Some infections will alter the Proxy settings
in Internet Explorer which can affect your ability to browse or download tools required for disinfection. If you are experiencing such a problem, check those settings. To do that, please refer to Steps 1-4
under the section Error 732 when trying to update Malwarebytes' Anti-Malware
in this guide
The HOSTS file
is a text file that maps an IP address to a name. It has no extension and can be viewed using notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a #
sign. In Windows XP, 127.0.0.1 localhost
is the universal IP address of all local computers and is the standard hostname given to the address of the loopback network interface which refers to the local computer only.
Anything that appears in your HOSTS file without an #
at the beginning, except from the "127.0.0.1 localhost" line, should be viewed with suspicion. If you see 127.0.0.1 next to the domain name of security related sites such as an antivirus vendor, then your HOSTS file has likely been altered by malware so that it blocks access to those sites. When redirecting to another site, malware will substitute an illegitimate IP address for the legitimate one.
Although malware can be responsible for altering the HOSTS file in an attempt to redirect your browser, it does not do so without infecting other areas of your system. There are several legitimate security programs like Spybot S&D
, etc which can add entries to the HOSTS file and that action may be detected as a change. If you use Spybot's immunization facility the "Global (Hosts)" profile adds entries to the HOSTS file. If you downloaded and used a custom HOSTS file or made edits that too would trigger a change detection. If you did not make any changes, use a custom HOSTS file or have a security programs with these features, then you need to investigate what the changes are
Anything that appears in your HOSTS file without an # at the beginning, except from the "127.0.0.1 localhost
" line, should be viewed with suspicion. Although malware can be responsible for altering the HOSTS file in an attempt to redirect your browser, it does not do so without infecting other areas of your system.
To view the folder containing your Hosts file, go to
, and in the Open box, type: %windir%\system32\drivers\etc\
The easiest way to access and view the contents is by using Notepad.
- Double-click on the HOSTS file.
- A message will appear saying Windows can't open the file or Choose the program you want to open this file.
- Scroll down the list of programs until you see Notepad.
- Select it and click OK.
To view the Hosts file in Notepad automatically, go to
, and in the Open box, type:notepad %windir%\system32\drivers\etc\hosts
Please download Malwarebytes Anti-Malware
(v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
- Make sure you are connected to the Internet.
- Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
- If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
- If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
- Click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
- Exit MBAM when done.