Jump to content

\Windows\System32\drivers\etc\hosts PossibleFileHijack WIN Defender

Recommended Posts


So ive recently scanned the pc with Windows Defender (i tend to scan mine mabye once a week) and it displayed this message:



file: C:\Windows\System32\drivers\etc\hosts


I've first freaked out, because I was installing some software and i though i had a virus in some of the programs. I decided to run the software called TronScrips which uses Malwarebytes as a virus removal tool. Once it finished, I was suprised that it didnt find anything. Ive then did a scan myself manualy (using MB) and also found nothing. I also checked the file \Windows\System32\drivers\etc\hosts with NotePad but it didnt help me much, I have no idea what should be there and what not. Does anyone have any idea on what should i do? I am paranoid that I have some wierd magic stuff happening under the hood. 

Thank you so much! 

Best regards, Josef


PS: System specifications: 

Windows 10 Pro (version: 21H1)

x64 Bit OS, Intel Core i5-2400 CPU 3.10GHz 3.10 GHz

4,00 GB RAM


Link to post
Share on other sites


My name is Maurice.

Just what is "TronScrips "?

need a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs


Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.


  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.




The set of data from the report will provide much needed information.

Please always attach reports as we go along.


Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

It would appear that Microsoft Defender antivirus does not like some entry in Hosts made by "Spybot Anti-Beacon for Windows 10".

This is likely a false positive.

Do note the use of "possible"   in the classification SettingsModifier:Win32/PossibleHostsFileHijack

Link to post
Share on other sites

  • Root Admin
19 hours ago, Maurice Naggar said:

Just what is "TronScrips "?



If I may @Maurice Naggar


This is TronScript - the idea, the code, and the work involved is impressive no doubt. However, it is my own personal opinion that if you've had to resort to using this TronScript you're much better off backing up your data (which TronScript also recommended before running their tool as well) and doing a fresh clean install of Windows.

There is simply too much alteration and change made to the system that cannot be undone and that in my opinion makes drastic changes to the system that Microsoft is not going to support either. I don't like having an installation of Windows in an unknown state which is what you're going to have at least in the Registry and permissions all over the computer. It actually takes less time to install Windows than it does to run the TronScript.




At this time I don't personally recommend Windows 11. I'd like to see Microsoft work out a few more bugs and issues before recommending it. I'd stick with Windows 10 myself.


Greg Carmack - MVP 2010-2020 -Clean Install Windows 10

How to Create a Local Account While Setting Up Windows 10


  • Like 1
Link to post
Share on other sites


So @AdvancedSetup said that Tron can be bit "hard" on the system. I certainly agree with that and I am aware of those actions done by the script, yet I shall add that I have some expirience with it. I've also did not run the whole script, I have ran ONLY the stage with the virus removal stuff in it (i think its called disinfect stage no. 6 something like that). I have ran a few anti viruses and malware detection/removal tools afterwards such as Windows Malicious Software Removal Tool, Malwarebytes, Sophos and some more. I ran all of these in Safe Mode (maybe unnecessary but whatever). Also, Ive noticed that when I open the thread in Windows Defender, then I select (under actions) remove this thread, it doesnt do anything, just lags slightly and then closes itself without making any changes. Also, after all the virus removal mayhem the ammount of detected hazards in WD changed from 2 to 1. Wierdly, both of those hazards were in the same directory? 

Well, thank you everyone that helped me! I will see if the problem persists and if it does, I will get back here and demand some help😄 !


Best regards, Josef!



(My english might be bit wierd, I am not native to it :D)

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.