Is this stuff in my 'hosts' file supposed to be there?

Helping people with computers... one answer at a time.

The "hosts" file can be used for good or evil. Anti-malware programs may use it to block things, and malware may use it to block anti-malware.

In your article on the Sasser worm you mentioned that a person could check \windows\system32\drivers\etc\hosts and see what was posted in there. I have around a hundred entries. Almost all of which is Ad/Ware or SpyWare sites. I use several AdWare / SpyWare removers. Should this list of offenders be removed from the hosts file? Should I delete them and resave the cleaned hosts file?

•

The "hosts" file is a common target of spyware, because it's a way to force your computer to bypass DNS, and re-route web addresses, or block them entirely.

But it's also a useful tool for other purposes as well. So how to know what's what?

•

In this case, without seeing the entries, it's hard to say.

The good news, unless you actually did something to your hosts file yourself, chances are the only entries there are the result of spyware.

I would:

make a backup copy of the hosts file
delete all those entries out of the hosts file
see if you can get to an anti-spyware and an anti-virus tool, and run both immediately.

Article C2337 - April 21, 2005

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

Ask Leo! - Can I fake the DNS ip lookup to test my website?
Ask Leo! - Is there a way to block certain URL's in IE?
Ask Leo! - What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?

Post a comment on "Is this stuff in my 'hosts' file supposed to be there?":

Name: (Required - will be included when your comment is published.)

Email Address: (Required - will not be published.)

Remember Me? YesNo

Comments: (You may use HTML tags for style)

Before commenting, please...

READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.
Comment only on the article. Use the search box at the top of the page if you have a question about something else.
NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.
Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2012 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/is_this_stuff_in_my_hosts_file_supposed_to_be_there.html