Clear Your Hosts File to Help Prevent Web Page Redirection
SUMMARY: Help keep accesses to web sites being redirected unintentionally; clear your Hosts file.
Many spyware and adware programs try to redirect your web browsing to sites of their choosing. For example, instead of using your web browser to visit CNN, PayPal, eBay, Google, or Amazon, another site pops up, such as a shopping mall, search engine, portal, or other site you did not wish to visit.
One trick spyware programs use to do this is to modify your Hosts file. The Hosts file can have legitimate purposes. Normally, if you try to access a network resource whereby domain name services (DNS) doesn't work, a Hosts file translates a verbal address (such as "server2") to an IP address. However, this file can be abused so that accesses to cnn.com, ebay.com, and paypal.com, for example, end up going to other lesser-known or rogue websites.
This file can be cleaned, but it must be done very carefully. If you are on a computer network, ask your network administrator for help, as removing the wrong entry can deny you access to some resources.
To find your Hosts file, named "HOSTS":
* Access folder C:\WINDOWS\SYSTEM32\DRIVERS\ETC in Explorer.
* Access folder C:\WINNT\SYSTEM32\DRIVERS\ETC in Explorer.
* Access folder C:\WINDOWS in Explorer.
Open file "HOSTS" in Notepad. Before making changes, do a "Save As" and save a backup of this file as "HOSTS.BAK". Then reopen the HOSTS file.
Now, delete all entries in this file except for the following and any other entries you are sure have legitimate uses:
Resave the file.
1) Some spyware may detect the hosts file has changed and resave a malware version. You should still download and use anti-spyware software to help remove the underlying threats.
2) Some anti-spyware software packages, such as Spybot Search and Destroy, may put entries in the host file to block access to known spyware sites. Entries may look like the following:
You should NOT remove these entries as they help protect your system! However, if you see entries like so:
Where ???.???.???.??? is some set of four numbers, you should probably REMOVE this entry as spyware is trying to redirect your access from ebay.com to another website.
Return to the Spyware and Adware page.
blog comments powered by Disqus