Spyware and Adware

Clear Your Hosts File to Help Prevent Web Page Redirection

SUMMARY: Help keep accesses to web sites being redirected unintentionally; clear your Hosts file.

Many spyware and adware programs try to redirect your web browsing to sites of their choosing. For example, instead of using your web browser to visit CNN, PayPal, eBay, Google, or Amazon, another site pops up, such as a shopping mall, search engine, portal, or other site you did not wish to visit.

One trick spyware programs use to do this is to modify your Hosts file. The Hosts file can have legitimate purposes. Normally, if you try to access a network resource whereby domain name services (DNS) doesn't work, a Hosts file translates a verbal address (such as "server2") to an IP address. However, this file can be abused so that accesses to cnn.com, ebay.com, and paypal.com, for example, end up going to other lesser-known or rogue websites.

This file can be cleaned, but it must be done very carefully. If you are on a computer network, ask your network administrator for help, as removing the wrong entry can deny you access to some resources.

To find your Hosts file, named "HOSTS":

Windows XP:

* Access folder C:\WINDOWS\SYSTEM32\DRIVERS\ETC in Explorer.

Windows 2000:

* Access folder C:\WINNT\SYSTEM32\DRIVERS\ETC in Explorer.

Windows 95/98:

* Access folder C:\WINDOWS in Explorer.

Open file "HOSTS" in Notepad. Before making changes, do a "Save As" and save a backup of this file as "HOSTS.BAK". Then reopen the HOSTS file.

Now, delete all entries in this file except for the following and any other entries you are sure have legitimate uses: localhost

Resave the file.


1) Some spyware may detect the hosts file has changed and resave a malware version. You should still download and use anti-spyware software to help remove the underlying threats.

2) Some anti-spyware software packages, such as Spybot Search and Destroy, may put entries in the host file to block access to known spyware sites. Entries may look like the following: coolwwwsearch.com coolwebsearch.com cool-homepage.com

You should NOT remove these entries as they help protect your system! However, if you see entries like so:

???.???.???.??? ebay.com

Where ???.???.???.??? is some set of four numbers, you should probably REMOVE this entry as spyware is trying to redirect your access from ebay.com to another website.

Return to the Spyware and Adware page.

Thanks For Sharing!



Newest Tips

Cell Phone
[MODIFIED] Six Battery Conservation Tips
Google Search Engine
What is My IP Address?
Mozilla Firefox - Misc
Missing the Title Bar? Menu Bar?
Windows 8
Bring Back the Mouse Pointer Drop Shadow

Follow/Contact Us!


About MalekTips and the Author

The MalekTips website was created in 1998 by of Envision Programming. The page's goal is to freely disperse computer-related tips, hints, and informative articles. Tips are organized to be easy to find, and are presented clearly, in easy-to-understand language.