Pinterest Stumbleupon Whatsapp
Ads by Google

The Windows Hosts file is used to map hostnames to IP addresses. But it’s often the case that it’s modified by malware, often with unfortunate consequences for the end user. Here, Kannon Yamada explains how you can regain control of your hosts file after a malware infection.

A Reader Asks:

Why can’t I modify or replace the Windows host file? I went through all the hoops required. I’ve tried: Opening the file using Windows Notepad, with elevated permissions; editing the security in the properties of the Hosts File; directly modifying the Hosts File; replacing the Hosts File with a  modified file and deleting the original Hosts File.

Whenever I try to edit the security settings of where the hosts file is located, I get an error that Notepad cannot save.

When I tried modifying the file, it says the file does not exist and then it deletes itself.

Please help!

Kannon’s Reply:

The Windows Hosts File offers users a tool of extraordinary power. This is a text file, commonly used to manually map hostnames to IP addresses, but it can be abused. In the wrong hands, it can block or even redirect users from one site to another. This gives it great capability as a tool for both good and evil.

As a tool for evil, it plays a role in spreading malware. Which is why some anti-malware software prevents users from modifying this file, even if they’ve acquired the correct permissions. If I had to take a wild stab at your problem, I’d say the problem extends from overzealous anti-malware or firewall software, or a malware infection.

The short answer: Disable your anti-malware or firewall software. Then edit the Hosts File with elevated permissions. Or run an anti-malware scan. Then edit the Hosts File with elevated permissions.

This article covers why malware attacks the Hosts File and the very short process for editing your Windows Hosts file. Be careful though, as an existing malware infection can result in further infection, including ransomware (how to beat ransomware Don't Pay Up - How To Beat Ransomware! Don't Pay Up - How To Beat Ransomware! Just imagine if someone showed up on your doorstep and said, "Hey, there's mice in your house that you didn't know about. Give us $100 and we'll get rid of them." This is the Ransomware... Read More ), keyloggers, and worse.

linux_no_malware

Ads by Google

Why Malware Attacks the Hosts File

You might wonder: Why would malware modify, or prevent access to, the Hosts File?

Consider this: What first step might a malware-infected user do after they become aware of an infection? They’re going to attempt to remove the malware, right?

If they never installed an anti-malware solution, they might search for anti-malware software. In this case, if the Hosts file blocks users from accessing anti-virus websites. If the Hosts file redirects users from the anti-virus site to a spoofed website, it’s possible to install additional malware, such as a keylogger (how to stop keyloggers Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More ).

If victims do possess anti-malware software, perverting the Hosts File prevents anti-malware software from updating its malware database, blunting accurate malware detection. Both kinds of attacks stymie effective malware protection.

First, we’re going to give you a quick refresher on how to fix your hosts file without a malware infection. Then, we’re going to talk about what to do if you’ve been infected, either by fixing the hosts file, or by resetting it to the factory settings.

Editing the Hosts File (Without a Malware Infection)

We’ve covered editing the Windows Host File 6 Surprising Uses for the Windows Hosts File 6 Surprising Uses for the Windows Hosts File The Windows Hosts file allows you to define which domain names (websites) are linked to which IP addresses. It takes precedence over your DNS servers, so your DNS servers may say facebook.com is linked to... Read More . Here’s a quick refresher: First, shut off your anti-malware software or firewall. Then proceed to edit the Hosts File. Editing the Hosts File just requires a text editor (all Windows systems pack in at least two kinds of text editors), although we recommend using Notepad++ (getting started with plug-ins for Notepad++ 3 Handy Built-In Notepad++ Features For Beginners [Windows] 3 Handy Built-In Notepad++ Features For Beginners [Windows] This summer, I’ve used Notepad++ for my internship quite a bit, so I can see why almost all developers and programmers I know actually prefer it, not to mention, the thousand of Notepad++ fans that... Read More ).

In Windows Search, type in Wordpad or Notepad then right-click on Wordpad/Notepad and select Run as Administrator from the context menu. This launches Wordpad/Notepad with administrative permissions.

windows hosts file elevated permissions

From within Wordpad, choose File then Open and choose hosts from the following directory:

C:\Windows\System32\drivers\etc\hosts

At this point you’ll need to launch your text-editing application with elevated permissions. This allows the program in question to modify sensitive operating system files. Without this very crucial step, attempts to modify the Hosts File will fail. To open with elevated permissions

This is what the Hosts File looks like, once opened:

hosts-file

Most users shouldn’t notice any kind of changes in this section. If you do notice anything (particularly any domain name) that’s not written near a # sign, Google it and see what shows up.

Editing the Hosts File With a Malware Infection

If you just want to weaken the grip of the malware, you’ll simply repeat the instructions from Editing the Windows Hosts File, with one key difference: You must start the computer in Safe Mode first (how to start Windows 8 How To Boot Into Safe Mode In Windows 8 How To Boot Into Safe Mode In Windows 8 In Safe Mode, you can troubleshoot and fix Windows issues. When you enter Safe Mode, Windows loads a minimal environment that ensures a stable system. Read More or Windows 10 in Safe Mode How to Boot Into Windows 10 Safe Mode How to Boot Into Windows 10 Safe Mode Safe Mode is an inbuilt troubleshooting feature that allows you to fix issues at the root, without non-essential applications interfering. You can access Safe Mode in various ways, even if Windows 10 no longer boots. Read More ). This prevents the malware from loading while you edit the file, which reduces its ability to interfere with your anti-malware efforts.

windows-8.1-use-safe-mode-to-fix-problems.png

However, if you’ve seen any of the indications of a malware infection 10 Steps To Take When You Discover Malware On Your Computer 10 Steps To Take When You Discover Malware On Your Computer We would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked... Read More , you’ll want to perform malware surgery immediately. For example, getting website redirects, pop-ups, and lots of blank pages oftentimes signals some kind of infection. The best way to scan for these kinds of infections revolves around restarting your computer in Safe Mode and initiating a malware scan. Here’s our malware removal guide The Complete Malware Removal Guide The Complete Malware Removal Guide This malware removal guide outlines not only how to remove malware from your computer but also how to clean up the mess that viruses and malware leave behind. Read More .

Because malware can do terrible things, like install keyloggers (or reroute you from legitimate sites to malware sites), we advise proactive and aggressive treatment. Please take care of the problem before using the computer for important work.

Resetting the Windows Hosts File

Once malware inflicts damage on the Hosts File, you’ll need to repair it after removing the malware infection. Fortunately, Microsoft makes a Fix It repair tool available which automatically refreshes the file to its factory-fresh state. Downloading the Fix It file and running the executable, will do the trick.

fixit example

Leave a Reply

Your email address will not be published. Required fields are marked *