by David Hakala
Q: I use Windows XP Home Edition. Via Secretmaker I keep on getting the message, “A HOSTS file change attempt has been watched on your computer, we advise you to reject it as normally no changes are necessary.” I thus click on reject and the message is removed, only for it to return some 3-4 minutes later. This has been going on for several days. Apart from clicking on accept, which I gather is not wise, or uninstalling Secret Maker, is there anything else I can do to prevent the message reappearing? — Victor
Yes, Victor: you can find out what is trying to change your HOSTS file and put an end to it. I highly recommend that you do so ASAP, because it’s probably meaning to do you harm.
Secretmaker is a multifaceted computer security and privacy protection utility. Here is a download location and the publisher’s description of Secretmaker:
All-in-One Secretmaker combines several tools: Security Watchdog, Intruder Blocker, Spam Fighter, Pop-up Blocker, Banner Blocker, Movie Blocker, Privacy Protector, History Cleaners, Worm Hunter, and Cookie Eraser. Security Watchdog recognizes malicious “mysteryware” and parasites that may assault your computer. Intruder Blocker can protect you from spyware, trackware, and viruses. Spam Fighter rates spam and works with any POP3 e-mail client, and the automated whitelist keeps preferred contacts up-to-date. Banner Blocker reduces advertising banners, and Movie Blocker blocks Flash ads. Pop-up Blocker stops unwanted pop-ups, and Privacy Protector hides your identity while you surf. Cookie Eraser circumvents profiling. History Cleaner clears needless files, logs, and tracks. Various whitelists allow user-specific optimizations.
It’s probably Security Watchdog or Intruder Blocker that is alerting Victor. Unfortunately, Secretmaker is not doing a good job of explaining the danger.
The HOSTS file is a plain text file found on every Windows computer. It contains information used to supplement or replace the Domain Name System (DNS). Like DNS, the HOSTS file maps domain names to IP addresses, enabling one’s Internet software to translate the domain name https://tiplet.com into the IP address 73.2.225.50 so the site can be found on the Internet.
Windows-based Internet software, such as a Web browser, looks first at the HOSTS file to translate a domain name into an IP address. This is faster than looking up the information online via the DNS. Suppose the HOSTS file contains an entry like this
127.0.0.1 www.tiplet.com
Your browser will look to the IP address 127.0.0.1 for Tiplet. It will find your own computer at that particular address and return no Web page. If you want to prevent access to any domain name, such as a porn site your child has been visiting, just edit the HOSTS file with Notepad so that domain name is translated into the IP address of your local computer, as in the example above. The HOSTS file’s default location is
%SystemRoot%\System32\drivers\etc\hosts
%SystemRoot% is the path to your WINDOWS folder, usually C:\WINDOWS.
Many types of malicious software sneakily alter the HOSTS file to redirect your browser to a site that may download a virus, a keylogger, or some other type of malware that you don’t want. That is what is happening to Victor, in all probability. Secretmaker is blocking the attempted change, but not telling Victor that his computer is infected with malware.
The solution is to run a thorough anti-malware scan using a program such as Avast! Antivirus, Adanced System Care, Spybot, etc. Victor may have to try several such programs before finding one that detects and eliminates the malware that is attempting to hijack his computer.
David Hakala has perpetrated technology tutorials since 1988 in addition to committing tech journalism, documentation, Web sites, marketing collateral, and profitable prose in general. His complete rap sheet can be seen at http://www.linkedin.com/in/dhakala