Detect Windows hosts changesHow can I remove malicious spyware, malware, adware, viruses, trojans or rootkits...

Why do we call complex numbers “numbers” but we don’t consider 2-vectors numbers?

How to make sure I'm assertive enough in contact with subordinates?

Draw this image in the TIKZ package

Why does this boat have a landing pad? (SpaceX's GO Searcher) Any plans for propulsive capsule landings?

What does *dead* mean in *What do you mean, dead?*?

Is there a math expression equivalent to the conditional ternary operator?

Inorganic chemistry handbook with reaction lists

A running toilet that stops itself

What does it take to become a wilderness skills guide as a business?

Are small insurances worth it?

Vector-transposing function

I am the person who abides by rules but breaks the rules . Who am I

How to distinguish easily different soldier of ww2?

Will the concrete slab in a partially heated shed conduct a lot of heat to the unconditioned area?

Professor forcing me to attend a conference, I can't afford even with 50% funding

Has a sovereign Communist government ever run, and conceded loss, on a fair election?

Does an unused member variable take up memory?

How would an energy-based "projectile" blow up a spaceship?

Help! My Character is too much for her story!

Why is there an extra space when I type "ls" on the Desktop?

How to recover against Snake as a heavyweight character?

A vote on the Brexit backstop

Rationale to prefer local variables over instance variables?

How to write a chaotic neutral protagonist and prevent my readers from thinking they are evil?



Detect Windows hosts changes


How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?'Canonical' way to block websites in Windows 8 without using hostsComputer (win 8.1) starts by itselfSystem freeze, Disk 100%, Windows 8.1Possible to Load/Unload DiskDrive Filter Driver On-The-Fly Without Restarting?Properly setup a DNS FallbackUnable to wake computer from sleep/hibernateWindows 7 doesn't dim the screen as far as Windows 10Windows Programs Keep Randomly Closing?Microsoft May Security Update - CredSSPSilent Process Exit: process '?' was terminated by the process 'C:WindowsSystem32svchost.exe' with termination code 1067













0















After some a requests of supports by users, i have found into C:WINDOWSsystem32driversetchosts my website, eg.:



127.0.0.1 mywebsite.com


users say they don't have made it, perhaps a third party software (eg. anti virus) has blocked my website for some unknown reason..



There is a way for detect who has changed the hosts file? eg. Event Viewer, logs, etc.










share|improve this question

























  • hosts is a common file, and the entry you're looking at is a default entry in every hosts file that has not been removed. It is also preceded by a hash or pound sign "#", corrrect?

    – music2myear
    10 hours ago











  • sorry, i have used example.com, but i mean my website...

    – ar099968
    10 hours ago






  • 1





    Windows offers file auditing, but I believe it has to be enabled before the activity you wish to audit occurs: docs.microsoft.com/en-us/windows/security/threat-protection/…

    – music2myear
    10 hours ago











  • Got it. Thanks for clearing that up and editing the question. 1 you should look into file auditing, and 2 you should check for viruses and malicious activity on the computers you support. docs.microsoft.com/en-us/windows/security/threat-protection/…

    – music2myear
    10 hours ago






  • 1





    Possible duplicate of How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

    – music2myear
    10 hours ago
















0















After some a requests of supports by users, i have found into C:WINDOWSsystem32driversetchosts my website, eg.:



127.0.0.1 mywebsite.com


users say they don't have made it, perhaps a third party software (eg. anti virus) has blocked my website for some unknown reason..



There is a way for detect who has changed the hosts file? eg. Event Viewer, logs, etc.










share|improve this question

























  • hosts is a common file, and the entry you're looking at is a default entry in every hosts file that has not been removed. It is also preceded by a hash or pound sign "#", corrrect?

    – music2myear
    10 hours ago











  • sorry, i have used example.com, but i mean my website...

    – ar099968
    10 hours ago






  • 1





    Windows offers file auditing, but I believe it has to be enabled before the activity you wish to audit occurs: docs.microsoft.com/en-us/windows/security/threat-protection/…

    – music2myear
    10 hours ago











  • Got it. Thanks for clearing that up and editing the question. 1 you should look into file auditing, and 2 you should check for viruses and malicious activity on the computers you support. docs.microsoft.com/en-us/windows/security/threat-protection/…

    – music2myear
    10 hours ago






  • 1





    Possible duplicate of How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

    – music2myear
    10 hours ago














0












0








0








After some a requests of supports by users, i have found into C:WINDOWSsystem32driversetchosts my website, eg.:



127.0.0.1 mywebsite.com


users say they don't have made it, perhaps a third party software (eg. anti virus) has blocked my website for some unknown reason..



