Frequently Asked Questions
How do I update the
HOSTS file in Windows Vista?
I'm using a Proxy from my ISP, but the HOSTS
file doesn't seem to work?
After using the HOSTS file my machine
seems slower? (2K/XP/Vista)
Why doesn't my Back Button return me to the
previous page?
How do I Edit the HOSTS file?
Why do I see an Action Cancelled message?
(IE 6)
Why do I see "Navigation to the webpage was cancelled" (IE 7/8)
How do I eliminate the Action Cancelled
Message? (IE) (Firefox users)
Why do I see the "unable to connect" message
(Firefox only)
How do I rename the HOSTS file?
How do I lock the HOSTS file to prevent other
users from changing it?
Can I use the HOSTS file if I'm running a
"Server"?
Are there any Utilities to monitor and protect
the HOSTS file?
How do I troubleshoot a problem with my
connection?
How do I contribute a listing for the HOSTS
file?
I'm not sure how to Extract (unzip) the
HOSTS file
Why do I get a Password Prompt when
unzipping the download?
How do I know all these entries are valid?
What are all these comments after the
entries?
For Issues with Downloading or Extracting
the HOSTS file
How do I know if the HOSTS file is working?
Why do I see the "HOSTS file too large" in
SpySweeper
Is Merging the MVPS HOSTS file with others
recommended?
Do other programs add entries to the HOSTS
file?
Why do I get a Google/Dell search page instead
of a blocked advertisement?
Why do I see "Access Denied when updating the
HOSTS file? (ZoneAlarm)
How do I Update or Edit the HOSTS file for
ZoneAlarm Pro or Security Suite users
Why can't I view the videos at
FoxNews (FoxSports) (CNET) or other news related sites?
Why do I get an error trying to Save a
webpage in Internet Explorer?
Why does Symantec (Norton 2007) detect a
possible malicious entry in the HOSTS file?
Tip for Norton 360 users -
Tip for Norton Security users
Why does Spyware Doctor detect "Possible
Website Hijack" in the HOSTS file
Why does Trend Micro Sysclean detect and remove
certain entries in the HOSTS file
How do I uninstall the MVPS HOSTS file?
Proxy and the Windows HOSTS file
If you are connected to the Internet using AOL, a custom dialer
provided by your ISP, through a Local Area Network (LAN) connection
or a remote proxy server these procedures (using a HOSTS file) may
not be effective. Programs such as AdSubtract or some "web
accelerators" may no longer work if
you overwrite the existing HOSTS file as these type programs add
entries to the HOSTS file, such as:
127.0.0.1 ie3.proxy.aol.com # Added by AdSubtract for AOL support."
127.0.0.1 AdSubtract # Added by AdSubtract for auto-dial.
Using a remote proxy server which basically does the DNS requesting
for you does prevent the HOSTS file from being considered. In other
words ...Your browser will route its request through your proxy
server before your machine looks up an entry in Hosts.
Possible Work-around: (If you are using a proxy server)
[return to FAQ]
In IE go to - Internet Options | Connections [tab] and choose your
connection.
Make sure the box called "bypass proxy server for local addresses"
is checked.
Example: click the LAN Settings button, select: Proxy Server
"Bypass proxy server for local addresses", click the Advanced
button.
Add: 127.0.0.1 click Ok, Ok
Editors Note: these type changes should only be made on a
"stand-alone" machine. If you are "Networked" you should check your
configuration prior to making any changes.
These type (proxy) problems may also occur if you changed ISPs and
the previous settings were not removed properly. Or if you have had
a previous "Spyware\Adware" problem, it may be possible that the
infection may have altered your system settings. You can determine
this by running HijackThis and see if the following entries exist.
(these are just a few examples)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = local
Note: always check with your current ISP before making any changes,
or you may lose your Internet Connection.
Strange behavior in
the Back Button
Sometimes when you click the Back button in IE6 to return to the previous
page it appears that nothing happens. What usually occurs is that
the HOSTS file has blocked one or more (<IFrame>) ad pages that are
embedded into the web page you are viewing.
 |
To verify this click the small drop-down arrow
on the Back button, do you see just an ad server listed? ...
well now you know ..... As you can see the first three links are
blocked ad servers, simply skip to the valid link. However there
are a few exceptions. In some cases the web page can contain a
script to prevent the user from returning to a previous page.
