- slide 1 of 3
Hosts File and HijackThis tool
TrendMicro provides free HijackThis diagnostic tool that advanced users can use to view system report. It’s not design to detect bad items or files in Windows but it can help in fixing infected computers. The tool has the ability to scan many areas in Windows including the content of Hosts file in Windows.
The hosts file is in Windows can be modified or replaced by end-user or another program. The file is used to block ads, or redirect the computer to another computer or network. HijackThis tool will scan for hosts file redirection and display the result in its scan window or log file.
- slide 2 of 3
Have You Gotten This Error Message?
If you received an error message using HijackThis that your system denied write access to the Hosts file. It means the HijackThis tool failed to check or scan the hosts file in Windows. The complete error message presented by HijackThis is as follows:
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may not be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\Windows\System32\drivers\etc\hosts and press enter. Find the line(s) HijackThis reports and delete them. Save the file as ‘hosts.’ (with quotes), and reboot.
For Vista: simply exit HijackThis, right-click on HijackThis icon, choose Run as Administrator.
The above warning and advice from HijackThis are correct. Windows 7 and Vista users should run a scan using HijackThis as administrator because the tool is not UAC-aware yet. You have to manually open HijackThis with administrative privileges or permission. This issue only applies to operating system that has UAC enabled. Users of XP computers should check whether the hosts file is indeed have been hijacked by spyware or malware. It is best to review the hosts file entries using notepad or Hosts file manager. Note that HijackThis includes Host file manager:
- Click the “Main menu" in HijackThis program
- Click “Misc Tools" button
- Click “Open hosts file manager" under System tools.
- Use the hosts file manager to delete entries or toggle the lines. You can also use it to open the hosts file in a notepad.
Note that if you receive an error message that the hosts file is locked and cannot be edited, simply run HijackThis as administrator. It’s also recommended to scanning the computer using up-to-date antivirus program.
- slide 3 of 3
Locked Hosts File
If none of the above scenario applies to the problem in using the Hosts file, you may have installed a program that blocks access to the Hosts file in Windows. There are programs that can lock the hosts file in Windows which is why HijackThis cannot write to the host file. Example of programs that can lock or block the hosts file is WinPatrol, Spybot – Search and Destroy, or ThreatFire by PC Tools.
Configure the particular program to allow access to the hosts file in Windows before scanning using HijackThis.