Well I just realized why I was getting connections to www.007guard.com whenever I opened a web browser. It actually is quite simple really, that is why it was overlooked.
The hosts file is a file that maps out ip-addresses to hosts names in a computer. When a computer starts up, it loads the hosts file into memory first before it queries any DNS servers. So what had happened was that Spybot Search and Destroy and added the following entries into my hosts file in Windows 7:
# Start of entries inserted by Spybot – Search & Destroy
As you can see the first entry was “127.0.0.1 www.oo7guard.com”. This means that whenever a program tries to connect to www.007guard.com, they will be redirected to 127.0.0.1 which we all know to be “localhost” or your own comptuer. This will effectively block any connections to www.007guard.com.
Anyway, the problem turned out to be a missing entry in the hosts file:
Apparently what was happening is that whenever a connection to localhost was established, Windows first consulted with my hosts file which told it that 127.0.0.1 mapped to www.007guard.com. This resulted in the following netstat -f output:
The connections are actually legitimate and are nothing to worry about. To fix this issue, just add the following into you hosts file on the first line.
After adding that into your host file, netstat -f should look like this:
And that’s all too it! I am so glad that I finally fixed this annoying problem that was been plaguing me for a couple weeks. Looks like some patience and good research on google paid off! If you are interested in learning more about using the host file to block malware, I would go to http://www.mvps.org/winhelp2002/hosts.htm they have good information on the host file and a pre-made list of sites to block for you. Remember these techniques will work in every OS (windows, linux, mac) since they all use a host file!