Martin Hawes sends along this tip: (IE6) |
| If you add the "ad servers" you see listed in
the Back Button drop-down, to the
Restricted Zone this will eliminate the Back button issue.
Editors Note: however if you are using Windows XP SP2,
you will be
prompted by the "Security Center" about a 3rd party
connection. Just click No and continue. |
 |
Vista IE7/8 users should not see any ad servers listed
in the drop-down list of the Back Button if your HOSTS file is
working properly. In the event you do see ad servers listed in
the Back Button ... Paul S. reports that
using Homer cured the problem ... |
Creating a HOSTS Editor
[return to FAQ]
To edit your HOSTS file you can create a custom Desktop or Quick
Launch shortcut.
Note: the below locations are for the default paths, edit as
needed. [screenshot (XP only)]
Right-click on the Desktop, select: New > Shortcut (and paste the
following)
Windows XP
Target: C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\etc\HOSTS
Start In: C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Or put a Notepad shortcut in your SendTo folder
Start | Run (type) sendto (click Ok)
File > New > Shortcut
In the command line, (highlight and paste the below)
C:\WINDOWS\NOTEPAD.EXE
(provided Windows is the default location)
Then simply right-click on the HOSTS file and select: SendTo >
Notepad (Screenshot)
Vista
You can use the same method above, however after creating your
Shortcut you will need to right-click the shortcut and select:
Properties, click Advanced and select: Run as Administrator, click
Apply/Ok.
Editing the HOSTS file
- You must maintain the proper format or else the entry will be
invalid.
- Entries are made invalid if they contain "http:" or an
ending "/" slash.
- IP addresses are invalid as HOSTS
file entries. (re: 127.0.0.1 123.456.78.9)
- In the event you need to rename the file, use the below
batch
file.
- If you wish to disable an entry place a "#" in front
of the line.
- Each host entry is limited to 255 characters.
Note:
HijackThis
can detect invalid entries or a "redirection" entry.
Why do I see an
Action Cancelled (IE 6) or
Navigation message?
(IE 7/8) [return
to FAQ]
The Action Cancelled message (IE 6) or "Navigation to the
webpage was canceled" (IE 7/8) is generated by Internet Explorer when entries
in the users HOSTS file are preventing access from one or more servers
designated in the web page. In most cases this occurs from 3rd party
ad servers such as "doubleclick", where the "Action
Cancelled" or "Navigation
canceled" message replaces an ad banner in a hidden frame within
the viewing page.
To determine if this is the case, right-click the Cancelled
message and select: Properties
Look at the entire "path",
(URL) you should see the listed entry. (screenshot)
In other cases the message ("page cannot be displayed") is displayed
when a user clicks a link in a page that routes them thru a tracking
service, or attempts to connect to a listed hijacker, parasite, etc.
and this URL is listed as an
entry in the HOSTS file. In the event you are unable to determine why
you can not access a certain page, you can
drop me a note and I'll try and determine the cause. Please
provide the full URL (website page) in question.
On some sites
these entries will also cause the "red X" (missing image).
[or]
When you open IE 7/8 - The File Download –
Security Warning dialog box also refers to the "navcancl" file
name
Can I
eliminate the Action Cancelled/Navigation Message?
There are several programs that will
replace the Action Cancelled message with a tiny image file.
(Firefox only) Daniel L sends
along this tip ... in the Address Bar (type)
about:config then scroll down to the following:
browser.xul.error_pages.enabled and set to False
Why do I see the "unable
to connect" message (Firefox only)
Wayne Haigh sends along this tip: The solution is to set the
following in about:config to false:
From the Address Bar (type) about:config (press Enter)
browser.xul.error_pages.enabled [More
Info] [Google
Search]
Safely Rename
the HOSTS file
In the event you can not access a site and you believe it may be due
to an entry in the HOSTS file.
Check the URL
first! It may be taking you to somewhere you don't want
to go!
Yes webmasters can fudge the URL displayed in the lower
left corner of your browser.
