"Offering free computer help, hints, and tips to the Internet populace." Now with over 3,820 tips!

Spyware and Adware

Clear Your Hosts File to Help Prevent Web Page Redirection

SUMMARY: Help keep accesses to web sites being redirected unintentionally; clear your Hosts file.

Many spyware and adware programs try to redirect your web browsing to sites of their choosing. For example, instead of using your web browser to visit CNN, PayPal, eBay, Google, or Amazon, another site pops up, such as a shopping mall, search engine, portal, or other site you did not wish to visit.

One trick spyware programs use to do this is to modify your Hosts file. The Hosts file can have legitimate purposes. Normally, if you try to access a network resource whereby domain name services (DNS) doesn't work, a Hosts file translates a verbal address (such as "server2") to an IP address. However, this file can be abused so that accesses to cnn.com, ebay.com, and paypal.com, for example, end up going to other lesser-known or rogue websites.

This file can be cleaned, but it must be done very carefully. If you are on a computer network, ask your network administrator for help, as removing the wrong entry can deny you access to some resources.

To find your Hosts file, named "HOSTS":

Windows XP:

* Access folder C:\WINDOWS\SYSTEM32\DRIVERS\ETC in Explorer.

Windows 2000:

* Access folder C:\WINNT\SYSTEM32\DRIVERS\ETC in Explorer.

Windows 95/98:

* Access folder C:\WINDOWS in Explorer.

Open file "HOSTS" in Notepad. Before making changes, do a "Save As" and save a backup of this file as "HOSTS.BAK". Then reopen the HOSTS file.

Now, delete all entries in this file except for the following and any other entries you are sure have legitimate uses:

127.0.0.1 localhost

Resave the file.

NOTES:

1) Some spyware may detect the hosts file has changed and resave a malware version. You should still download and use anti-spyware software to help remove the underlying threats.

2) Some anti-spyware software packages, such as Spybot Search and Destroy, may put entries in the host file to block access to known spyware sites. Entries may look like the following:

127.0.0.1 coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 cool-homepage.com

You should NOT remove these entries as they help protect your system! However, if you see entries like so:

???.???.???.??? ebay.com

Where ???.???.???.??? is some set of four numbers, you should probably REMOVE this entry as spyware is trying to redirect your access from ebay.com to another website.

Return to the Spyware and Adware page.

Print this tip


Get the Newsletter

blog comments powered by Disqus

Thanks For Sharing!



Newest Tips:

Mozilla Firefox - Plugins and Extensions
Grab a Word Count and Readability Score of Selected Text
Internet Explorer 11
Place Sites Directly in the Start Menu for Easy Access
Windows 8
Tweak the Explorer Navigation Pane
Windows 8
Stop Rearranging My Windows!

Follow Us!

About MalekTips and the Author

The MalekTips website was created in 1998 by Andrew Malek of Envision Programming. The page's goal is to freely disperse computer-related tips, hints, and informative articles. Tips are organized to be easy to find, and are presented clearly, in easy-to-understand language. MalekTips also provides information and links to public-domain, open source, freeware, shareware, and commercial software available for download.