Summary: The "hosts" file can be used for good or evil. Anti-malware programs may use it to block things, and malware may use it to block anti-malware.
In your article on the Sasser worm you mentioned that a person could check \windows\system32\drivers\etc\hosts and see what was posted in there. I have around a hundred entries. Almost all of which is Ad/Ware or SpyWare sites. I use several AdWare / SpyWare removers. Should this list of offenders be removed from the hosts file? Should I delete them and resave the cleaned hosts file?
The "hosts" file is a common target of spyware, because it's a way to force your computer to bypass DNS, and re-route web addresses, or block them entirely.
But it's also a useful tool for other purposes as well. So how to know what's what?
•
In this case, without seeing the entries, it's hard to say.
The good news, unless you actually did something to your hosts file yourself, chances are the only entries there are the result of spyware.
I would:
Related:
Ask Leo! - Is there a way to block certain URL's in IE?
Ask Leo! - What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?
Article C2337 - April 21, 2005