Internet, Networking, & Security Antivirus Protecting the HOSTS File with Spybot Search & Destroy by Mary Landesman Writer Mary Landesman is a former freelance contributor to Lifewire and a security expert. She was named as one of the women to watch in IT security. our editorial process LinkedIn Mary Landesman Updated on March 09, 2020 Antivirus Browsers Cloud Services Error Messages Family Tech Home Networking 5G Antivirus VPN Web Development Around the Web View More Tweet Share Email Fortunately, there are steps you can take to prevent unwanted modifications to the HOSTS file. Spybot Search & Destroy includes several free utilities that will not only block changes to the HOSTS file, but can also protect the Registry from unauthorized changes, enumerate startup items for quick analysis, and block known bad or alert on unknown ActiveX controls. What is the HOSTS file? T. Wilcox The HOSTS file is the virtual equivalent of the phone company's directory assistance. Where directory assistance matches a person's name to a phone number, the HOSTS file maps domain names to IP addresses. Entries in the HOSTS file override DNS entries maintained by the ISP. By default 'localhost' (i.e. the local computer) is mapped to 127.0.0.1, known as the loopback address. Any other entries pointing to this 127.0.0.1 loopback address will result in a 'page not found' error. Conversely, entries can cause a domain address to be redirected to a completely different site, by pointing to an IP address that belongs to a different domain. For example, if an entry for google.com pointed to an IP address belonging to yahoo.com, any attempt to access www.google.com would result in a redirect to www.yahoo.com. Malware authors are increasingly using the HOSTS file to block access to antivirus and security websites. Adware may also impact the HOSTS file, redirecting access to gain affiliate page view credit or to point to a booby-trapped website that downloads further hostile code. Spybot Search and Destroy: Advanced Mode Spybot If you do not already have a copy of Spybot Search and Destroy, this free (for personal use) spyware scanner can be downloaded from http://www.safer-networking.org. After downloading and installing Spybot, continue with the steps below. Open Spybot Search & DestroyClick ModeClick Advanced Mode.Note: You will receive an alert warning that the advanced mode of Spybot contains more options, some of which can do harm if used improperly. If you do not feel comfortable, do not continue with this tutorial.Click Yes to continue on to Advanced Mode. Spybot Search and Destroy: Tools Spybot Now that Advanced Mode has been enabled, look on the bottom left side of the Spybot interface and you should see three new options: Settings, Tools, Info & License. If you do not see these three options listed, go back to the previous step and re-enable Advanced Mode. Click the Tools optionA screen similar to the following should appear: Spybot Search and Destroy: HOSTS file viewer Spybot Advanced Mode Spybot Search & Destroy makes it simple for even the most novice user to guard against unauthorized HOSTS file changes. However, if the HOSTS file has already been tampered with, this lockdown could prevent other protection from reversing the unwanted entries. Thus, before locking down the HOSTS file, first make sure there are no unintended entries currently present. To do so: Locate the HOSTS file icon in the Spybot Tools window.Select the HOSTS file icon by clicking it once.A screen similar to the one below should appear.Note: The localhost entry pointing to 127.0.0.1 is legitimate. If there are any other entries shown that you do not recognize or did not authorize, you will need to correct the HOSTS file before continuing with this tutorial.Assuming no suspicious entries were found, proceed to the next step in this tutorial. Spybot Search and Destroy: IE Tweaks Spybot Now that you've determined the HOSTS file contains only authorized entries, it's time to let Spybot lock it down to prevent any unwanted changes. Select the IE Tweaks optionIn the resulting window (see sample screenshot below), select Lock Hosts file read-only as protection against hijackers. That's it as far as locking the HOSTS file goes. However, Spybot can also provide some valuable prevention with just a few more tweaks. Be sure to check out the next two steps for using Spybot to lockdown the system Registry and manage your startup items. Spybot Search and Destroy: TeaTimer and SDHelper Spybot Spybot's TeaTimer and SDHelper tools can be used alongside existing antivirus and antispyware solutions. From the left side of the Advanced Mode | Tools window, select ResidentUnder Resident Protection Status select both options:Resident "SDHelper" [Internet Explorer bad download blocker] activeResident "TeaTimer" [Protection of overall system settings] activeSpybot will now guard against unauthorized modifications to pertinent Registry and startup vectors, as well as prevent unknown ActiveX controls from being installed. Spybot Search & Destroy will prompt for user input (i.e. Allow/Disallow) when unknown modifications are attempted. Spybot Search and Destroy: System Startup Spybot Spybot Search and Destroy can allow you to easily see what items are loading when Windows is started. From the left side of the Advanced Mode | Tools window, select System StartupYou should now see a screen similar to the sample shown below, that lists startup items specific to your PC.To prevent unwanted items from loading, remove the checkmark next to the corresponding entry in Spybot's list. Use caution and only remove those items you are certain are not necessary for the normal operation of the PC and desired programs.