Is this stuff in my 'hosts' file supposed to be there?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Summary: The "hosts" file can be used for good or evil. Anti-malware programs may use it to block things, and malware may use it to block anti-malware.

In your article on the Sasser worm you mentioned that a person could check \windows\system32\drivers\etc\hosts and see what was posted in there. I have around a hundred entries. Almost all of which is Ad/Ware or SpyWare sites. I use several AdWare / SpyWare removers. Should this list of offenders be removed from the hosts file? Should I delete them and resave the cleaned hosts file?

•

The "hosts" file is a common target of spyware, because it's a way to force your computer to bypass DNS, and re-route web addresses, or block them entirely.

But it's also a useful tool for other purposes as well. So how to know what's what?

•

In this case, without seeing the entries, it's hard to say.

The good news, unless you actually did something to your hosts file yourself, chances are the only entries there are the result of spyware.

I would:

make a backup copy of the hosts file
delete all those entries out of the hosts file
see if you can get to an anti-spyware and an anti-virus tool, and run both immediately.

Related:

Ask Leo! - Can I fake the DNS ip lookup to test my website?
Ask Leo! - Is there a way to block certain URL's in IE?
Ask Leo! - What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?

Article C2337 - April 21, 2005

Was this article helpful? «Yes» «No»

Post a comment on "Is this stuff in my 'hosts' file supposed to be there?":

Name: (Required) Email Address: (Required) (Email Address will not be published.) Remember Me? YesNo	By popular demand... my tip jar Buy Leo a Latte!
Comments: (you may use HTML tags for style)	Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!

http://ask-leo.com/is_this_stuff_in_my_hosts_file_supposed_to_be_there.html

Copyright © 2003-2010 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure