Hello, I'm new here, but I've been working on a project for a little while I call Supertrick XG. I got my inspiration from Supertrick, which was started by the makers of K-Lite. My project, which was just an installer that merged (without duplications) entries into the HOSTS file is growing to be lot more. It can also add malicious domains to the restricted sites zone and prevent spyware ActiveX controls from downloading and running in IE by setting it's corresponding Killbit, and more. If anyone wants to check it out, they can. If nothing else, at least the HOSTS file entries can be used, right?

I know that sounded like just an ad, but I have nothing to gain. I really just want to help, if I can.

-- Xero Grid --

help is always welcomed , the best hosts file ive seen besides rooteds is hpgurus and the mvps hosts file in my sig. the supertrick file is getting way too old and needs updating badly.

No, you misunderstood. This is my supertrick, Supertrick XG. The HOSTS file is split into five components.
This page has all the screencaps

BTW, I use hpgurus and the mvps hosts files among others, to block more. But, I was trying to say that that isn't all it can do.

-- Xero Grid --

Nice tool Xero - deserves to be a Sticky

You think so? That would be cool. I thought it would be easier to have an installer rather than doing it by hand.
I've been working on it a lot lately. I've made lots of improvements, and so far several people have helped a lot. The more, the better, though.

-- Xero Grid --

yeah sorry , i thought you were talking about doing something with the klite supertrick .

if youre using all those other hosts files , then i think it sounds really good , so far there has been no good tool to merge all the various hosts file together and remove the duplicates , and the hostess and spyware blaster also let you add to the restricted sites and block activex kill bits , but theres no one proram that handles it all, so i think yours would be worth testing out [as soon as i unblock your site i will take a proper look ] , thanks for the info Xero Grid.

the people [like me] with psineta blocks might have a bit of trouble getting to the site though.

www.freewebs.com 38.144.96.31, 38.144.96.32, 38.144.96.33, 38.144.96.34, 38.144.96.35, 38.144.96.36, 38.144.96.37, 38.144.96.38, 38.144.96.39

Oh, sorry. I don't have enough money to get decent hosting. I don't have any means for decent hosting, now that I think of it.
And it's totally dedicated to that free project.
I did realize that some people blocked freewebs.com when making the site, but I didn't use anything extravagant for the site. It's pure HTML 4.01, and the files aren't hosted on the site itself, so I don't think there should be too much of a problem... I hope.

-- Xero Grid --

ah i just block all psineta in general , this is the first site ive seen that isnt garbage from their network that i even would think of unblocking.. nice work , it really has a lot of features that would be useful to noobs and not so noobs.

also welcome to the forum

any chance of adding bluetack and sharethefiles to your links page ?

I added a lot more links of software and sites that I really found to be useful.
Oh, sharethefiles? I know that's a dumb question, but what is that?

-- Xero Grid --

no worries , well it used to be http://www.fasttrackcentral.com , the first and original verified downloads site , now its back as http://www.sharethefiles.com , check this page for the forum links and more >> http://www.sharethefiles.org/ << , there are many members here/there from both forums , including staff , check it out and see what you think, you should post the supertrick XG in the security section before i do it.

Do you mean post it in the Security Tools Review of this forum?
I saw a section on security on the sharethefiles forum, but it's only P2P security. I don't know. Maybe I need a nap. I feel like I lost my head, today.

-- Xero Grid --

yes i think you should post it in both the STF forum p2p security section and bt security tools section mate , it will help a lot of people , hey your links page is looking very good now , not that it wasnt good before ,

trust me the STF p2p security section is not just for p2p.

I posted it in the Security tools section with some screencaps. I'll post it on the other forum, soon.
About my links, I could just upload my bookmarks.html file and have people sort through my 1,000+ links

--EDIT--
I posted it on the other forum, too.

-- Xero Grid --

thanks XG , hey we have a thread going for bookmarks in the lounge >> http://www.bluetack.co.uk/forums/index.php?showtopic=3005 << , maybe we can set up a bookmark exchange club sometime

if you need hosting we can merge the 2 (yours and ours) and make one phat HOSTS file

pm me after 9 days or neopenguin and we will try to work things out

Ahh a gift from the heavens!! XG you will most certainly be a WEALTH of information and ideas when it comes time for coding the HOSTS manager!! A very sweet tool already indeed!

and once again in case i missed you before, welcome to the forums!

