header



Welcome to the Micro Center Tech Support Blog!
Find free technical support on a variety of products featured at Micro Center and plenty of how-tos on new technology. Start searching our Blog below or search our Tech Center archives »

Can't find what your looking for? Take advantage of our Tech Support services »

Join the MC Tech Support Community Forum: Get direct advice from the Knowledge Experts @ Micro Center.
Click here to access the Forum »

Search This Blog

Tuesday, June 11, 2013

Tech Tip: How to clean out the Windows Hosts file if malware has tampered with it

Viruses attack computers not just by posting pop-up ads for phony software. They also cripple the computer's basic functions so that the virus is difficult to get rid of. One of the chief objectives of viruses is to prevent internet browsers from going to web sites chosen by the user. There are several ways that viruses steer a browser away from its intended destination. Sometimes they install a Proxy Server into the web browser (See Part 3 in this series, "How to clear the Proxy Server setting"). At other times a virus will insert unwanted IP addresses into the network settings (See Part 4 in this series, "How to reset Static IP addresses to dynamic IP addresses"). A third way that viruses hijack internet connections is rarer, but it does happen. If previous attempts at solving the problem do not work, it is worth investigating a Windows feature called the Hosts file.

The WindowsHosts file serves to map user-friendly and familiar web site addresses (such as Google) to the actual IP addresses that are behind such names (such as 216.239.51.99). The Hosts file is sometimes used by network administrators for managing fixed networks. Unfortunately, it is also a target for viruses that want to hijack a computer's internet connectivity. Fortunately, however, if the Hosts file has been attacked and unwanted material written into it, the file can be manually cleaned.

The Hosts file is located deep in the Windows folder. It is not easy to find, but following these steps will help you locate it, inspect it and-if necessary-clean it up.

First, you need to open up the Windows text editor called Notepad. (For Windows Vista, 7 and 8, this needs to be launched with administrator privileges.) Depending on which version of Windows you have, this is done differently:

1) In Windows XP:

  • Click on the Start button
  • Click the Run button in the menu
  • Type notepad in the box, hit the Enter key

2) In Windows Vista:

  • Click on the Start button
  • Type notepad in the search box
  • Right-click the Notepad program in the list
  • Click Run as administrator in the drop-down menu
  • Click Yes to allow the program to make changes (if this option appears on the screen)

3) In Windows Vista:

  • Click on the Start button
  • Type notepad in the search box
  • Right-click the Notepad program in the list
  • Click Run as administrator in the drop-down menu
  • Click Yes to allow the program to make changes (if this option appears on the screen)

4) In Windows 8:

  • Open the Charms menu and click on the Search Charm
  • Type “notepad” in the Apps search window
  • Right-click the program Notepad that appears in the results in the upper left corner
  • In the taskbar that opens at the bottom of the screen, click Run as administrator
  • Click Yes to allow the program to make changes (if this option appears on the screen)

When notepad is opened up, you will see a new window for the Notepad text editor that looks like this:

notepad 

notepad

With the Notepad application open click on File in the menu bar, then click on Open in the drop-down menu (as indicated by the red arrow, above).

To locate the Hosts file, start with a double-click on the C drive in the left panel, then the Windows folder, the System32 folder, the drivers folder, and finally the etc folder. Once the etc folder is open, click on Text documents (*.txt) and drop down to the next option which is All files (*.*). If you are in the correct folder, you will see a list of 3 to 5 files in the window, as shown below. Now, double-click the Hosts file (circled) to open it up in the text editor.

All files

The example below is of an actual hijacked Hosts file. All the lines of text that are preceded by the # sign are legitimate (comments). All the others were inserted by a virus to steer users in various countries to the unintended IP address of 74.50.127.5 (the web site designed by the virus author) instead of Google.

hijacked host file

To remove the intruding instructions in the host file is simply a matter of deleting the lines that are not wanted. Using Notepad, move the cursor to the area (as highlighted, above) and delete those lines, leaving the original lines in the Hosts file.

A clean Hosts file will look something like this:
clean Hosts file

When finished editing, simply save the file, reboot the computer, and try to use your browser normally. Hopefully, the experience of being steered away from desired web sites will be gone, and you will be able to browse freely.

For more assistance contact Technical Support here.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.