Content

Redirected HOSTS

Type
Program
SubType
Discovery Date
12/22/2004
Length
Varies
Minimum DAT
4416 (12/22/2004)
Updated DAT
6310 (04/08/2011)
Minimum Engine
5.1.00
Description Added
12/22/2004
Description Modified
12/22/2004 8:54 AM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

This detection covers a system change made by potentially unwanted programs.  It does not identify files as being infected with a virus or trojan. 

The redirected HOSTS detection covers Windows hosts files that have been modified to redirect traffic to various search engines.

When a network resource is accessed via domain name (such as www.mcafee.com), Windows attempts to resolve that domain name to an IP address (such as 192.168.88.88).  This is typically done by querying a domain name server, to request the IP address for that domain name.  However, before the name server is contacted, Windows checks a local HOSTS file to see if that domain name is "mapped" to a specific IP address.  Typically that hosts file is located in the following directory:

  • C:\WINDOWS\SYSTEM32\DRIVERS\ETC

It is common for Adware application to add entries to the local hosts file for the purpose of redirecting web browsers to a different server.  In this case, an attempt to access a popular search engine may result in being directed to a less popular search engine, yielding different search results and different advertising content being displayed.

Other programs may also modify the HOSTS file to prevent access to certain websites.

Symptoms

Attempting to navigate to a search engine website and being directed to a different site may be an indication that the HOSTS file has been modified.

Method of Infection

N/A  This is not a virus or trojan.

Variants

Variants

    N/A

All Information

Overview -

This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.

Characteristics

Characteristics -

This detection covers a system change made by potentially unwanted programs.  It does not identify files as being infected with a virus or trojan. 

The redirected HOSTS detection covers Windows hosts files that have been modified to redirect traffic to various search engines.

When a network resource is accessed via domain name (such as www.mcafee.com), Windows attempts to resolve that domain name to an IP address (such as 192.168.88.88).  This is typically done by querying a domain name server, to request the IP address for that domain name.  However, before the name server is contacted, Windows checks a local HOSTS file to see if that domain name is "mapped" to a specific IP address.  Typically that hosts file is located in the following directory:

  • C:\WINDOWS\SYSTEM32\DRIVERS\ETC

It is common for Adware application to add entries to the local hosts file for the purpose of redirecting web browsers to a different server.  In this case, an attempt to access a popular search engine may result in being directed to a less popular search engine, yielding different search results and different advertising content being displayed.

Other programs may also modify the HOSTS file to prevent access to certain websites.

Symptoms

Symptoms -

Attempting to navigate to a search engine website and being directed to a different site may be an indication that the HOSTS file has been modified.

Method of Infection

Method of Infection -

N/A  This is not a virus or trojan.

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

    N/A