Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

What Is The Hosts File?

A Library of tips, tricks, and informative articles - Fixes are for use under your own supervision and at your own risk.

What Is The Hosts File?

Unread postby Vino Rosso » July 30th, 2007, 4:11 pm

Hosts File Explanation

We humans tend to remember names more easily than numbers however the internet works on numbers (IP addresses). We find it easier to remember http://www.bbc.co.uk than 212.58.224.131 (just type those numbers into your browser's address window and see for yourself) so the internet needs something to translate our words http://www.bbc.co.uk into the numbers it understands 212.58.224.131. The thing that does this is a >Domain Name System< (DNS) server.

Before DNS servers existed out on the internet, however, the translation of words to numbers was achieved via a Hosts file which was downloaded and stored on the computer. The Hosts file can be found in the following locations:
  • Windows Vista - C:\WINDOWS\SYSTEM32\DRIVERS\ETC
  • Windows XP - C:\WINDOWS\SYSTEM32\DRIVERS\ETC
  • Windows 2K - C:\WINNT\SYSTEM32\DRIVERS\ETC
  • Win 98/ME - C:\WINDOWS

When an address was typed into the browser, the browser looked at the Hosts file and translated the words into an IP address. The Hosts file content would look like:
<IP address> <web site url>
<IP address> <web site url>
<IP address> <web site url>
<IP address> <web site url>
etc.

With the growth of the internet, it became obvious that the size of the Hosts file that every computer would have to download would become very large, perhaps impossible, so DNS servers were set up online. Browsers still check the Hosts file first, then the DNS servers (or the cache the computer has made), and this is why the Hosts file can be manipulated with great effect... for both good and bad purposes.

If we don't want the browser to go to a particular web site, we can re-direct the browser by adding an address to the Hosts file. For example, we could add:
212.58.224.131 http://www.cnn.com
This would cause the browser to translate http://www.cnn.com to 212.58.224.131 meaning, though CNN's web site was requested in the browser, the BBC's web site would actually appear.

Good
So how can we put this to good use. Well, if we know of 'bad' sites that we definitely wouldn't want to visit, we can add these to the Hosts file and redirect them to somewhere safe. A safe IP address is 127.0.0.1. This is a special address which translates to your own computer. So, if we were to add:
127.0.0.1 http://www.nastysite.com
to our computer's Hosts file and then tried to go to http://www.nastysite.com, we would simply receive a 'page not found' error because the page does not exist on your computer. It stands then that if we add all the nasty sites we can think of to our computer's Hosts file we won't end up browsing on to any nasty sites.

Bad
It's no surprise that the Hosts file can also be used against us. Malware can alter the Hosts file in the same way as described above. This time however we may find something like:
127.0.0.1 http://www.symantec.com
127.0.0.1 http://www.kaspersky.com
or basically any security web site that might help with getting rid of the problem. By doing this, the browser would not be able to reach any security web site listed, receiving a 'page not found' error. Similarly, Malware can also re-direct the browser to a web site its author wants you to visit. The malware could add something like:
111.222.333.444 http://www.yourfavoritesite.com
which would result in you getting the malware's web site at 111.222.333.444 instead of your favourite web site.

Prevention
The Hosts file can be made read only and monitored for changes, or attempted changes. Programs such as >WinPatrol< do this very well.

Cure
If your Hosts file becomes infected, it can be reset by using >HostsXpert<
  • Unzip/extract it to your Desktop
  • Double click on HostsXpert.exe to launch the program.
  • If you see red text in the box under Editing Tools:
    • Press the Make Hosts Writable? button
  • Press the Restore Microsoft's Hosts File button and OK
  • Click on Make Hosts Read Only to secure it against further infection.
  • Exit the programme.

Some Impacts Of Using A Modified Hosts File
There are some things to be aware of when using a modified Hosts file. Many advert servers are blocked by the Hosts file so you will find on some web pages that, instead of the advert being displayed, you'll see a box with an error such as 'page not found'. Also, many 'click-throughs' will return a 'page not found' error. This is because the 'click-through' is seen to be tracking your activities by the Hosts file. There are a few ways to get round this.
  1. If using a Hosts file manager, temporarily disable the Hosts file.
  2. Edit the 'click-through' element from url in your browser's address bar, or
    Clicking on a 'sponsored' link in Google may return a 'page not found' error. The url of the link may be http://www.google.co.uk/url?sa=L&ai=B{many_characters}=http://www.thesiteIwant.co.uk/index.php. By deleting the first part of the url to leave the last part http://www.thesiteIwant.co.uk/index.php and pressing Enter will bring the page you want to your browser, or
  3. Edit the Hosts file to stop the site being blocked.

In most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected. To resolve this issue:
  • Start > Run > type services.msc > OK
  • Scroll down to DNS Client > right-click and select Properties
  • Click the drop-down arrow for Startup type
  • Select Manual or Disabled (recommended)
  • Click Apply/OK and restart.

More Information and Further Reading
A more detailed explanation of the Hosts file, Hosts file managers, and a Hosts file download can be found >here<. The MVP Hosts file is one such file that can be used to replace the Hosts file on your computer and help you to avoid accidentally visiting known nasty web sites.

There is a very detailed resource for those wanting to spend more time reading up, or to have as a reference, here: http://www.bluetack.co.uk/forums/index. ... topic=8337
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)
Advertisement
Register to Remove

Unread postby ChrisRLG » July 30th, 2007, 6:48 pm

Thank you for that article.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Malware Removal Library - Tips, Tricks, and Information



Who is online

Users browsing this forum: No registered users and 2 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware