Exterminate It! Antimalware


Known threats:700,085 Last Update:March 01, 12:55


Dear Matt and Exterminate it,

Thank you so much. This seems to have fixed the problem. Wow. That virus was in there pretty deep. A*G didn't even identify it. S****t would just freeze up when I tried to run it. But the update from Exterminate It, removed it.

Again, thanks.

Kind Regards,
Rev. Mel C. Montgomery

Brother Mel

File: hosts

Location of hosts and Associated Malware

Check whether hosts is present in the following locations:

hosts file locations that are Windows version independent:

  • C:\Windows\hosts
  • C:\Windows\System32\drivers\etc\hosts
  • C:\Windows\nsdb\hosts
  • C:\Windows\WINDOWS\hosts
  • C:\Program Files\SpyKiller\hosts

Windows 2000, Windows XP, Windows Server 2003 specific hosts file locations:

  • C:\Documents And Settings\USER_NAME\Application Data\Thinstall\Spyware Doctor 5.5\%SystemSystem%\drivers\etc\hosts
  • C:\Documents And Settings\USER_NAME\Application Data\WinPatrol\HOSTS

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific hosts file locations:

  • C:\Users\USER_NAME\AppData\Roaming\Thinstall\Spyware Doctor 5.5\%SystemSystem%\drivers\etc\hosts
  • C:\Users\USER_NAME\AppData\Roaming\WinPatrol\HOSTS

If you find hosts file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The hosts file is associated with malware only if found in the locations listed above.


Different Variations of hosts File^

File SizeFile Md5Last Seen
4102D06AB51DEBDD5CACA0BDC8928804402EJun 28, 2012
64ED453CDE6D53DDD99B230503490F96E9Dec 31, 2009
116181D6DE110C4F1A2BB9617E820474A9A1Dec 8, 2010
45254032D7168176FE9C23B9F30ABC0A87B817Jan 4, 2017
45335270AE84DF21CA4DF669D88839EEF03347Feb 15, 2017
45223696AA5A1BB07CF5627E6A395EFB8A26FEMar 19, 2017
4535245ECF1FD65618938771FE80F1CA95B182Apr 13, 2017
1817E77EE5DBF6EB96EFBFD11CEEA44C953BApr 18, 2017
4536327080A38ABD8F88A03FAF64239C3BAC3AMay 7, 2017
449885B17EBB439E872486F69AA1C1EF06B3DBMay 21, 2017
449947FDD05CBE9AB2CE46199ED36FF5EC7D50Jun 23, 2017

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove hosts^

  1. To enable deleting the hosts file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select hosts and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of hosts and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of hosts and Associated Malware.
  6. Notes:

    • The deletion of hosts will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of hosts will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a hosts malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type hosts. The name of the first found registry value referencing hosts is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to hosts, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of hosts and Associated Malware.