I downloaded and installed Ad-Aware 2008 (Definition File 0125.0000) yesterday, and immediately ran a scan that turned up the following seven (7) host file "infections" with 127.0.0.1 IP Addresses:
"CoolWebSearch" category="Malware" tai="10"
item id="500000001" value="IP Address: 127.0.0.1 Host Name: LENDER-SEARCH.COM"
item id="500000002" value="IP Address: 127.0.0.1 Host Name: HOT-SEARCHES.COM"
"Redirected hostfile entry" category="Misc" tai="4"
item id="500000134" value="IP Address: 127.0.0.1 Host Name: CLKOPTIMIZER.COM"
item id="500000137" value="IP Address: 127.0.0.1 Host Name: SMARTESTSEARCH.COM"
"Win32.Delf.Trojan.A" category="Malware" tai="8"
item id="500000483" value="IP Address: 127.0.0.1 Host Name: HARD-VIRGINS.COM"
item id="500000484" value="IP Address: 127.0.0.1 Host Name: WWW.HARD-VIRGINS.COM"
item id="500000485" value="IP Address: 127.0.0.1 Host Name: PETITE-VIRGINS.BIZ"
Since these preventative 127.0.0.1 hosts file entries were inserted into the hosts file by my BIIS (aka BlueTack) Hosts File Manager as a blocking mechaism, can I safely assume that I’m looking at "false positives" here?
If yes, what action should I take, since clicking “Remove” or “Quarantine” isn’t permitted.
Full Version: False Positive Host File Entries ?
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
QUOTE(Youka @ Sep 29 2008, 07:00 PM) 
I downloaded and installed Ad-Aware 2008 (Definition File 0125.0000) yesterday, and immediately ran a scan that turned up the following seven (7) host file "infections" with 127.0.0.1 IP Addresses:
"CoolWebSearch" category="Malware" tai="10"
item id="500000001" value="IP Address: 127.0.0.1 Host Name: LENDER-SEARCH.COM"
item id="500000002" value="IP Address: 127.0.0.1 Host Name: HOT-SEARCHES.COM"
"Redirected hostfile entry" category="Misc" tai="4"
item id="500000134" value="IP Address: 127.0.0.1 Host Name: CLKOPTIMIZER.COM"
item id="500000137" value="IP Address: 127.0.0.1 Host Name: SMARTESTSEARCH.COM"
"Win32.Delf.Trojan.A" category="Malware" tai="8"
item id="500000483" value="IP Address: 127.0.0.1 Host Name: HARD-VIRGINS.COM"
item id="500000484" value="IP Address: 127.0.0.1 Host Name: WWW.HARD-VIRGINS.COM"
item id="500000485" value="IP Address: 127.0.0.1 Host Name: PETITE-VIRGINS.BIZ"
Since these preventative 127.0.0.1 hosts file entries were inserted into the hosts file by my BIIS (aka BlueTack) Hosts File Manager as a blocking mechaism, can I safely assume that I’m looking at "false positives" here?
If yes, what action should I take, since clicking “Remove” or “Quarantine” isn’t permitted.
"CoolWebSearch" category="Malware" tai="10"
item id="500000001" value="IP Address: 127.0.0.1 Host Name: LENDER-SEARCH.COM"
item id="500000002" value="IP Address: 127.0.0.1 Host Name: HOT-SEARCHES.COM"
"Redirected hostfile entry" category="Misc" tai="4"
item id="500000134" value="IP Address: 127.0.0.1 Host Name: CLKOPTIMIZER.COM"
item id="500000137" value="IP Address: 127.0.0.1 Host Name: SMARTESTSEARCH.COM"
"Win32.Delf.Trojan.A" category="Malware" tai="8"
item id="500000483" value="IP Address: 127.0.0.1 Host Name: HARD-VIRGINS.COM"
item id="500000484" value="IP Address: 127.0.0.1 Host Name: WWW.HARD-VIRGINS.COM"
item id="500000485" value="IP Address: 127.0.0.1 Host Name: PETITE-VIRGINS.BIZ"
Since these preventative 127.0.0.1 hosts file entries were inserted into the hosts file by my BIIS (aka BlueTack) Hosts File Manager as a blocking mechaism, can I safely assume that I’m looking at "false positives" here?
If yes, what action should I take, since clicking “Remove” or “Quarantine” isn’t permitted.
Hi Youka!
I will look into this issue and if it turns out to be false positives they will be removed as of the next definition release.
Thank You kindly for your notification.
Albin
Lavasoft Research
Hi again ! 
Your problem should now be solved. Download the latest definition file (0126.0000) and try to run a scan again.
Regards
Albin
Lavasoft Research
Your problem should now be solved. Download the latest definition file (0126.0000) and try to run a scan again.
Regards
Albin
Lavasoft Research
Thanks for the quick response, Albin. 
Definition file 0126.0000 resolved the problem.
Best Regards, Youka
Definition file 0126.0000 resolved the problem.
Best Regards, Youka
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.