Hello, here's some info on the host's file and how to replace it. (I borrowed this from our quietman7,thanks)
The HOSTS file
is a text file that maps an IP address to a name. It has no extension and can be viewed using notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a #
sign. In Windows XP, 127.0.0.1 localhost
is the universal IP address of all local computers and is the standard hostname given to the address of the loopback network interface which refers to the local computer only.
The original purpose of HOSTS files was to map the proper address to a site's name but now its also used for blocking purposes. The loopback address
is used to stop web ads from displaying because 127.0.0.1 indicates home (the location of your computer) and whatever is redirected home will not leave the system. Anything that appears in your HOSTS file without an #
at the beginning, except from the "127.0.0.1 localhost" line, should be viewed with suspicion. In Windows Vista the IPv6
localhost is ::1 localhost
by default. To learn more about this, you can read Hosts File FAQS
and LMHosts and Hosts files
Since the Hosts file is often used and altered by malware, some security programs (like Spybot S&D) will lock the file's read-only attributes as protection so it cannot be changed without your knowledge unless you disable that feature. As such, you may receive an access is denied
Spybot Forums: Host file - Access is Denied
When you go into Spybot > Mode > Advanced Mode > Tools > Hosts File and do an "Add Spybot-S&D hosts list", Spybot..."lock" the HOSTS file by setting the attributes on the HOSTS file to read-only.
If you do not want the read-only attribute set on the HOSTS file after doing a "Add Spybot-S&D hosts list", go into Spybot > Mode > Advanced Mode > Tools > IE Tweaks. Under "Miscellaneous locks" uncheck the following: * Lock Hosts file read-only as protection against hijackers.
There are several legitimate security programs like SpySweeper, STOPzilla
, Spybot S&D
, etc which can add entries to the HOSTS file and that action may be detected as a change. If you use Spybot's immunization facility the "Global (Hosts)" profile adds entries to the HOSTS file. If you downloaded and used a custom HOSTS file or made edits that too would trigger a change detection. If you did not make any changes or do not have security programs with these features, then you need to investigate what the changes are
To view the folder containing your Hosts file, go to
, and in the Open box, type: %windir%\system32\drivers\etc\
The easiest way to access and view the contents is by using Notepad.
- Double-click on the HOSTS file.
- A message will appear saying Windows can't open the file or Choose the program you want to open this file.
- Scroll down the list of programs until you see Notepad.
- Select it and click OK.
To view the Hosts file in Notepad automatically, go to
, and in the Open box, type: notepad %windir%\system32\drivers\etc\hosts
After unlocking the Hosts file, you can can restore the file to its default as follows:
Please download HostsXpert - Hosts File Manager
-- If the Hosts file does not exist, you will be prompted to create a new one. Just press "Ok".
- Create a new folder on your hard drive called HostsXpert (C:\HostsXpert) and extract (unzip) the file there. (click here if you're not sure how to do this. Vista users refer to these instructions.)
- Open the folder and double-click HostsXpert.exe to run the program.
- Click "Restore MS Hosts File".
- Click OK at the confirmation box.
- Click "Make Read Only".
- Click the X to exit the program.
-- If you were using a custom Hosts file you will need to replace any of those entries yourself.
Note: Vista’a UAC blocks access to the HOSTS file since it’s a system file. To get around this you can either turn off UAC and edit it normally, or copy the HOSTS file to your desktop and edit the copy there. Then rename the copied file on your desktop to HOSTS and drag it into the etc folder. When asked if you want to overwrite the existing hosts file, click yes. See Updating the HOSTS file in Windows Vista
Did you run the MBAM scan?Rerun MBAM (MalwareBytes) like this:
Open MBAM in normal mode and click Update
tab, select Check for Updates
scan and scan (normal mode).
After scan click Remove Selected
, Post new scan log
into normal mode.