Tuesday, May 3, 2011

What program can modify hosts file?

I was puzzled to find that one of my favourite torrent sites 'thepiratebay.org' was pointing to localhost. Knowing that hosts file could do this, I looked and found the following under "%SystemRoot%\system32\drivers\etc\" folder/directory which is where host file resides.
It appears the hosts file was modified on 4/22/2011 which was later matched to my installation of a program called blender. Here's what it looked like:

127.0.0.1       localhost
127.0.0.1       localhost127.0.0.1       localhost127.0.0.1       localhost127.0.0.1       thepiratebay.org
127.0.0.1       www.thepiratebay.org
127.0.0.1       mininova.org
127.0.0.1       www.mininova.org
127.0.0.1       forum.mininova.org
127.0.0.1       blog.mininova.org
127.0.0.1       suprbay.org
127.0.0.1       www.suprbay.org

If you are not aware this file should not have any domain names (localhost is accepted) all those domains would be blocked and redirected back to the localhost (127.0.0.1).

Obviously someone or something does't want me to visit those sites, so I started looking through installed programs that may have done it but I'm not sure where to look if you have notes comment below!

I noticed only a few things in 'add or remove programs' last used around this date only shows a program called 'blender' and one called 'Avidemux', could they be involved?

I think it has to do with blender  whcih is a "free open source 3D content creation suite, available for all major operating systems under the GNU General Public License"

I find it really strange that a free GNU public license software would do such a thing to modify hosts file and I really hope I am wrong but it looks like this program was installed on that day, I will followup some tests and hope to report this somewhere, somehow (outside this blog)

If you can help in any way, such as testing and reporting that would be great!

thanks for visiting eduboris

2 comments:

Anonymous said...

It's neither Blender nor Avidemux; I have neither on this machine and my hosts file was modified in exactly the same way.

theborisedu said...

what do you think does that?