Frequently Asked Questions
How do I update
the MVPS HOSTS file in Windows 8
How do I update the MVPS HOSTS file in
How do I update the MVPS HOSTS file in
I'm using a Proxy from my ISP, but the HOSTS
file doesn't seem to work?
After using the HOSTS file my machine
Why doesn't my Back Button return me to the
How do I Edit the HOSTS file?
Why do I see an Action Cancelled message?
Why do I see "Navigation to the webpage was cancelled" (IE 8/9/10)
How do I eliminate the Action Cancelled
Message? (IE) (Firefox users)
Why do I see the "unable to connect" message
How do I rename the HOSTS file?
How do I lock the HOSTS file to prevent other
users from changing it?
Can I use the HOSTS file if I'm running a
Are there any Utilities to monitor and protect
the HOSTS file?
How do I troubleshoot a problem with my
How do I contribute a listing for the HOSTS
I'm not sure how to Extract (unzip) the
Why do I get a Password Prompt when
unzipping the download?
How do I know all these entries are valid?
What are all these comments after the
For Issues with Downloading or Extracting
the HOSTS file
How do I know if the HOSTS file is working?
Why do I see the "HOSTS file too large" in
Is Merging the MVPS HOSTS file with others
Do other programs add entries to the HOSTS
Why do I get a Google/Dell search page instead
of a blocked advertisement?
Why do I see "Access Denied when updating the
HOSTS file? (ZoneAlarm)
How do I Update or Edit the HOSTS file for
ZoneAlarm Pro or Security Suite users
Why can't I view the videos at
my favorite sites?
Why do I get an error trying to Save a
webpage in Internet Explorer?
Why does Symantec detect a
possible malicious entry in the HOSTS file?
Tip for Norton 360 users -
Tip for Norton Security users
Why does Spyware Doctor detect "Possible
Website Hijack" in the HOSTS file
Why does Trend Micro Sysclean detect and remove
certain entries in the HOSTS file
Proxy and the Windows HOSTS file
If you are connected to the Internet using AOL, a custom dialer
provided by your ISP, through a Local Area Network (LAN) connection
or a remote proxy server these procedures (using a HOSTS file) may
not be effective. Programs such as some "web accelerators" may no
longer work if you overwrite the existing HOSTS file as these type
programs add entries to the HOSTS file.
Using a remote proxy server which basically does the DNS requesting
for you does prevent the HOSTS file from being considered. In other
words ...Your browser will route its request through your proxy
server before your machine looks up an entry in Hosts.
Possible Work-around: (If you are using a proxy server)
[return to FAQ]
In IE go to - Internet Options | Connections [tab] and choose your
Make sure the box called "bypass proxy server for local addresses"
Example: click the LAN Settings button, select: Proxy Server
"Bypass proxy server for local addresses", click the Advanced
Add: 127.0.0.1 click Ok, Ok
Editors Note: these type changes should only be made on a
"stand-alone" machine. If you are "Networked" you should check your
configuration prior to making any changes.
These type (proxy) problems may also occur if you changed ISPs and
the previous settings were not removed properly. Or if you have had
a previous "Spyware/Adware" problem, it may be possible that the
infection may have altered your system settings. You can determine
this by running
HijackThis and see if the following entries exist.
(these are just a few examples)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = local
Note: always check with your current ISP before making any changes,
or you may lose your Internet Connection.
Strange behavior in
the Internet Explorer Back Button
Sometimes when you click the Back button in Internet Explorer to return to the previous
page it appears that nothing happens. What usually occurs is that
the HOSTS file has blocked one or more (<IFrame>) ad pages that are
embedded into the web page you are viewing. These "IFrame" are
actually a separate connection, thus the browser reads it as a
visited page ...
Martin Hawes sends along this tip:
|To verify this click the small drop-down arrow
on the Back button, do you see just an ad server listed? ...
well now you know ..... As you can see the first three links are
blocked ad servers, simply skip to the valid link. However there
are a few exceptions. In some cases the web page can contain a
script to prevent the user from returning to a previous page.
