Helping people with computers... one answer at a time.

The "hosts" file can be used for good or evil. Anti-malware programs may use it to block things, and malware may use it to block anti-malware.

In your article on the Sasser worm you mentioned that a person could check \windows\system32\drivers\etc\hosts and see what was posted in there. I have around a hundred entries. Almost all of which is Ad/Ware or SpyWare sites. I use several AdWare / SpyWare removers. Should this list of offenders be removed from the hosts file? Should I delete them and resave the cleaned hosts file?

The "hosts" file is a common target of spyware, because it's a way to force your computer to bypass DNS, and re-route web addresses, or block them entirely.

But it's also a useful tool for other purposes as well. So how to know what's what?

In this case, without seeing the entries, it's hard to say.

The good news, unless you actually did something to your hosts file yourself, chances are the only entries there are the result of spyware.

I would:

  • make a backup copy of the hosts file
  • delete all those entries out of the hosts file
  • see if you can get to an anti-spyware and an anti-virus tool, and run both immediately.

Article C2337 - April 21, 2005 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.