request at rentacode.com by a user calling him/her self clear2close looking for an ActiveX component made thatt in their own words was to "an ActiveX "spyware" type of download " The user going by the name clear2close around the Internet is not to be confused with the website clear2close.com/clear2close.net that has no connection in the request made at rentacoder.com in 2004 for an ActiveX spyware type downloadable file.

Read the full details

Sergei
AvantGuard
AvantGuard
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Windows Version: Windows
Avant Version:
Location: Galway, Ireland
Contact:

Post by Sergei » Mon May 16, 2005 12:16 am

You know that the Internet is getting to you when you read hostsexpired.zip as hotsexspired.zip...
My Cartoons
:
IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Post by MysteryFCM » Mon May 16, 2005 12:19 am

hehe ... me thinks someone's in need of some caffiene ;)

gary100856
Fan
Fan
Posts: 148
Joined: Thu Dec 09, 2004 9:50 pm
Avant Version:

Post by gary100856 » Tue May 17, 2005 5:52 pm

Regarding the Hosts expired batch file.

ONce you have the list of "bad" entries for the Hosts file, the Hosts file must then be edited and these entries removed. Would it be simpler to have the batch file build a new Hosts.tmp file of "good" entries which could be renamed Hosts after the process was over? I took the liberty of editing TOM's batch file. If I have done it correctly, what is now produced is a list of good host file entries. The program no longer tests for the operating system; it is only for NT, and XP. It reads a Hosts file which is in the same directory as the batch file and builds a Good_Hosts.txt file in that directory as well. So one can break down an old Hosts file into bite sizes as TOM suggests and run them and the results of each will be appended to a new Hosts file which can subsequently be placed in the correct windows directory.


@echo off

if not exist Good_Hosts.txt > Good_Hosts.txt echo #New Hosts File

echo This batch file will read the HOSTS file looking for
echo machine names that have a DNS "A" entry. A list
echo of those machines will be appended to a file named
echo "Good_Hosts.txt" in the default directory (usually
echo the same directory the batch file is in).

:: Wake the system up by pinging the primary DNS
call :PINGDNS

:: now read the first two words in each line of the HOSTS file

if not exist hosts goto DONE
for /f "tokens=1,2" %%x in (hosts) do call :TESTLINE %%x %%y
goto DONE

:TESTLINE
:: Arguments (dirty) - IP, MachineName
:: Did we get two arguments (was it a blank line)?

if [%2]==[] goto DONE

:: Is it a commented line?

echo %1 | find "#" > nul
if not errorlevel 1 goto DONE

:: Do an NS lookup. If "Address" shows up twice, it is good.

nslookup -type=A %2 2>nul | find /c "Address" | find "2" > nul
if not errorlevel 1 call :LOG %1 %2 else :TESTAGAIN %1 %2
echo %2
goto DONE

:TESTAGAIN
:: Arguments (clean) - IP, MachineName
:: Use ping as a time delay in case NS needed more time to
:: look up or in case my !@#$%?! DHCP lease expired again.

call :PINGDNS

:: Do an NS lookup. If "Address" shows up twice, it is good.

nslookup -type=A %2 2>nul | find /c "Address" | find "2" > nul
if not errorlevel 1 call :LOG %1 %2
goto DONE

:LOG
:: Arguments (clean) - IP, MachineName
:: Add the IP/name entry to the list.
echo %1 %2 >> Good_Hosts.txt
goto DONE

:PINGDNS
:: Used as a delay or to wake up the system by pinging the primary DNS.
:: Read the ipconfig command and separate things by the colon.

for /f "tokens=1,2 delims=:" %%x in ('ipconfig /all') do call :PINGDNS2 "%%x" %%y

:PINGDNS2
:: Arguments (dirty) - IpconfigEntry, IpconfigValue
:: If %1 (the beginning of the ipconfig line) has "DNS Servers"
:: in it, then %2 (the end of the ipconfig line) has the DNS IP.

echo %1 | find "DNS Servers" > nul
if errorlevel 1 goto DONE

:: Ping the DNS server, but limit the hop count so we *probably* will
:: get out of our local network, but *probably* won't harrass the DNS.

ping -i 4 %2 > nul
ping -i 4 %2 > nul

:DONE
Avant 10.1 build 17
XP pro, IE 6
Kerio Firewall

User avatar
TOMaxwell
Semi-Fan
Semi-Fan
Posts: 68
Joined: Sun Jul 11, 2004 5:46 pm
Avant Version:

Post by TOMaxwell » Wed May 18, 2005 6:06 am

What a Great Idea :idea: gary! :D

I had batch files that would sort alphabetically, and another that would remove the dead entries, but I never got it to work quite right and never finished debugging it. Your batch does it all!

***APPLAUD***


I am going to set my 'pooter to run that overnight, and it might finish by morning.
Some days, it's just not worth biting through the leather straps :-#

User avatar
TOMaxwell
Semi-Fan
Semi-Fan
Posts: 68
Joined: Sun Jul 11, 2004 5:46 pm
Avant Version:

Post by TOMaxwell » Wed May 18, 2005 11:55 am

TOMaxwell wrote:I am going to set my 'pooter to run that overnight, and it might finish by morning.
And, as expected, it ran in about ~4.5 hours. :D


Oddly enough, the Good_Hosts.txt file is slightly larger than my HOSTS :? yet, it does not have the blahblahblah prefix at the beginning. I will run a comparison tonight after work to see what the differences are.

But still, I am thoroughly impressed that you eliminated a couple steps Gary.

YouDaMAN!
Some days, it's just not worth biting through the leather straps :-#

gary100856
Fan
Fan
Posts: 148
Joined: Thu Dec 09, 2004 9:50 pm
Avant Version:

Post by gary100856 » Wed May 18, 2005 12:51 pm

Thx for the praise, TOM, it was all based on what you did.
Avant 10.1 build 17
XP pro, IE 6
Kerio Firewall

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Post by MysteryFCM » Wed May 18, 2005 5:13 pm

Gary, if you can send me a copy of the batch file, I'll stick it in the AB Archive downloads area :)

gary100856
Fan
Fan
Posts: 148
Joined: Thu Dec 09, 2004 9:50 pm
Avant Version:

Post by gary100856 » Thu May 19, 2005 6:45 am

Will do Mystery
Avant 10.1 build 17
XP pro, IE 6
Kerio Firewall

Post Reply