PDI2ISO has a trojan embedded

[arcorob]

In a search for some VERY WELL hidden virus/trojan etc, found that PDI2ISO.EXE has a trojan worm in it. The worm is the
ssiwg2

[crazeplaya]

It's probably just your version, otherwise I'm sure someone else would have found it. How did you find out it was there?

[Vejita-sama]

My verison (according to McAfee VirusScan Enterprise 7.0 with newest DAT files 4.2.60 ) shows nothing. Like the above poster I would suspect that it's your system that's infected. How did you detect this trojan and where did you d/load your file?

As an aside I no longer use pdi2iso (but still have it on my system) I just burn the pdi files with DVD Decrypter.

[arcorob]

Dont be so sure. Mcafee doesn't spot it nor does symantec or adware and I have currency on all three. It also found a Keylogger in program ERUDNT which was part of a registry tool.

Try this yourself.
http://www.atshield.com/

By the way, None of the anti-virals detect a new SEX-BBC redirector either. That one is a b*tch to find. Finally found them through a website(adult) that indicated a TEENS folder and a file in WINDOWS called HOSTS (no file extension) .

Made me loose confidence in the above tools.

[BJ_M]

you are supposed to have a file in windows called HOSTS (no file extension) .

open it in a txt editor ..

good way to block certain urls accually .. (point them back to 127.0.0.1 )

[arcorob]

what does it do ? I renamed mine with no ill effect.

I found the info via a google search that put me to an adult forum topic
http://www.adultnetsurprise.com/message-board/traffic/viewthread/170/

They are the ones who found the fix and it worked ? Your saying I need a HOSTS file ?

[Vejita-sama]

Remeber that winXP has a done of 'errors/bugs/problems' in it. A lot of the normal windows files will show up as trojans if you set no file extension) as the rule or scan for ip address based text files.

I'm not going to buy the software you suggested to check if pdi2iso has a trojan (sswig2) but certainly based on my aviable data my pc is clean (ie. if it's a worm my HD still has a lot of freespace).

If you're visting lots of porn sites it pretty easy to pick up a virus (hey just like the real world ) maybe you got something out there, maybe your right and everyone else is wrong, have to wait and see I guess..

[BJ_M]

what does it do ? I renamed mine with no ill effect.

I found the info via a google search that put me to an adult forum topic
http://www.adultnetsurprise.com/message-board/traffic/viewthread/170/

They are the ones who found the fix and it worked ? Your saying I need a HOSTS file ?

yes -- you really need it .. though your web browsing and networking may work without it

What is the Hosts file?
The Short Answer:
The short answer is that the Hosts file is like an address book. When you type an address like www.yahoo.com into your browser, the Hosts file is consulted to see if you have the IP address, or "telephone number," for that site. If you do, then your computer will "call it" and the site will open. If not, your computer will ask your ISP's (internet service provider) computer for the phone number before it can "call" that site. Most of the time, you do not have addresses in your "address book," because you have not put any there. Therefore, most of the time your computer asks for the IP address from your ISP to find sites.

If you put ad server names into your Hosts file with your own computer's IP address, your computer will never be able to contact the ad server. It will try to, but it will be simply calling itself and get a "busy signal" of sorts. Your computer will then give up calling the ad server and no ads will be loaded, nor will any tracking take place. Your choices for blocking sites are not just limited to blocking ad servers. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.



The Longer, More Technically Oriented Answer:

The "Hosts" file in Windows and other operating systems is used to associate host names with IP addresses. Host names are the www.yahoo.com addresses that you see every day. IP addresses are numbers that mean the same thing as the www words - the computers use the numbers to actually find the sites, but we have words like www.yahoo.com so humans do not need to remember the long strings of numbers when they want to visit a site.

For instance, the host name for Yahoo! is www.yahoo.com, while its IP address is 204.71.200.67 Either address will take you to Yahoo!'s site, but the www address will first have to be translated into the IP address. If you type in the IP address directly, your computer will not have to look it up.

A series of steps are used when searching for IP addresses that go with these host names. The first step, and the one that concerns us here, is the hosts file on your local computer. The Hosts file tells your computer what the name is in numbers so the computer can go find it. If the IP address is found in your Hosts file, the computer will stop looking and go to that site, but if it is not it will ask a DNS computer (domain name server) for the information. Since the search ends once a match is found, that provides us with a mechanism to block sites we have no interest in. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.

We can put names and addresses into the Hosts file so your computer does not have to ask a DNS server to translate the domain name into an IP number. This speeds up access to the host site you want to see because your computer no longer has to query other systems on the Internet for the address translation. When you type in a web address like www.yahoo.com, the host name portion of the web address is translated into an IP address before the site is accessed. If you put Yahoo!'s host and IP settings into your Hosts file, it would load a little quicker because your computer doesn't have to ask another to translate where to look for Yahoo!

Computers have a host address of their own - it is known as the "localhost" address, with an IP address of 127.0.0.1 which it uses to refer to itself. If you associate another computer's host name with your localhost IP address, you have effectively blocked that host since all attempts to access it will lead back to you. That is how we will block sites using the Hosts file. We will tell our computer that the IP address of the site we want to block is our own address. That way, our computer will not ever leave and go looking for the site we are blocking - which keeps that site from appearing because the computer thinks it has found the site and displayed it already.