If you add the "ad servers" you see listed in
the Back Button drop-down, to the
this should eliminate the Back button issue.
Editors Note: however if you are using Windows XP SP2,
you will be
prompted by the "Security Center" about a 3rd party
Just click No and continue.
||IE8/9/10 In the event you do see ad servers listed in
the Back Button ... check the following settings:
Options > Security tab, highlight the Internet icon,
click the Custom level button
Scroll down to the below options and set to Disable ... click
- Launching programs and files in a IFrame = reset
to Disable ...
This is the single most exploited
setting in Internet Explorer!
There are no legitimate sites that I know of that use this
- Websites in less privileged web content can navigate into
this zone = Disable
Then add the "ad server" you see listed in the drop-down menu
to the Restricted Sites. The key
here being once you add an entry to the Restricted Sites, they
are considered "Websites with less privileges" and cannot
navigate (create a separate connection) in the "Internet Zone".
Not only does this eliminate the entry
in the drop-down list ... it also removes the "Navigation to the
webpage was canceled" message you see on some web sites that
uses the "IFrame". Paul S. reports that
using Homer cured the problem ...
Creating a HOSTS Editor
[return to FAQ]
To edit your HOSTS file you can create a custom Desktop or Quick
Note: the below locations are for the default paths, edit as
needed. [screenshot (XP only)]
Right-click on the Desktop, select: New > Shortcut (and paste the
Start In: C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Or put a Notepad shortcut in your SendTo folder
Start | Run (type) sendto (click Ok)
File > New > Shortcut
In the command line, (highlight and paste the below)
(provided Windows is the default location)
Then simply right-click on the HOSTS file and select: SendTo >
You can use the same method above, (screenshot) however after creating your
Shortcut you will need to right-click the shortcut and select:
Properties, click Advanced and select: Run as Administrator, click
Or you can simply use Notepad to edit the HOSTS file (requires
cannot modify the Hosts file or the Lmhosts file in Windows Vista
and Windows 7
Start > Search > (type) notepad.exe
Win8 users - Charms
Bar > Search > (type) notepad ... select Notepad in left pane
Once located, right-click and select: "Run as Administrator"
You can easily locate the correct folder location:
Start > Run (type) %systemroot%\system32\drivers\etc
Win8 users - Charms Bar > Search > (type) Run (type or copy and
This will open the desired folder, then right-click on HOSTS (no
3-letter file extension)
Select: Open and select: Notepad ... if you are unable to "see" the
HOSTS file you may need to enable "Hidden Files"
- Open Windows Explorer Tools > Folder Options > View
Or Organize > Folder and search settings > View tab
Win8 Users > File Explorer > View > Options > Change Folder
Options > View
- Scroll down to the Hidden Files and Folders section
- Select: "Show hidden files and folders"
- Uncheck: "Hide file extensions for known file types"
- Uncheck: " Hide protected operating system files" Ok
the Prompt, click Apply, Ok
Editors Note: general users should reverse the above when
not in need as this exposes all system files, including several on
the Desktop (desktop.ini) which you do not want to mess with ...
Editing the MVPS HOSTS file
- You must maintain the proper format or else the entry will be
- Entries are made invalid if they contain "http:" or an
ending "/" slash.
- IP addresses are invalid as HOSTS
file entries. (re: 127.0.0.1 123.456.78.9)
- In the event you need to rename the file, use the below
- If you wish to disable an entry place a "#" in front
of the line.
- Each host entry is limited to 255 characters.
Important! When editing the HOSTS file remember to File >
- Do not File > Save As
- Do not "associate" the HOSTS file with Notepad, this
occurs when you select the option to "Always Open" the HOSTS
file in Notepad. This will convert the HOSTS (no 3-letter
extension) file to a "text file"
In the event you need to edit the HOSTS file (Win7/8) and are unable
(system message) it may be due to the "permissions" preventing you
from editing the file.
- Right click the Hosts file
- Click Properties
- Click the Security tab
- Highlight your user account in the list
- Press the Edit button
- Select (place a check in) Full control
Press OK in the various dialogue boxes to confirm the changes.
You can also
Add "Take Ownership" to Context Menu (recommended)
Tip: if you add Notepad to your SendTo menu, then you can
View/edit the HOSTS file that way.
- Start > Run (type) shell:sendto (press Ok)
users - Charms Bar > Search (type) run and select: Run (left pane
- and type) shell:sendto (press Ok)
- File > New > Shortcut then click Browse and navigate to the
Windows folder, highlight "notepad.exe"
- Name your shortcut: Notepad and Ok
The actual HOSTS location for all Windows versions is defined in the following Registry key:
can detect invalid entries or a "redirection" entry.
Why do I see an
Action Cancelled or
(IE 8/9/10) [return
The Action Cancelled message or "Navigation to the
webpage was canceled" is usually generated by Internet Explorer when entries
in the users HOSTS file are preventing access from one or more servers
designated in the web page. In most cases this occurs from 3rd party
ad servers such as "doubleclick", where the "Action
Cancelled" or "Navigation
canceled" message replaces an ad banner or advertisement in a hidden frame within
the viewing page.
To determine if this is the case, right-click the Cancelled/Navigation
message and select: Properties
Look at the entire "path",
(URL) you should see the listed entry. (screenshot)
In other cases the message ("page cannot be displayed") is displayed
when a user clicks a link in a page that routes them thru a tracking
service, or attempts to connect to a listed hijacker, parasite, etc.
and this URL is listed as an
entry in the HOSTS file. In the event you are unable to determine why
you can not access a certain page, you can
drop me a note and I'll try and determine the cause. Please
provide the full URL (website page) in question.
On some sites
these entries will also cause the "red X" (missing image).
When you open IE 8/9/10 - The File Download –
Security Warning dialog box also refers to the "navcancl" file
eliminate the Action Cancelled/Navigation Message?
If you add the ad server noted in the message to the
Restricted Sites ... then the message
will be replaced by a blank white space.
There are several programs that will
replace the Action Cancelled/Navigation message with a tiny image file.
(Firefox only) Daniel L sends
along this tip ... in the Address Bar (type)
about:config then scroll down to the following:
browser.xul.error_pages.enabled and set to False
Why do I see the "unable
to connect" message (Firefox only)
Wayne Haigh sends along this tip: The solution is to set the
following in about:config to false:
From the Address Bar (type) about:config (press Enter)
the HOSTS file
In the event you can not access a site or a certain feature/function, and you believe it may be due
to an entry in the HOSTS file.
Check the URL
first! It may be taking you to somewhere you don't want
Yes webmasters can fudge the URL displayed in the lower
left corner of your browser.
Example here shows a URL in the lower left corner but that is
not the real URL where
you will be taken to. When you are not sure - right-click the
link and select: Copy Shortcut - paste to Notepad. You can use the HOSTS
Editor to see if that server is listed. If it's listed, many times
you'll see a "comment" next to the entry.
Example: if you see "#[Adware.StopPopupAdsNow]"
copy the comment between the brackets and enter that term in Google
and you'll see why it's listed.
You can use Hostsman to enable/disable
the HOSTS file on the fly [screenshot]
Note: be sure to right-click the Hostsman
shortcut, select: Properties > click Advanced and select: Run as
Click Ok, Apply and exit ... otherwise Hostsman
will not be able to Enable/Disable the HOSTS file.
Or you can use a simple batch file to rename the HOSTS file
Note: Win8/7 users right-click RenHosts.bat and select: Run as
Download: RenHosts.bat [right-click
and select: Save Target As]
- Place RenHosts.bat in your Windows folder.
- Create a Desktop or Quick Launch shortcut to RenHosts.bat
Simply locate RenHosts.bat, right-click and SendTo > Desktop (create
Win8/7: right-click the Desktop/Quick Launch shortcut and
Click Advanced and select: Run as Administrator
- Note: if IE is open when you toggle (rename) the HOSTS file,
click Refresh (F5)
- To use: click (the shortcut) once to rename HOSTS to
Click again to rename NOHOSTS back to HOSTS
Note: you will see the above small on-screen message as to
- Another option would be to use
(requires .NET be installed)
Locking the HOSTS
File [return to FAQ]
There are many of these hijackers that add their own entries to
your HOSTS file. This is commonly know as redirects, when this
occurs you are most likely infected from within.
Steve C sends along this tip:
includes an option (in the "Firewall" section, "Main" tab,
"Advanced" button) to "Lock host file", which seems to give
extremely effective protection to the HOSTS file.
Editors Note: "locking" the HOSTS file does not
prevent most applications from either deleting the file or editing
the contents. It does add a Layer of Protection, but it is not the
ultimate solution. In any case you should always have a
backup copy of the file handy in case of any unwanted changes.
Personal Web Servers
and HOSTS file
If you are running web server software and you
are getting "Login" pop-up prompts while using the MVPS HOSTS file, the
solution is to use 0.0.0.0 instead of 127.0.0.1 for
all entries except for the first entry: 127.0.0.1
Editors Note: you can use the "Replace" function in
Notepad to convert the entries, or HostsMan (see below)
has an option for converting the entries to "0.0.0.0". See
screenshot for using HostsMan.
Myth: there is no known documentation that proves a
different prefix is faster than "127.0.0.1" ... yes "0.0.0.0" is a
valid alternative for users that are running a Web Server. Over the
years some people try to prove that (example - 255.255.255.255) one
prefix if faster ... but they fail to see the big picture ... most
major security products have the ability to scan the HOSTS file and
they accept the prefix "127.0.0.1". What happens when one of these
products has a fit when it encounters an unknown prefix? It's safer
to stay with the "industry standard" of 127.0.0.1
I've tested "0.0.0.0" vs. "127.0.0.1" and see no noticeable
difference when viewing various websites ... don't believe the
hype that (example) "255.255.255.255" is a null address and
therefore faster ... this is simply not true, as you can
see here that is an assigned address.
Kieran Jacobsen sends along this tip: When using your own web
server, I have actually made a HTML page with [Blocked by MVPS.org
host file]. My web server doesn't have any other services/pages on
port 80 so this is a great solution for me.
Gil sends along this tip: if you are using Firefox, and getting
the "Password Prompt"
- In the Address Bar (type) about:config (Hit Enter)
In the filter (type) ntlm
Double-click on network.automatic-ntlm-auth.trusted-uris
(type) localhost (Hit Enter)
Testing the HOSTS File [return to FAQ]
Test #1: Open a Command Prompt (XP): Start | Run (type) cmd
Start > All Programs > Accessories > Command Prompt
Win8 users - Charms Bar > Search > (type) Command Prompt ... select
Command Prompt (left pane)
(type) ping doubleclick.net (press Enter) You should see
the following [screenshot]
Note: not all sites return a ping request (example) microsoft.com
returns a "Request timed out"
Test #2: paste ad.doubleclick.net into your browser, you should
see the following:
"The page cannot be displayed" (IE only)
Verifying HOSTS File Entries
The HOSTS file entries are verified prior to each new update. This
is accomplished by ensuring that each entry returns a valid DNS
(similar to Nslookup) then these (dead) entries are either removed
or commented. These comments are entered as "#[server down?]",
in some cases the hosting server is down, thus returns no DNS. In
other cases the domain may have been suspended for abuse, or the
registered owner has let the domain expire. Domains that are expired,
or down for extended periods are removed.
Comments in the HOSTS File
The comments are included in the shipped (downloaded) version to allow the
end-user to determine (if needed) why the entry exists. Over time
the amount of entries has grown to a point where it's too easy to
forget why they exist without them. This is also done for obvious legal reasons.
Although the comments do increase the over-all file size ... these
"comments" are not read into memory. If needed there is an
option in HostsMan to remove the "comments"
... however this will remove all the comments, including those that
separate the file into different categories. [screenshot]
Why do I see the
"HOSTS file too large" in SpySweeper
For whatever reason Webroot has decided that the end-user only
needs 500 entries in the HOSTS file. They have stated they are
working on the problem ... until then the work-around is to disable
Hosts File Shield.
