After installing BOClean last night, wish went smootly btw, this morning after turning on the pc, this happend :
Winsock damaged. Why? (The only thing I deed was testing BOClean with leaktest from grc.com)
Hosts file deleted. Why ? (This was a host file, with entry’s made by my self)
And every item in C:\Windows\Downloaded Program Files, damaged. Why ?
BOClean reported nothing, and the system consist of XP SP2 / fully patch. NOD32 , spywareblaster, and Spybot immunization.
At this time everything is rolling again, but witout boclean.
The third checkbox on the right is marked "Automatic cleanup of HOSTS file." By default this is also checked because once again, the majority of malware will write to the HOSTS file to block access to antivirus and antimalware updates and this file is also commonly used to redirect you from sites you intend to visit to rogue sites instead. Some people and some programs make use of the HOSTS file to block other sites however it is not possible to programmatically determine which sites are safe and which aren't and therefore in the event of malware detected by BOClean, we want to reset the HOSTS file to the Microsoft default of EMPTY in order to prevent reinfection. You should UNCHECK this item ONLY if you actually use a HOSTS file and are willing to check it manually yourself to ensure that all entries are what you intend. We recommend leaving this checked however.
The fourth checkbox is marked “Automatic cleanup of TEMP folder.” Windows uses a TEMP folder for each user as a temporary storage location for files until they can be copied to their final location. As a result, the TEMP folder should be empty except during installation of movement of data from one place to another. Some programs fail to empty out the TEMP folder when they’re finished copying data and this TEMP location is often used by malware to store a copy of malware so that it can be resurrected. It is strongly advised to allow BOClean to clean the TEMP folder when any malware is found and therefore this box should remain checked.
The fifth checkbox is marked “Automatic cleanup of ActiveX downloads.” The ActiveX cache or “downloaded program files” area in Windows is a storage location for programs downloaded from the internet to be used in conjunction with your browser. Unfortunately, it is also a location where malware will be stored so that any time you open your browser, the malware can download another copy and restore itself. When this box is checked, BOClean will clean the entire ActiveX cache and any programs stored here can be readily downloaded again with adequate warning such as online scanners and other “features” which require a program on your end for the web page to function. We recommend that this box remain checked as well.
The sixth checkbox is marked “Automatic cleanup of winsock connectivity.” This item is turned on by default as well. However, this checkbox controls a number of additional cleanups which reflect the latest tendencies to corrupt the winsock “Layered Service Provider” (or “LSP”) stack as well as the winsock itself. When certain malware inserts itself into the winsock stack and is subsequently removed, you lose all internet connectivity as a result of the “missing piece.” Leaving this checkbox checked will cause BOClean to examine the “winsock stack” and repair the sequence to prevent loss of connectivity. We strongly advise leaving this box checked.
You can certainly use SpywareBlaster to create an encrypted copy of the Hosts file in the SpywareBlaster directory. Always useful to have a backup in case it is hacked by malware (or deleted, be it by malware, by accident, or indeed by BOClean …)
See https://forums.comodo.com/index.php/topic,8170.0.html for my experiences with a corrupt winsock. And for the host file, i use a modified one and have a few self-added entries in there, but i always keep it read-only so when testing BOclean (with a really bad experience) my hosts file were still intact after that. So, make it read-only…
…)