There is a way for detect who has changed the hosts file? eg. Event Viewer, logs, etc.










share|improve this question
















After some a requests of supports by users, i have found into C:WINDOWSsystem32driversetchosts my website, eg.:



127.0.0.1 mywebsite.com


users say they don't have made it, perhaps a third party software (eg. anti virus) has blocked my website for some unknown reason..



There is a way for detect who has changed the hosts file? eg. Event Viewer, logs, etc.







windows






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 10 hours ago







ar099968

















asked 10 hours ago









ar099968ar099968

1034




1034













  • hosts is a common file, and the entry you're looking at is a default entry in every hosts file that has not been removed. It is also preceded by a hash or pound sign "#", corrrect?

    – music2myear
    10 hours ago











  • sorry, i have used example.com, but i mean my website...

    – ar099968
    10 hours ago






  • 1





    Windows offers file auditing, but I believe it has to be enabled before the activity you wish to audit occurs: docs.microsoft.com/en-us/windows/security/threat-protection/…

    – music2myear
    10 hours ago











  • Got it. Thanks for clearing that up and editing the question. 1 you should look into file auditing, and 2 you should check for viruses and malicious activity on the computers you support. docs.microsoft.com/en-us/windows/security/threat-protection/…

    – music2myear
    10 hours ago






  • 1





    Possible duplicate of How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

    – music2myear
    10 hours ago



















  • hosts is a common file, and the entry you're looking at is a default entry in every hosts file that has not been removed. It is also preceded by a hash or pound sign "#", corrrect?

    – music2myear
    10 hours ago











  • sorry, i have used example.com, but i mean my website...

    – ar099968
    10 hours ago






  • 1





    Windows offers file auditing, but I believe it has to be enabled before the activity you wish to audit occurs: docs.microsoft.com/en-us/windows/security/threat-protection/…

    – music2myear
    10 hours ago











  • Got it. Thanks for clearing that up and editing the question. 1 you should look into file auditing, and 2 you should check for viruses and malicious activity on the computers you support. docs.microsoft.com/en-us/windows/security/threat-protection/…

    – music2myear
    10 hours ago






  • 1





    Possible duplicate of How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

    – music2myear
    10 hours ago

















hosts is a common file, and the entry you're looking at is a default entry in every hosts file that has not been removed. It is also preceded by a hash or pound sign "#", corrrect?

– music2myear
10 hours ago





hosts is a common file, and the entry you're looking at is a default entry in every hosts file that has not been removed. It is also preceded by a hash or pound sign "#", corrrect?

– music2myear
10 hours ago













sorry, i have used example.com, but i mean my website...

– ar099968
10 hours ago





sorry, i have used example.com, but i mean my website...

– ar099968
10 hours ago




1




1





Windows offers file auditing, but I believe it has to be enabled before the activity you wish to audit occurs: docs.microsoft.com/en-us/windows/security/threat-protection/…

– music2myear
10 hours ago





Windows offers file auditing, but I believe it has to be enabled before the activity you wish to audit occurs: docs.microsoft.com/en-us/windows/security/threat-protection/…

– music2myear
10 hours ago













Got it. Thanks for clearing that up and editing the question. 1 you should look into file auditing, and 2 you should check for viruses and malicious activity on the computers you support. docs.microsoft.com/en-us/windows/security/threat-protection/…

– music2myear
10 hours ago





Got it. Thanks for clearing that up and editing the question. 1 you should look into file auditing, and 2 you should check for viruses and malicious activity on the computers you support. docs.microsoft.com/en-us/windows/security/threat-protection/…

– music2myear
10 hours ago




1




1





Possible duplicate of How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

– music2myear
10 hours ago





Possible duplicate of How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

– music2myear
10 hours ago










1 Answer
1






active

oldest

votes


















0















Is there a way for detect who has changed the hosts file? eg. Event Viewer, logs, etc.




tl;dr: Absolutely yes.



If you have money you can use Glasswire without any headache.
Glasswire has an option in security settings to monitor 'hosts' and 'lmhosts' file changes.