Example here shows a URL in the lower left corner but that is
not the real URL where
you will be taken to. When you are not sure - right-click the
link and select: Copy Shortcut - paste to Notepad. You can use the HOSTS
Editor to see if that server is listed. If it's listed, many times
you'll see a "comment" next to the entry.
Example: if you see "#[Adware.StopPopupAdsNow]"
copy the comment between the brackets and enter that term in Google
and you'll see why it's listed.
You can use a simple batch file to rename the HOSTS file
"on-the-fly". (98/ME/2K/XP/Vista)
Download: RenHosts.bat [right-click
and select: Save Target As]
Note: This was updated to add a color change to the status screen.
- Place RenHosts.bat in your Windows folder.
- Create a Desktop or Quick Launch shortcut to RenHosts.bat
Simply locate RenHosts.bat, right-click and SendTo > Desktop (create
shortcut) - You can also place a shortcut in your Favorites if needed.
- Note: if IE is open when you toggle (rename) the HOSTS file,
click Refresh (F5)
- To use: click (the shortcut) once to rename HOSTS to
NOHOSTS
Click again to rename NOHOSTS back to HOSTS
Note: you will see the above small on-screen message as to
the status.
- Another option would be to use
Hostswitch [screenshot]
(requires .NET be installed)
Locking the HOSTS
File [return to FAQ]
There are many of these hijackers that add their own entries to
your HOSTS file. This is commonly know as redirects, when this
occurs you are most likely infected from within.
Steve C sends along this tip:
ZoneAlarm Pro
includes an option (in the "Firewall" section, "Main" tab,
"Advanced" button) to "Lock host file", which seems to give
extremely effective protection to the HOSTS file.
Editors Note: "locking" the HOSTS file does not
prevent most applications from either deleting the file or editing
the contents. It does add a Layer of Protection, but it is not the
ultimate solution. In any case you should always have a
backup copy of the file handy in case of any unwanted changes.
Personal Web Servers
and HOSTS file
If you are running Microsoft's web server software (IIS), and you
are getting "Login" pop-up prompts while using a HOSTS file, the
solution is to use 0.0.0.0 instead of 127.0.0.1 for
all entries except for the first entry: 127.0.0.1
localhost
Alex Matulich sends along this tip: this applies to any web server
running on the same machine you're browsing from, not just
Microsoft's IIS.
Editors Note: you can use the "Replace" function in
Notepad (XP/Vista) to convert the entries, or HostsMan (see below)
has an option for converting the entries to "0.0.0.0". See
screenshot for using HostsMan
Kieran Jacobsen sends along this tip: When using your own web
server, I have actually made a HTML page with [Blocked by MVPS.org
host file]. My web server doesn't have any other services/pages on
port 80 so this is a great solution for me.
Gil sends along this tip: if you are using Firefox, and getting
the "Password Prompt"
- In the Address Bar (type) about:config (Hit Enter)
In the filter (type) ntlm
Double-click on network.automatic-ntlm-auth.trusted-uris
(type) localhost (Hit Enter)
Testing the HOSTS File [return to FAQ]
Test #1: Open a Command Prompt (XP): Start | Run (type) cmd
(click
Ok)
(type) ping coolwebsearch.com (press Enter) You should see
the following [screenshot]
Note: not all sites return a ping request (example) microsoft.com
returns a "Request timed out"
Test #2: paste ad.doubleclick.net into your browser, you should
see the following:
"The page cannot be displayed" (IE only)
Verifying HOSTS File Entries
The HOSTS file is verified prior to each new update. This
is accomplished by verifying that each entry returns a valid DNS
(similar to Nslookup) then these (dead) entries are either removed
or commented. These comments are entered as "#[server down?]",
in some cases the hosting server is down, thus returns no DNS. In
other cases the domain may have been suspended for abuse, or the
registered owner has let the domain expire. Domains that are expired
or down for extended periods are removed.
Comments in the HOSTS File
The comments are included in the shipped (downloaded) version to allow the
end-user to determine (if needed) why the entry exists. Over time
the amount of entries has grown to a point where it's too easy to
forget why they exist without them. This is also done for obvious legal reasons.
Although the comments do increase the over-all file size ... these
"comments" are not read into memory. If needed there is an
option in HostsMan to remove the "comments"
... however this will remove all the comments, including those that
separate the file into different categories. [screenshot]
Why do I see the
"HOSTS file too large" in SpySweeper
For whatever reason Webroot has decided that the end-user only
needs 500 entries in the HOSTS file. They have stated they are
working on the problem ... until then the work-around is to disable
Hosts File Shield.
Open Spy Sweeper and click Options. Click Shields and click Hosts
File. Uncheck Hosts File Shield
Is
Merging the MVPS HOSTS file with others
recommended?
Not really ... and for several reasons. The main reason is the
MVPS HOSTS file is verified prior to each update, in many cases
there are as many entries removed as there are added. If you simply
Merge the file with your existing file, these removed (dead) entries
are never removed and the file will continue to grow needlessly.
Another reason is how valid are these other HOSTS files? ... many
of which are just copies of someone else's work anyway, and are not
updated on a regular basis.
Do other
programs add entries to the HOSTS file? [return to FAQ]
Yes there are several legitimate programs that add entries to the
HOSTS file. This is why it's important to keep a backup of your
existing HOSTS file. When you update via the "mvps.bat" this will
rename your existing file. If needed you can open HOSTS.MVP and copy
and paste to the new existing HOSTS file any other needed entries.
- FireTrust Benign adds entries -
more info
JBF sends along this tip: I did some testing on a new machine
and let Firetrust just do the entries and they were all at the
bottom of your (HOSTS) file of course. I find that Firetrust B9
is a wee bit slower in getting to the entries when at the
bottom. When I moved them to the top of the file and right under
the "127.0.0.1" (localhost) and speed up was clearly noticed.
- AdSubtract - more info
- Some (older) versions of Norton Antivirus -
more info
Why do I get a
Google /Dell search page instead of a blocked ad?
It seems that Dell has added several new Google related programs
to their new machines. One of which causes a blocked advertisement
to return the user to a
Google/Dell search page.
The solution (provided by Jill C) is to
uninstall Google AFE (older versions) via Add Remove.
Newer versions of the pre-installed Google/Dell add-ons = uninstall
- Browser Address Error Redirector
Eric Osborne sends along this tip: If the above Google programs
are not listed in Add Remove ...
Go to - Internet Options | Programs | Manage Add-ons | disable
CBrowserHelperObject
Why do I see "Access Denied when updating
the HOSTS file? (ZoneAlarm)
There is a problem with certain versions of ZoneAlarm Firewall where the HOSTS file is "locked" even
though that option is unchecked in the options. To resolve this
problem:
1) ZoneAlarm Control Center > Firewall (left pane) > Main (tab in
the right pane)
2) Advanced (button at the bottom) > and find "Lock hosts file"
Check "Lock hosts file". Click OK.
3) Click Advanced (button at the bottom) Uncheck "Lock hosts file".
Click OK.
You should now be able to update the HOSTS file, however until ZA
resolves this problem, on the next Windows restart the file will be
locked again (even if that option is unchecked) ... hopefully ZA
will correct this shortly!
To Update or Edit the HOSTS file for ZoneAlarm Pro or Security
Suite users:
1) Program Panel -> Main -> Program Control -> Custom button -> OSFW
tab.
2) UNcheck the box for OSFW, (Operating System Firewall) then
reboot.
3) Make your changes (edit or update) to the HOSTS file.
4) Open ZAP/ZASS and re-enable OSFW and reboot
Why can't I view
the videos at FoxNews? (FoxSports)
or other related sites [return to FAQ]
Unfortunately Fox News and several other "Network sites"
(NBC, Sci-Fi) have decided to inject commercials into their "Free
videos" which are heavily laden with 3rd party ad servers and
trackers. You can see an example
commercial here which plays before whatever video you have
selected, to see just a partial list of the 3rd parties involved
click here. There are so many I couldn't get them all on one
screenshot ... but you get the idea.
The reason this occurs now is CNET was recently purchased by CBS
... and all they are interested in is tracking your movements
via all the 3rd party "data miners" that they run the video link
thru prior to you viewing it ... this included several 3rd party
Cookies.
You can view a screenshot
of all the "ad servers" (highlighted in red) that are running in the
background.
Workaround:
The only alternative is to rename the HOSTS file
... which you can do on-the-fly ...
Important! Just don't forget to enable it again after
watching the commercials with your video ...