Open Spy Sweeper and click Options. Click Shields and click Hosts
File. Uncheck Hosts File Shield
Merging the MVPS HOSTS file with others
Not really ... and for several reasons. The main reason is the
MVPS HOSTS file is verified prior to each update, in many cases
there are as many entries removed as there are added. If you simply
Merge the file with your existing file, these removed (dead) entries
are never removed and the file will continue to grow needlessly.
Another reason is how valid are these other HOSTS files? ... many
of which are just copies of someone else's work anyway, and are not
updated on a regular basis.
Editors Note: I do not provide support for issues arising
from the MVPS HOSTS file being modified. This includes Merging with
other hosts files, or 3rd party programs that alter the file.
programs add entries to the HOSTS file? [return to FAQ]
Yes there are several legitimate programs that add entries to the
HOSTS file. This is why it's important to keep a backup of your
existing HOSTS file. When you update via the "mvps.bat" this will
rename your existing file. If needed you can open HOSTS.MVP and copy
and paste to the new existing HOSTS file any other needed entries.
- FireTrust Benign adds entries -
JBF sends along this tip: I did some testing on a new machine
and let Firetrust just do the entries and they were all at the
bottom of your (HOSTS) file of course. I find that Firetrust B9
is a wee bit slower in getting to the entries when at the
bottom. When I moved them to the top of the file and right under
the "127.0.0.1" (localhost) and speed up was clearly noticed.
Why do I get a
Google /Dell search page instead of a blocked ad?
It seems that Dell has added several new Google related programs
to their new machines. One of which causes a blocked advertisement
to return the user to a
Google/Dell search page.
The solution (provided by Jill C) is to
uninstall Google AFE (older versions) via Add Remove.
Newer versions of the pre-installed Google/Dell add-ons = uninstall
- Browser Address Error Redirector
Eric Osborne sends along this tip: If the above Google programs
are not listed in Add Remove ...
Go to - Internet Options | Programs | Manage Add-ons | disable
Why do I see "Access Denied when updating
the HOSTS file? (ZoneAlarm)
There is a problem with certain versions of ZoneAlarm Firewall where the HOSTS file is "locked" even
though that option is unchecked in the options. To resolve this
1) ZoneAlarm Control Center > Firewall (left pane) > Main (tab in
the right pane)
2) Advanced (button at the bottom) > and find "Lock hosts file"
Check "Lock hosts file". Click OK.
3) Click Advanced (button at the bottom) Uncheck "Lock hosts file".
You should now be able to update the HOSTS file, however until ZA
resolves this problem, on the next Windows restart the file will be
locked again (even if that option is unchecked) ... hopefully ZA
will correct this shortly!
To Update or Edit the HOSTS file for ZoneAlarm Pro or Security
1) Program Panel -> Main -> Program Control -> Custom button -> OSFW
2) UNcheck the box for OSFW, (Operating System Firewall) then
3) Make your changes (edit or update) to the HOSTS file.
4) Open ZAP/ZASS and re-enable OSFW and reboot
Why can't I view
the videos at my favorite sites? [return to FAQ]
Unfortunately Fox News and many other "Network sites"
(NBC, Sci-Fi) have decided to inject commercials or advertisements into their "Free
videos" which are heavily laden with 3rd party ad servers and
trackers. You can see an example
commercial here which plays before whatever video you have
selected, to see just a partial list of the 3rd parties involved
click here. There are so many I couldn't get them all on one
screenshot ... but you get the idea.
The reason this occurs now is [example] CNET was recently purchased by CBS
... and all they are interested in is tracking your movements
via all the 3rd party "data miners" that they run the video link
thru prior to you viewing it ... this included several 3rd party
You can view a screenshot
of all the "ad servers" (highlighted in red) that are running in the
One alternative is to rename the HOSTS file
... which you can do on-the-fly ...
Important! Just don't forget to enable the HOSTS file again after
watching the commercials with your video ...
