Windows Defender picks up something weird

I just downloaded the new windows defender, and I ran the scan, and this file came up during the scan. Windows called it a possible hosts file hijack, and said that this was the file:

C:\WINDOWS\system32\drivers\etc\hosts

It says that this program has "potentially unwanted" behavior. What does that even mean? Its security risk is a 1, but a host file hijack sounds pretty severe. Am I even actually infected? I don't get it. This also isn't coming up on other scans done with by other programs.

However, when I opened it using notepad, there is a long list of names of ad websites. Does this mean that this file was being used to block other bad websites, and because it was used to do this, it was changed and therefore came up during windows defenders search?

 

Try the below and see if it comes back in WD.

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

 

Won't that change it back? My suspicions are that spysweeper has changed the hosts file to block spyware sites, seeing as the sites listed in the host file are ad sites. If I use Hoster, won't that not allow me to confirm my suspicions, because it'll just remove everything? Also, spysweeper has something called a hosts file shield. This strongly makes me suspect that Spysweeper is the one that changed the hosts file, and that it isn't really a problem, and is actually a good thing. However, since I don't really know that much about computers, I will wait for a reply.

 

Spy Sweeper adds entries to your HOSTS file, it's how it protects you. Personally I do not use this feature, I disable it and use the default HOSTS file. If you have SS installed you will need to disable this protection feature, run HOSTER as requested and things will be fine.

 

Thank you for all your help. I am not trying to seem ungrateful, but I'm more trying to figure out if I have actually been hacked, or it is just spysweeper like I think it is. I don't really need to fix the problem right away, I more want to know how it happened. But really, thank you very much.

Edit: I also looked at my hosts file using spysweeper, and it does not have anything next to it with an exclamation point, which would show a possibly hijacked address, so I think I am okay.

 

Yeah, it's most likely Spy Sweeper that has added the entries. I have seen this in many cases. I just posted that because I thought you wanted it fixed. It's not a threat, just letting you know something has modified the HOSTS file.