Why do I get an
error trying to Save a webpage in Internet
Explorer?
The best explanation I can give you is ... when the browser tries
to "Save" the page ... it reads the HTML code on the page and NOT
what is actually loaded ... so when there are several items missing,
or blocked in this case, it can not complete the task and quits,
which generates the
Error Saving Web Page.
Workaround: rename the HOSTS file and
try again ... just don't forget to rename it back again ... also the
HOSTS file may not be the cause of the "Error Saving Web
Page", an entry in the (IE) Restricted Zone
will also cause this as that entry will prevent anything from being
downloaded from that site ... or it may be - Error message:
This Web page could not be saved
Tim H sends along this tip ... another way to save a webpage is
to install one of the free
PDF printer File creators then you simply choose File > Print
PDF and save as PDF
Why does Symantec
(Norton 2007) detect a possible malicious
entry in the HOSTS file?
"A malicious entry in your hosts files
could prevent LiveUpdate from retrieving updates for your Symantec
products, including anti-virus updates. Generally, Symantec
LiveUpdate server entries should not appear in your Windows hosts
files. Update has detected a potential security compromise on your
computer: one or more entries should not appear in your Windows
hosts files."
Lists the address 'om.symantec.com' as being in the
hosts file and ask what action to perform:
Click the drop-down arrow and select option #2 (highlighted in bold
below)
1.Leave the entry in the hosts file (warn me
about them later)
2.Leave the entry in the hosts file (do not warn me about them
later)
3.Remove the entry from the hosts file
(Recommended)
om.symantec.com is really an alias for symanteccom.112.2o7.net (Omniture
is a 3rd party data miner)
oms.symantec.com is really an alias for
symantec.com.102.112.2o7.net (from Norton SafeWeb)
These entries do not affect LiveUpdate. See screenshot
here - and for more
details a related
HOSTS News Blog entry
here
Both of these entries are running on Omniture's server and thus are
controlled by them, not Symantec.
David B sends along this tip for Norton
360 users ... seems the "Network Address Check"
feature scans the users HOSTS file and removes all entries ...
Yikes! To prevent this go to the "Undo & Exclude Advanced
Settings" screen and exclude the HOSTS file from scanning.
John W sent along additional info on Norton360 ... to exclude the
HOSTS file from being scanned:
Under Virus and Spyware Settings | File Exclusions:
"Which disks, folders, or files to exclude from risk scanning"
enter the location (generally) - \WINDOWS\system32\drivers\etc\HOSTS
Note: If the HOSTS file is removed by a scan, it can be
moved from the Undo List to the Exclusion List by selecting it then
clicking Restore Item to system. [screenshot]
Geoff B sends along this tip for Norton
Security users ... when you manually run the "Security
Inspector" it will scan your system and may prompt you with "IP
addresses had been re-directed" and when the user allows the
program to "fix" the perceived problem ... it will strip all the
entries from your HOSTS file. To prevent this you can uncheck the
option "IP addresses in the Hosts file" from Norton
Security/Security Inspector/Basic Scans/
Why does Spyware
Doctor detect "Possible Website Hijack" in the
HOSTS file
Why does Trend Micro Sysclean detect and
remove certain entries in the HOSTS file
Here is yet another false detection by an Antispyware product.
This is caused by the coders that have no clue ... the entries
detected [screenshot]
are all legit entries for the HOSTS file. You can either set these
detections to "Ignore" or disable the option for scanning the HOSTS
file.
Folks as I've said before ... anytime after running a scan of any
security related product and the only detection is one or more
entries in the HOSTS file, this is most likely a false-positive and
should be ignored, or excluded from future scans.
There is no known
infection that only affects the HOSTS file.
Related Utilities
- SpywareBlaster
can encrypt and create a backup of your HOSTS file.
- WinPatrol
will allow you to lock your HOSTS file and will monitor changes.
- ZoneAlarm Pro and Security Suite users have a "Lock Hosts"
file option.
However this requires special
instructions to edit or update the HOSTS file.
-
Hostswitch is a small utility that you can use to rename or
edit the HOSTS file, also displays the status.
(requires .NET be installed)
Various
Troubleshooting Articles
This site subscribes to the following:
