can the hosts file be changed to, or amended by, another file? IOW can there be a file named xyz that essentially replaces the hosts file, or adds entries to it?
Possibly by a registry key or configuration setting? Of course it could by altering library fxns, but by other "simpler" means?
I ask this with the interest/intent of thoroughly checking systems that have been recovered from an malware infection.