Well, I don't know about coding, but I can make installers like it's nobody's business.
Thanx for the compliments and warm welcome.
I'm sure I can help in some way.

-- Xero Grid --

@XG hey that SuperTrick is cool..but we could do without the free spyware! S&D found coolwwwsearch with your install!

That doesn't make sense. The installer has no spyware. It prevents it.
What exactly does that entry mean? It found a bookmark?

That's not even the project page anymore. I have a new host.

Wait... that couldn't be from freewebs, could it? Does freewebs distribute spyware?
What Spybot found looks like it's more related to my site than the installer. You can check the site source yourself. There's nothing there but a series of tables.

--EDIT--
I doublechecked. There is NOTHING WRONG with my installer. Spybot complains about ANY bookmark that has "freewebs.com" in it. It doeesn't matter the site or what's installed.
I checked with spysweeper, CWShredder, and Spybot, even though I don't use spybot often. Spybot is the only one that complained.
Next time, try not to scare me like that!

-- Xero Grid --

LOL sorry about that S&D lists it as a hijacker but, I checked with spysweeper and it didn't come up!

You almost had me thinking I had a couple thousand people install spyware.
I'd be booted off the internet for that.

-- Xero Grid --

hey good to see you getting a lot of support for your efforts around the place, and now i can add the psineta ip ranges back in to my firewall since you got rid of freewebs lol.

lol i some how fraged my apache server with this so im trying to see whats up and how to fix it,i uninstalled it but now im re-installing it to see what in the hell happened

if i can't get it working ill be yelling

Sounds pretty strange.
Have you tried changing the redirection IP from 127.0.0.1 to 0.0.0.0?

-- Xero Grid --

i got it working,just reinstalled apache

dunno what happened..

Hmm... it's the first time I've heard of that.
BTW, I PMed you about the HOSTS file.

-- Xero Grid --

Sorry for being so lame not to try it earlier, xero grid
but very nice program!

137 false entries of spyware using ad-aware 6.0
Odd that my other host entries do not come up as spyware - are there any edits I can do to avoid this coming up everytime I scan?

thanks - cool program, btw

Thanx, everybody.
Sharing is caring.


HOLY Crap!
I haven't heard of that until now, either. I don't use Ad-aware, you see.
When a problem relating to the HOSTS file occurs, usually changing the IP address the sites are redirected to (including localhost) from 127.0.0.1 to 0.0.0.0 or even 127.0.0.3 would fix it, but Ad-aware should still see it as a CWS hijack. I suppose it's worth a shot.
Well, it's good to know my installer blocks at least 137 CWS sites.

Just to be sure, use CWShredder to make sure nothing else is causing Ad-aware to think something in your system is wrong.
I'm curious, have you ever tried Spybot S&D or SpySweeper?

-- Xero Grid --

My system is clean as a whistle I use ad-aware, spybot, spywareblaster, and have most activex controls disabled/prompted. I also use firefox, not IE. The 137 ad-aware 6.0 finds are the same as those of your HOSTS list. I uninstalled SupertrickXG, and then re-scanned with ad-aware, and it found nothing - back down to zero.

It just must be a flaw in Ad-aware. It must not be programmed to tell the difference from a HOSTS file redirection that is or is not malicious. If there is a new release any time soon, I would say to upgrade.

Have you tried adding the entries yourself? Taking the file in the installation directory and opening them and the HOSTS file in notepad and adding them by hand. If Ad-aware were running at the time the entries were added by the installer, maybe Ad-aware though CWS did it. Sounds like a longshot, though.
I can't think of anything else.

-- Xero Grid --

yeah, it's definitely an ad-aware weirdness for sure. There's no spyware in your program, obviously But what is curious is the fact that it ignores all my other HOSTS entries from spybot and r00ted.

I'll play around with my ad-aware settings as well as your program and just troubleshoot it - we'll get to the bottom of this anomaly - no worries.

peace

now that is very weird that adaware thinks theyve been added by cws trojan , i will ask them about it too.

