Nod32 SysInspector says my HOSTS is risky...

What do I do now? It lists my HOSTS as level 8:risky, and includes a list of countless sketchy bad looking sites, various spyware places.

It says the two localhost things are good, and everything else is bad. Why are all these other things even there? Can/should I just delete them all somehow?

Or are these sites that are blocked? Which would be good? I'm confused.

Thanks.

I'm using Windows Vista Home Premium 32bit by the way.

 

SysInspector only tells you what entries are suspicious. It does not mean that files flagged as suspicious are necessarily bad or malicious.

 

I can tell they're bad by looking at them though, they're a list to a bunch of spyware sites and the like.

My question here, since I've never done this before, should/could I just delete all these things from my hosts, aside from the localhost part which I need?

I mean, there's no reason to have any addresses to web sites in your hosts file, right?

I've been alerted to this, now I just want to "take action".


[edit:]Further research is showing that the listing of these sites could be to block those sites, which is good.

Here's a sample line from the HOSTS:

127.0.0.1 www.a-d-w-a-r-e.com

So, does this mean it's blocking that site, rather than allowing it? So I shouldn't delete it? How can you tell if a listing in the hosts file is for prohibiting a site, rather than helping it? Thanks

 

127.0.0.1 and " name " means it's blocking internet access to those listed.

sometimes spybot or other antimalware programs add their own entries here from a list of known malicious sites.

 

Ah, thanks, that's good.

Here's a question, I've heard about spyware hijacking your HOSTS file and adding harmful things to it.

What kind of line could be in a hosts file which can do you harm? What should I look out for?

Thanks.

 

Most Hosts files are super long so easily scanning is tedious. However, if malware has altered your Hosts, sometimes they will add entries that will prevent you from updating your Antivirus program, Eset for instance. If Eset is unreachable, give thought to your Hosts file.

127.0.0.1 www.eset.com sends you on a loopback to your PC's local host

 

if the sites in your HOSTS files are bad-looking sites, then they were probably added by a security program such as Spyware Blaster, so that your PC can't acccess those malicious sites.

Conversely if the sites in there are security sites etc. then they were probably added by a malicious program

 

great explanation !