GlassWire_Monitor_hosts_file



If you want free solution use TraceView in Windows Driver Kit.
Install Windows Driver Kit
→ run TraceView as administrator
→ Create New Log Session → Kernel Logger → File I/O → Log Trace Event Data to File
→ Enter ETL file path as you want.



TraceView-Kernel-Mode-Trace



Use TraceFmt to display and find your required file change.
Required command: tracefmt.exe C:pathtoETL-File-Name.etl -displayonly| find /i "hosts"



If you want more free software I have a open-source project TraceEvent @GitHub which is in development.








share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1412465%2fdetect-windows-hosts-changes%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0















    Is there a way for detect who has changed the hosts file? eg. Event Viewer, logs, etc.




    tl;dr: Absolutely yes.



    If you have money you can use Glasswire without any headache.
    Glasswire has an option in security settings to monitor 'hosts' and 'lmhosts' file changes.



    GlassWire_Monitor_hosts_file



    If you want free solution use TraceView in Windows Driver Kit.
    Install Windows Driver Kit
    → run TraceView as administrator
    → Create New Log Session → Kernel Logger → File I/O → Log Trace Event Data to File
    → Enter ETL file path as you want.



    TraceView-Kernel-Mode-Trace



    Use TraceFmt to display and find your required file change.
    Required command: tracefmt.exe C:pathtoETL-File-Name.etl -displayonly| find /i "hosts"



    If you want more free software I have a open-source project TraceEvent @GitHub which is in development.








    share|improve this answer




























      0















      Is there a way for detect who has changed the hosts file? eg. Event Viewer, logs, etc.




      tl;dr: Absolutely yes.



      If you have money you can use Glasswire without any headache.
      Glasswire has an option in security settings to monitor 'hosts' and 'lmhosts' file changes.



      GlassWire_Monitor_hosts_file



      If you want free solution use TraceView in Windows Driver Kit.
      Install Windows Driver Kit
      → run TraceView as administrator
      → Create New Log Session → Kernel Logger → File I/O → Log Trace Event Data to File
      → Enter ETL file path as you want.



      TraceView-Kernel-Mode-Trace



      Use TraceFmt to display and find your required file change.
      Required command: tracefmt.exe C:pathtoETL-File-Name.etl -displayonly| find /i "hosts"



      If you want more free software I have a open-source project TraceEvent @GitHub which is in development.








      share|improve this answer


























        0












        0








        0








        Is there a way for detect who has changed the hosts file? eg. Event Viewer, logs, etc.




        tl;dr: Absolutely yes.



        If you have money you can use Glasswire without any headache.
        Glasswire has an option in security settings to monitor 'hosts' and 'lmhosts' file changes.



        GlassWire_Monitor_hosts_file



        If you want free solution use TraceView in Windows Driver Kit.
        Install Windows Driver Kit
        → run TraceView as administrator
        → Create New Log Session → Kernel Logger → File I/O → Log Trace Event Data to File
        → Enter ETL file path as you want.



        TraceView-Kernel-Mode-Trace



        Use TraceFmt to display and find your required file change.
        Required command: tracefmt.exe C:pathtoETL-File-Name.etl -displayonly| find /i "hosts"



        If you want more free software I have a open-source project TraceEvent @GitHub which is in development.








        share|improve this answer














        Is there a way for detect who has changed the hosts file? eg. Event Viewer, logs, etc.




        tl;dr: Absolutely yes.



        If you have money you can use Glasswire without any headache.
        Glasswire has an option in security settings to monitor 'hosts' and 'lmhosts' file changes.



        GlassWire_Monitor_hosts_file



        If you want free solution use TraceView in Windows Driver Kit.
        Install Windows Driver Kit
        → run TraceView as administrator
        → Create New Log Session → Kernel Logger → File I/O → Log Trace Event Data to File
        → Enter ETL file path as you want.



        TraceView-Kernel-Mode-Trace



        Use TraceFmt to display and find your required file change.
        Required command: tracefmt.exe C:pathtoETL-File-Name.etl -displayonly| find /i "hosts"



        If you want more free software I have a open-source project TraceEvent @GitHub which is in development.









        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 6 hours ago









        BiswapriyoBiswapriyo

        3,06141343




        3,06141343






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1412465%2fdetect-windows-hosts-changes%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...

            Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

            Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...