Many web sites have links to other servers for the retrieval of advertisements. In the case of those web servers, the browser will quickly fail to locate the requested data (scripts, images, etc.) from the advertising server because we told our computer to look for the information on itself - of course it won't find any of it and will quit looking for it - and will continue loading the pertinent portions of the page you want to see. This will keep your computer from even talking to the ad servers, and thus you won't see the ads, they can't put cookies on your hard drive, and you can't be profiled by them.

Benefits of the Hosts File:

(1.) Uses less resources:

By using a function built into your computer, you will be able to block advertising sites (or any other site you wish) without the need for any extra programs. This will cut down on memory and processor usage, which will free up your resources for other tasks.



(2.) Works on connections other than HTTP:

Most ad-blocking programs will only intercept IP calls going to the HTTP (or web) port on your computer. Other transfers can still get through. The Hosts file, however, will block IP calls on any port, whether it is HTTP, FTP, or whatever else you happen to be doing.



(3.) Eliminate many tracking and privacy concerns:

By intercepting the IP calls before they ever leave your computer, the Hosts file can prevent advertising and tracking companies from ever even knowing you are viewing a web page. This will keep them from profiling you and help you keep your privacy. All sites in the Hosts file entered with a 127.0.0.1 address will never be accessed. Sites that are not in the Hosts file may still track you and send you ads. See the notes section for more information.

To find out which advertisers may be tracking you, please visit this excellent web site.



(4.) The Hosts file is configurable:

Rather than relying on others to decide what sites to block for you, you may edit the Hosts file entirely on your own. This means you can put any site you wish into the Hosts file and that site will not be able to be accessed. You can use this to block advertisers, trackers, or sites you would not want your small children to see. You get to decide entirely what you wish to block, and you don't have to depend on someone else's judgement!



(5.) Increased browsing speed:

By placing sites into your Hosts file with their correct addresses, your computer does not need to ask another computer where to find a site. This can significantly speed up your surfing experience because your computer will go straight to that site instead of having to ask directions. Also, by keeping ads from being loaded using the blocking technique in the Hosts file, web pages will be viewable much more quickly since they won't have to load a lot of fancy graphics.



Some restrictions on the Hosts file:

(1.) It will not work with wildcards, such as *.whateveryouwantgoeshere.com.



(2.) It will not work with URL's that begin with IP numbers.

IP numbers are the numerical equivalent of the www.somesitenamehere.com address, and that is what your computer actually uses to find the web page. The names are there so that humans don't have to remember long strings of numbers. You would need to find the www.whatever.com address that the IP number represents, and then block that name instead of using the IP number. For example, Yahoo!'s address is www.yahoo.com, and its IP address is 204.71.200.67 We can block www.yahoo.com but not the IP address. The reason for this is that Hosts is used to determine IP addresses. If we already know the IP address, Hosts will not be consulted and so can not block the site. I do not recommend actually blocking Yahoo! though, as it is a great search engine!



(3.) It will not work with ads that are served from the same site you are viewing.

The reason for this is that the Hosts file must block an entire site, and can not block subdirectories or pathnames on a site. For example, you could not block www.netscape.com/ads/ because you can't block subdirectories. You would need to block the entire www.netscape.com server, and that would leave you without access to Netscape's site. So you will have to use a different method to eliminate ads that come from the site you are viewing, such as an ad-blocking program.



(4.) It may cause some sites to quit working properly.

If you put the wrong server into your hosts file, it may mean that certain websites will no longer be viewable as they normally would be. To remedy this, remove the entry of the site you wish to unblock from your hosts file. Please see the FAQ section for more on this. In particular, you may notice sites that rely on Akamai's servers will not function properly if Akamai is in your Hosts file.

Where can i get a HOST file that has 99% of crap blocked ?

here:
http://www.accs-net.com/hosts/Downloads/hosts127001.zip


The Hosts file used here was last updated on July 7th, 2003


How can i edit it myself and add entries and change them ?


read the instructions here:

Code:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

# The following comments have been added to Microsoft's:
# To add entries that you wish to block:
# Place 127.0.0.1 and the host name of the 
# server on the same line with a space between them
# as shown above.  Do not remove the line above.
# You may remove this comment section if you wish.

# Then, place this file in the c:\windows directory
# (if you use Windows 95/98)
# and rename it from "hostsplain.txt" to "hosts" - 
# Make sure you do not have a txt extension on it after
# you rename it.

# Place the file in the c:\winnt\system32\drivers\etc
# directory if you use Windows NT/2000

[arcorob]

Wow !! Okay, I check and that BUG must have renamed my OLD HOSTS file to HOSTS.BAK and placed itself there. In the one called HOSTS, it had a bunch of IP's and sex content links.

In the HOSTS.BAK, was the 127.xxx IP you mention sooo...I renamed and have it back the porn one is BIT BUCKETED...LOL

Thank you ..I still recommend the use of ANTI TROJAN though,,,,One more tool in the arsenal.