Helping people with computers... one answer at a time.

The "hosts" file can be used for good or evil. Anti-malware programs may use it to block things, and malware may use it to block anti-malware.

In your article on the Sasser worm you mentioned that a person could check \windows\system32\drivers\etc\hosts and see what was posted in there. I have around a hundred entries. Almost all of which is Ad/Ware or SpyWare sites. I use several AdWare / SpyWare removers. Should this list of offenders be removed from the hosts file? Should I delete them and resave the cleaned hosts file?

The "hosts" file is a common target of spyware, because it's a way to force your computer to bypass DNS, and re-route web addresses, or block them entirely.

But it's also a useful tool for other purposes as well. So how to know what's what?

In this case, without seeing the entries, it's hard to say.

The good news, unless you actually did something to your hosts file yourself, chances are the only entries there are the result of spyware.

I would:

  • make a backup copy of the hosts file
  • delete all those entries out of the hosts file
  • see if you can get to an anti-spyware and an anti-virus tool, and run both immediately.

Article C2337 - April 21, 2005

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Post a comment on "Is this stuff in my 'hosts' file supposed to be there?":





Remember Me?

(You may use HTML tags for style)

Before commenting, please...

  • READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.

  • Comment only on the article. Use the search box at the top of the page if you have a question about something else.

  • NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

  • Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.

  • Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...