1

I've just opened my hosts file on a remote computer in our house and found it filled with random URL's to other websites. Is this normal? I don't think it is meant to be filled with all these links and make me worried that these sites have gained access to the file.

Any thoughts?

SixfootJames
  • 334
  • Why don't you post some of it in your question? Malware sometimes uses the hosts file to redirect popular sites to phishing sites made to look the same. – paradroid Sep 23 '12 at 14:13
  • Can you provide a few of the entries? If they're all pointing to 127.0.0.1 it may be something you've installed to help block known bad sites.... – Ƭᴇcʜιᴇ007 Sep 23 '12 at 14:14

1 Answers1

3

Depending on what sort of URIs are in there, it could be anything from an ad-block to a malicious spyware that's inserting them in there.

If it was done without your knowledge then it is most definitely not normal. The original hosts file in Windows will only contain the localhost entry.

There are also certain "keygens" and software cracks that will insert entries into the hosts file, typically to prevent target applications from reaching their software activation servers.

If the entries in there are pointing to anything other than the loopback interface at 127.0.0.1, then they are most likely malicious.

As noted by others, we won't know for sure unless you provide a sample of the entries.

Alan Ly
  • 46
  • Thanks everyone for the replies. I think it is malware. During the course of the year I install a lot of software and every year I clean everything off and start fresh so that the machine runs fast again. Any suggestions to good malware sofwtare? – SixfootJames Sep 24 '12 at 03:12
  • @SixfootJames: I think Spybot S&D would have stopped the problem you had. – paradroid Sep 24 '12 at 11:53