Problem with a site (196.regvista.com)

Post by **Trooper** » Wed Jul 05, 2006 4:27 pm

Hi Rick,

I have been having a problem on a a forum that I visit: http://www.hlfallout.net/forums/index.php

I believe it has something to do with Adblock and possibly your list. It keeps hanging when I click on a thread and or post something there.

Check out this screenshot below.

What do you think I can do to stop this site from lagging? It seems to hang from the add site pictured in the screenshot.

Let me know if you could, and thanks.

Post by **IceDogg** » Wed Jul 05, 2006 4:37 pm

Don't know if you only wanted an answer from Rick, but I'll post a reply anyway. I visited the site and it does hang on external data coming in. But it does this even when you disable adblock plus. So it's something with the site itself not adblock plus or Rick's list.

Post by **Guest** » Wed Jul 05, 2006 5:37 pm

IceDogg wrote:Don't know if you only wanted an answer from Rick, but I'll post a reply anyway. I visited the site and it does hang on external data coming in. But it does this even when you disable adblock plus. So it's something with the site itself not adblock plus or Rick's list.

The weird thing is it does tend to stop a bit when I disable Adblock. Strange enough, it does not hang with IE (which is a first for me).

It does hang with Opera tho as well.

Post by **rick752** » Wed Jul 05, 2006 6:04 pm

Trooper wrote:Hi Rick,

I have been having a problem on a a forum that I visit: http://www.hlfallout.net/forums/index.php

I believe it has something to do with Adblock and possibly your list. It keeps hanging when I click on a thread and or post something there.

Hey, Trooper:

I don't think it is a problem with Adblock or the filters. The hangups seem to be coming from a 3rd party feed. It seems that the big hangup comes from a string originating from:

*affrontgl.com*

... don't know what this place is, but it is one of the requests that the page keeps waiting for. Adding the blocking string above seems to fix the hanging. Try adding it and see if it's ok. Seems fine here now.

*EDIT ... SEE NEXT POST*

Post by **rick752** » Wed Jul 05, 2006 6:47 pm

Turns out that:

196.regvista.com

.... is some kind of web virus that is searching for unpatched exploits in Windows and seems to go hand-in-hand with with the other link in my previuos post above. This would explain the hanging up (it's looking for a weakness in your OS ... it may have found it easier in IE)

Google-ing "196.regvista.com" will return a bunch of info about it ... be careful!

Adding

*196.regvista.com*

... to your filters will block the 'attempt' and keep "affrontgl.com" from being called too.

I'll check more into this one later.

Post by **IceDogg** » Wed Jul 05, 2006 6:57 pm

Rick, I added that 196.regvista.com to my filter list for security. let me know here or where ever if you decide to add it to your list so I can remove mine. I was afraid it was something like that.

Post by **Trooper** » Wed Jul 05, 2006 8:45 pm

Thanks a lot to the both of you for getting back to me. I will let the members on Half Life Fallout know as well.

BTW, adding that to my filter list has stopped the hanging as well.

Post by **rick752** » Wed Jul 05, 2006 9:31 pm

IceDogg wrote:Rick, I added that 196.regvista.com to my filter list for security. let me know here or where ever if you decide to add it to your list so I can remove mine. I was afraid it was something like that.

Wow ... this is a nasty little bugger from what I've read.

Just google the following (with quotes) and read some of the results:
"196.regvista.com"

Fortunately for Adblock users, it looks as though adding the following:

*196.regvista.com*

... seems to block this pest just fine.

I have now just added this to the regular filter and is now up .... this one is a VIRUS BLOCKING string!

Post by **IceDogg** » Wed Jul 05, 2006 10:14 pm

Thanks Rick, removed my personal one. Seems like this site would have been shut down by now.

Post by **rick752** » Wed Jul 05, 2006 10:21 pm

IceDogg wrote:Thanks Rick, removed my personal one. Seems like this site would have been shut down by now.

I know ... did you chase down the google results about different sites with this problem? This seems to be a fairly big problem.

I've still trying to figure out what is vulnerable with this. I DO know that the EasyList will block it now. I noticed an immediate increase in rendering speed on the "Half-Life' site of Tropper's as soon as I added it.

Post by **Guest** » Wed Jul 05, 2006 10:48 pm

IceDogg wrote:Thanks Rick, removed my personal one. Seems like this site would have been shut down by now.

I agree - don't think they'll be around long.

IN the meantime, regardless of your "blocking methods," add this to your HOST FILE:

85.255.115.196 added to your HOSTS FILE should stop it. At this point it's beyond "how do you block;" - it's a matter of never letting Windows see that little pest, period.

Post by **Guest** » Wed Jul 05, 2006 10:49 pm

(Sorry - "guest" above is me - wasn't signed in and don't want to bother)
/Paulfox

Post by **IceDogg** » Wed Jul 05, 2006 11:24 pm

Good advice Paul, and it's good to see you. Haven't seen you around anywhere lately.

Post by **Paulfox** » Thu Jul 06, 2006 4:05 pm

Thanks Ice. Nice to see U 2. I'm amending above post w/better info:

I've seen folks using 200-300-400k host files, and that seems ridiculous to me; however I'll put up my short less than 1k host file here containing several threats & another variation of "regvista." The only notations marked with "#" are briefly what it protects you against. I always found it silly to have the "commented out stuff" longer than the actual "meat."

127.0.0.1 localhost
127.0.0.1 196.regvista.com #WMF
127.0.0.1 23.allmegabucks.com #WMF
127.0.0.1 235.regvista.com #WMF
127.0.0.1 ad.doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 http://www.corypaints.com #WMF
127.0.0.1 doubleclick.net
127.0.0.1 game4all.biz #WMF
127.0.0.1 http://www.loomcompany.com #WMF
127.0.0.1 m1.doubleclick.net
127.0.0.1 m2.doubleclick.net
127.0.0.1 m3.doubleclick.net
127.0.0.1 m4.doubleclick.net
127.0.0.1 medai.fastclick.net
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 pagead0.googlesyndication.com
127.0.0.1 pagead1.googlesyndication.com
127.0.0.1 pagead3.googlesyndication.com
127.0.0.1 pagead.googlesyndication.com
127.0.0.1 products-gold.net #WMFSpy
127.0.0.1 http://www.products-gold.net #Trojan
127.0.0.1 ww.sfzdl.com #WMF
127.0.0.1 sploso.com #WMF
127.0.0.1 swift-look.com #phishing
127.0.0.1 http://www.tfcco.com #W32PFVExploit
127.0.0.1 toolbarbucks.biz #WMF
127.0.0.1 toolbarcool.biz #WMF
127.0.0.1 http://www.yukselt.net #PsyBotInst

Whether on dialup or cable, you should see some speed improvement JUST listing the "biggies" as above, - plus you get the NEEDED protection against the topic subject. Also, your antivirus (which I use and don't use, and frankly think is a waste of resources most of the time, especially with Firefox) - should fly off the handle and give you an alert on that page. If not, you need to shop for a better A/V (AVAST!, which I currently have loaded but sometimes don't). Again, there is debate over 4 "0's" as opposed to "127;" I don't believe it buys you any speed and can create errors more than it's worth. That's a separate discussion; I use 127 (created this yesterday, previously didn't use a host file at all) and it seems fine. Cheers all / p

Post by **Guest** » Thu Jul 06, 2006 7:41 pm

http://digg.com/mods/One_Hosts_file_to_rule_them_all

This one is cool too :
http://everythingisnt.com/hosts

EasyList Forum