I'm going to post this on the ad-aware forum... as soon as I'm able to post on it.
I may need your Ad-aware log, and whatever version you're using, ect.
Together, this problem shouldn't be around for long.

-- Xero Grid --

Sure thing. All necessary info should be in the logs:

logs taken down - let me know if you need them again

hope this helps

Great!
Okay, the problem was posted, but I did a bit of searching and you're not the only one with this issue. The thing is, the largest number I heard was 73 entries, so I guess you beat the record.

Well, that at least confirms it. It's all Ad-aware, but maybe the post I did will wake someone up on it. 137 false entries is ridiculous. Anyway, I'm not sure if the entire program would have to be updated (most likely) or if the way the reference files are formatted has to be changed or what. We shall see....


--EDIT--
I saw a similar post, and someone responded that you can just add it to the ignore list, but I still want to get this to their attention. Like I said 137 entries is a joke. Ad-aware is programmed to respond to any and all entries that even remotely related to spyware, even when it's a user trying to protect him/herself. This should be corrected.

-- Xero Grid --

cool - thanks for looking into this.
making 130+ ignore entries is a bit excessive, so I think I'll just turn off the HOST scan and keep an eye on the file myself. Lavasoft (and even the creator of Spybot - it comes up in there as well, albeit to a lesser degree) should definitely address this issue - agreed.

peace

Lavasoft is nooooo help at all.
They got a bit touchy about the subject and you can't even breathe a word of other scanners on their forums. The answer to every problem is downloading the newest definition file.

Adding to the ignorelist is the only solution and it always will be. Well, someone did come along to tell me that if the IP address for an entry is changed (by CWS for example), then it will come out in the results of the scan.

What a fun visit that was.

-- Xero Grid --

Hi guys, Hi XeroGrid hehehe. thought I'd say Hi here, I know I PMed/Replied to your PM hehe. This will be awesome for the upcoming HOSTS Manager I installed it on my stepdad's comp, didnt even bother scanning with adaware or spybot yet tho. Ill have to see if it's causing trouble on that comp hehe. But yea, I've seen the freewebs bookmark detections in Spybot S&D I guess freewebs.com is such a haven for invulnerabilities(what better than free web hosting! lol) they put it in there defs.

just curious - why does ad-aware ignore my other HOST lists (spybot bad HOSTS & r00ted's list), but chose to list SuperTrick's as being adware? What exactly is the difference?

thanks

yeah doesnt sound like you had much succes XG.. well have to sort this out ourselves i guess.

No offence to Adaware and Spybot , but i dont like to have either installed really unless i absolutely have to , i always have problems with either of them when theyre installed , i prefer Outpost as my main protection and Spyware Blaster [ and Regrun Gold / Winpatrol too ]

I always prefer to IP block the suckers and HOSTS file them , and with a bit of common sense and layered security, the spyware and crap are never getting in anyway , works for me at least. [ most of the time , except when i forgot to disable javascripting ]

Well, r00ted, if you do find a problem with your dad's comp, you know who to contact.
Feedback is good.
But I put it on a lot of computers I work on and so far no problems. The only problems (always a conflicting entry) I get are people who are helping me test some of the entries.

As for the entries, Supertrick XG must have entries that r00ted's HOSTS file doesn't have. That can be the only explanation. The way to confirm this would be to have r00ted's HOSTS file installed along with whatever entries you have yourself, and then install SXG and look at the HOSTS file yourself. You should see the entries at the end of the file. Since my installer makes no duplications and has commented entries at the beginning and end, it should be easier to spot.

The thing is, there are many HOSTS files in SXG, not just my own, so there's bound to be some entries in there that the file you had before installation just didn't have. At least 137 extra entries, by your account.

Well, all the free scanners all have issues.
I like Spysweeper, myself, but I rarely use it anyway. Don't really need it. CWShredder is gold, though.
The only time I get spyware is when I'm testing entries, which is a bad idea to begin with.

