Host File considered a virus?


  1. Posts : 9
    Windows 7 Home Premium
       #1

    Host File considered a virus?


    I scanned my computer with smadav antivirus and it found a virus it says that C:\\system32\drivers\etc\hosts is a virus.

    Is it really? Should I delete it or leave it alone?
      My Computer


  2. Posts : 92
    Windows 8
       #2

    First, this thread shouldn't be in the Drivers section, but more probably in Security.

    The host file is definitely not a virus. It is shipped with every windows by default, and is a simple text file that you can open with your usual editor like notepad.

    But... It is possible that malicious programs modified it.
    Check this link : Edit the HOSTS File in Windows 8
    It provides an example of a normal host file in the first picture. If your host file looks different, feel free to erase the additional lines.

    You can also download and execute the Microsoft Fixit that will automatically reset your host file back to the default one : http://go.microsoft.com/?linkid=9668866
    Or follow these instructions to manually reset it : http://support2.microsoft.com/kb/972034

    If your Host file was modified my malware, I'd advise you to rescan your whole system with a reputable anti-virus and anti-malware. I've never heard of smadav, and it sounds suspicious especially if what it warned of was a scare tactic. Here are some notable software that I think are probably better :
    Malwarebytes Anti-Malware
    AVG AntiVirus FREE 2015
    Microsoft Security Essentials
    Avira Free Antivirus
    You should only have one Anti-Virus running in real-time protection, so uninstall all others before choosing the one you think best. But you can install Malwarebytes at the same time though, it shouldn't conflict with anything.

    The host file allows Windows to redirect hostnames (domains or subdomains, ex: google.com or support.google.com) to IP adresses.

    This can be very useful when you want to block some hostnames, some kind of low level ad blocker.
    But it can also be modified by malicious programs to redirect valid and legit adresses to something completely different, or more often to block security/official sites that may allow the user to get rid of malware : like Anti-Virus sites or even Microsoft Update.
    Last edited by oneeyed; 11 Oct 2014 at 18:33.
      My Computer


  3. Posts : 9
    Windows 7 Home Premium
    Thread Starter
       #3

    oneeyed said:
    First, this thread shouldn't be in the Drivers section, but more probably in Security.

    The host file is definitely not a virus. It is shipped with every windows by default, and is a simple text file that you can open with your usual editor like notepad.

    But... It is possible that malicious programs modified it.
    Check this link : Edit the HOSTS File in Windows 8
    It provides an example of a normal host file in the first picture. If your host file looks different, feel free to erase the additional lines.

    You can also download and execute the Microsoft Fixit that will automatically reset your host file back to the default one : http://go.microsoft.com/?linkid=9668866
    Or follow these instructions to manually reset it : How can I reset the Hosts file back to the default?

    If your Host file was modified my malware, I'd advise you to rescan your whole system with a reputable anti-virus and anti-malware. I've never heard of smadav, and it sounds suspicious especially if what it warned of was a scare tactic. Here are some notable software that I think are probably better :
    Malwarebytes Anti-Malware
    AVG AntiVirus FREE 2015
    Microsoft Security Essentials
    Avira Free Antivirus
    You should only have one Anti-Virus running in real-time protection, so uninstall all others before choosing the one you think best. But you can install Malwarebytes at the same time though, it shouldn't conflict with anything.

    The host file allows Windows to redirect IP adresses in the form (IPV4) 102.36.43.001 for example to a fully qualified hostname like http :// www .example.com
    This can be very useful when you want to block some IP adresses, some kind of low level ad blocker.
    But it can also be modified by malicious programs to redirect valid and legit adresses to something completely different, or more often to block security/official sites that may allow the user to get rid of malware : like Anti-Virus sites or even Microsoft Update.
    Sorry about the wrong section thing. I was confused about where to post it...

    Also, smadav is an antivirus that is widely used in my country. Though I think I'd rather just switch to Mbam. Andd Fix it did the trick! :) Thanks!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:00.
Find Us