This file is related to the use of SpyBot S&D. The HOSTS file
is a text file that maps an IP address to a name. It has no extension and can be viewed using notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a #
sign. In Windows XP, 127.0.0.1 localhost
is the universal IP address of all local computers and is the standard hostname given to the address of the loopback network interface which refers to the local computer only.
In Windows Vista and XP, the HOSTS file is located in this default location: C:\Windows\system32\drivers\etc\hosts.
Anything that appears in your HOSTS file without an # at the beginning, except from the "127.0.0.1 localhost
" line, should be viewed with suspicion. Although malware can be responsible for altering the HOSTS file in an attempt to redirect your browser, it does not do so without infecting other areas of your system.
To view the folder containing your Hosts file, go to Start > Run and type: %windir%\system32\drivers\etc\
The Hosts file has as no extension. The easiest way to access and view the contents is by using notepad.
- Double-click on the HOSTS file.
- A message will appear saying Windows can't open the file or Choose the program you want to open this file.
- Scroll down the list of programs until you see Notepad.
- Select it and click OK.
To view the Hosts file in Notepad automatically, go to Start > Run and type: notepad %windir%\system32\drivers\etc\hosts
If you were to look at yours you would see something like this.
# Start of entries inserted by Spybot - Search & Destroy
and the file ends as:
# This list is Copyright 2000-2008 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy
There are several legitimate security programs like SpySweeper
and Spybot S&D
which can add numerous entries to the HOSTS file. See Spybot Search & Destroy: HOSTS file viewer
. If you open the Hosts file as in the sample I provided, the note at the top will show all the entries were inserted by Spybot.
It appears this is a false detection by your Antivirus on parts of the hosts file immunization as threats. See this discussion thread
at Spybot It's a Trend Micro false detection).
Try removing Spybot's HOSTS list and see if you still get the detection. Launch Spybot S&D and go to Mode
> Advanced Mode
> Hosts file
Click the "Remove Spybot S&D hosts list
" button (at the top).