You can use Hostsman to enable/disable the
HOSTS file on the fly [screenshot]
Why do I get an
error trying to Save a webpage in Internet
The best explanation I can give you is ... when the browser tries
to "Save" the page ... it reads the HTML code on the page and NOT
what is actually loaded ... so when there are several items missing,
or blocked in this case, it can not complete the task and quits,
which generates the
Error Saving Web Page.
Workaround: rename the HOSTS file and
try again ... just don't forget to rename it back again ... also the
HOSTS file may not be the cause of the "Error Saving Web
Page", an entry in the (IE) Restricted Zone
will also cause this as that entry will prevent anything from being
downloaded from that site ... or it may be - Error message:
This Web page could not be saved
Tim H sends along this tip ... another way to save a webpage is
to install one of the free
PDF printer File creators then you simply choose File > Print
PDF and save as PDF
Why does Symantec
(Norton 2007) detect a possible malicious
entry in the HOSTS file?
"A malicious entry in your hosts files
could prevent LiveUpdate from retrieving updates for your Symantec
products, including anti-virus updates. Generally, Symantec
LiveUpdate server entries should not appear in your Windows hosts
files. Update has detected a potential security compromise on your
computer: one or more entries should not appear in your Windows
Lists the address 'om.symantec.com' as being in the
hosts file and ask what action to perform:
Click the drop-down arrow and select option #2 (highlighted in bold
1.Leave the entry in the hosts file (warn me
about them later)
2.Leave the entry in the hosts file (do not warn me about them
3.Remove the entry from the hosts file
om.symantec.com is really an alias for symanteccom.112.2o7.net (Omniture
is a 3rd party data miner)
These entries do not affect LiveUpdate. See screenshot
here - and for more
details a related
HOSTS News Blog entry
Both of these entries are running on Omniture's server and thus are
controlled by them, not Symantec.
David B sends along this tip for Norton
360 users ... seems the "Network Address Check"
feature scans the users HOSTS file and removes all entries ...
Yikes! To prevent this go to the "Undo & Exclude Advanced
Settings" screen and exclude the HOSTS file from scanning.
John W sent along additional info on Norton360 ... to exclude the
HOSTS file from being scanned:
Under Virus and Spyware Settings | File Exclusions:
"Which disks, folders, or files to exclude from risk scanning"
enter the location (generally) - \WINDOWS\system32\drivers\etc\HOSTS
Note: If the HOSTS file is removed by a scan, it can be
moved from the Undo List to the Exclusion List by selecting it then
clicking Restore Item to system. [screenshot]
Geoff B sends along this tip for Norton
Security users ... when you manually run the "Security
Inspector" it will scan your system and may prompt you with "IP
addresses had been re-directed" and when the user allows the
program to "fix" the perceived problem ... it will strip all the
entries from your HOSTS file. To prevent this you can uncheck the
option "IP addresses in the Hosts file" from Norton
Security/Security Inspector/Basic Scans/
Why does Spyware
Doctor detect "Possible Website Hijack" in the
Why does Trend Micro Sysclean detect and
remove certain entries in the HOSTS file
Here is yet another false detection by an Antispyware product.
This is caused by the coders that have no clue ... the entries
are all legit entries for the HOSTS file. You can either set these
detections to "Ignore" or disable the option for scanning the HOSTS
Folks as I've said before ... anytime after running a scan of any
security related product and the only detection is one or more
entries in the HOSTS file, this is most likely a false-positive and
should be ignored, or excluded from future scans.
There is no known
infection that only affects the HOSTS file!
PowerTools is the ultimate registry cleaner and Windows
tuneup utility suite
PowerTools Lite 2012 is a freeware utility that allows
you to easily install the MVPS hosts file
will allow you to lock your HOSTS file and will monitor changes.
- ZoneAlarm Pro and Security Suite users have a "Lock Hosts"
However this requires special
instructions to edit or update the HOSTS file.
- Hostswitch is a small utility that you can use to rename or
edit the HOSTS file, also displays the status.
(requires .NET be installed)