-- Xero Grid --

in case nobody noticed yet i posted this tool for comparing file differences , which i use for my IP blocklists when updating them and HOSTS file merging.

http://www.bluetack.co.uk/forums/index.php?showtopic=3299

XG can you make you HOSTS file available without the installer at all ?

also someone asked me if you used this tool by E Howes, as the basis for your idea, since it is very similar :

Actually, I haven't heard of EBURGER until now, but I did see enough is enough before.
Really, I just took my idea from the Supertrick installer Error403 made, but it was only a test version and he never got into the project again.

You have only seen version 1.4.
Supertrick XG 1.0 was just for the HOSTS file. Then I saw IE-SpyAD and the tools Steve Gibson made and one vesion of my installer just extracted the apps into a temporary directory and executed them silently. This was before I figured out how to make the tweaks in the installer, and I didn't need Gibson's Utilities anymore. I did take the idea for installing Microsoft's IE PowerTweaks WebZone Accessory from enough is enough, but that was only in version 1.4. I didn't find it before that.

So, it just kind of grew piece by piece out of just something for the HOSTS file.
I'm actually surprised. EBURGER is very similar.

Well, I can post the HOSTS files, but the files are five seperate files equaling almost 2.5 Mbs.
You can actually get the files from the application's installation directory under the HOSTS subdirectory. These are the following files:
bare, ads, counters, Useless, and PornHOSTS.
The files BEGIN and END allow for uninstallation of only the HOSTS file entries added during installation.

Still want me to post the files?

-- Xero Grid --

cool thanks a lot for the explanation mate , and nah , ill pass for now on the files

Very interesting thread.
I hope to help sort out those entries problems with Spybot SD and Ad-aware,
but it might take a little while.....<smiles>

The problem is, rightly or wrongly, there is widespread belief
that www.freewebs.com is, or at least was, a CoolWebSearch affiliate.

XG, you know that CWS list I posted...yep...it's on there.,
and on several other heavy duty block lists around town.
Quite possibly it is no longer an affiliated site, but, once on those lists,
it can be difficult to be extracted.

Lemme see what I can dig up on recent affiliations,
and start talking to some people that matter.

That site looks to be on the Spybot, Ad-aware, SpywareBlaster, CWS,
IESPYAD aand hpguru's lists so it may be a tough ask to get a reprieve.
But hey, if it's clean, it should come off the main ones and Hosts lists.
It probably has serious ads & tracking cookies and will remain on the Restricted zones lists.
No promises but I'll get an update of where it stands at the moment.

Ice

its good to have another HOSTS file expert on the forum = ICEBLUE , your guide in the SWI bootcamp is great by the way ..

I know a lot of people use freewebs for bad purposes, but the fact of the matter is, I no longer use it, so now I'm going to block it too. I won't put it i the HOSTS file, but I will place it back in the restricted sites zone. Oh, and no one knows better how hard it is to remove entries once they are on the great list of baddies, than me. If you install all my HOSTS file entries, you'll know what I'm saying.
73,000-76,000 entries, I believe (haven't looked at the number in a while), but the Porn HOSTS file contributes for more than half of those entries.

As for the HOSTS file causing false/positives with Ad-aware and Spybot, I will place an advisory on my site, soon. Personally, Spybot has not made any complaints about my HOSTS file, but Ad-aware... well that won't be fixed. They were even arguing with the fact that it was a false/positive. They tried to say it wasn't, like I hurt their pride or something.

-- Xero Grid --

Ty Moore,

it was a simple tute to take peeps from
Hosts?? wtf?? >>>> Cool, check out my Hosts!!

lawrence abrams from bleepingcomputer did a classic style tute
which I think is pretty damn good (his site is now tutorial heaven.)

XG,
Ok, maybe we just leave that one.
I did get given a hosting site contact:
Steven Burn of it-mate.co.uk offers free hosting for worthwhile projects.
http://www.it-mate.co.uk

I didn't get to see the list of FPs that Bio put up; were they bookmarks like the Spybot entry?
CWS does alter domains to point to the loopback IP, so possibly they were similar entries....
I'd have to see the list, if that's still available....
I can see their point of view in containing CWS, and I can see your point keeping legit entries in the hosts file.
Hmmm, maybe a toggle for disabling listed entries prior to an Ad-aware scan....perhaps there's some other way...

Ice

back up


before installation
with supertrick installed
after uninstallation