A Question from Bill
(I get) a small screen pop up saying "A change has been detected in your
Internet "Hosts" file. Entries in this file can redirect your browser to
alternate web sites. Would you like to examine? Yes? NO? Could you please
tell me what this is all about, and how to correct it? Thank you Bill
When you type in a domain, such as
www.thundercloud.net the browser contacts a central server on the web to
look up the real address (the name "Thundercloud.net" is called a domain
name but real address is a series of numbers, which in our case is
184.108.40.206. If you click
http://220.127.116.11/ it is the same as clicking
http://thundercloud.net/ . Think of the real address like a phone number
and the domain name as an easy way to "call" without remember a series of
numbers). The browser then uses the address to retrieve the page, and
display it. Every site on the web has a real IP address that users can find.
The central server(s) that look up the "real address" (i.e. the numbers) DNS
(Domain Name Services) server(s), and they have one simple function: To look
up a domain and return an IP address. There are also reverse DNS servers
which can do "reverse" lookups for an IP (numbered) address as well.
In Windows there is a miniature DNS called the "HOSTS" file, and this file
is checked first by your browser before it checks with the central DNS on
the web. This is meant to save time connecting to a distant server to look
up IP addresses and to provide advanced users with a means of blocking
certain site (like Doubleclick.com and hence all the advertisements it
serves). However it has become a burden rather than a benefit because it has
become a favorite target for viruses, spyware and browser hijackers. If your
"HOSTS" file contains a domain/IP address match then the browser never goes
to the web to look up the number and can "redirect" you to a site other than
the one you intended. For example, a browser hijacker can use the Hosts file
to redirect all search requests for Yahoo, Google, AltaVista, etc. to their
own search page by listing the domains, but pointing all to a single (the
hijacker's) IP address. For example if your default search engine is Google,
the spyware/hijacker program would write an entry in your "HOSTS" file to
read 18.104.22.168 google.com. In this example, when you typed in
www.google.com in your browser, you
would be redirected to www.yahoo.com .
The spyware/malware/hijacker developer of course would redirect all searches
through their own "search engine" and bedevil you with advertisements, not
to mention very skewed and possibly worthless search results.
Luckily the HOSTS file can be easily edited
using Notepad or any other text editor. You can also delete it completely if
you suspect you're browser is not going where you tell it to. The HOSTS file
is located in
C:\Windows\System32\Drivers\etc (on Windows XP). For other versions of
Windows you can do a search for HOSTS. Be careful you don't delete the wrong
file. Open the file with Notepad.
It should look like this.
The HOSTS file has NO extension. If you modify it, save it that way.
So, Bill, if you suspect your browser has been
hijacked, say "NO". If you're not sure say "NO". The HOSTS file was included
with Windows to speed up browsing but it never really did speed up anything
noticeably (if you're on a broadband connection). The dangers of it being
misused outweigh any benefits it has. I don't see any circumstances under
which you would ever say "Yes" unless your anti-spyware program was trying
to correct the entries. If this is the case then say "Yes". Or else delete
the HOSTS file all together. (We have deleted our HOSTS files). For more
information about the HOSTS file, what it does, how you can use it to your
benefit, and other detailed information,
Make our new Start page - Your new Start page!
Help Support Our Site!
the start button
Move up to InfoAve
Premium Edition - We hope you will join the thousands who have already made the
switch. Our InfoAve Premium Newsletter
contains almost three times more information than Information Avenue free edition, and no
third party advertisements! Upgrade to InfoAve Premium right now! An InfoAve Premium Newsletter
Subscription is only $11.95 per year, that's 52 great issues of news, tips, tricks, and
features you can really use. Subscribe
today, and save 50% on our new super Premium
All content is copyright ©2005
Cloudeight Internet LLC
The above advertisements are provided by Google. Content of these
ads is the responsibilty of Google, Inc.