In your article on the Sasser worm you mentioned that a person could check \windows\system32\drivers\etc\hosts and see what was posted in there. I have around a hundred entries. Almost all of which is Ad/Ware or SpyWare sites. I use several AdWare / SpyWare removers. Should this list of offenders be removed from the hosts file? Should I delete them and resave the cleaned hosts file?
The “hosts” file is a common target of spyware, because it’s a way to force your computer to bypass DNS, and re-route web addresses, or block them entirely.
But it’s also a useful tool for other purposes as well. So how to know what’s what?
In this case, without seeing the entries, it’s hard to say.
The good news, unless you actually did something to your hosts file yourself, chances are the only entries there are the result of spyware.
I would:
- make a backup copy of the hosts file
- delete all those entries out of the hosts file
- see if you can get to an anti-spyware and an anti-virus tool, and run both immediately.