Skip to content
  • Active
  • Severity: High
  • Malware
  • Windows
  • Verified · Oct 2020

How to remove SettingsModifier:Win32/HostsFileHijack

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Julie Splinters · Anti-malware specialist

SettingsModifier:Win32/HostsFileHijack – a computer infection designed to change Windows “hosts” file for malicious purposes

SettingsModifier:Win32/HostsFileHijack

SettingsModifier:Win32/HostsFileHijack is a heuristic detection name given to a particular malware by anti-malware solutions, such as Window Defender. Malware can be distributed in various methods by cybercriminals, including spam emails, adware bundle packages, drive-by downloads,[1] vulnerabilities, cracks/keygens, etc. Once inside the system, the virus begins to perform changes to the targeted computer.

The purpose of the SettingsModifier:Win32/HostsFileHijack virus might be different, although one of the main functions it is defined by is the modifications to the Windows “hosts” file – it can be used to block traffic to particular websites, and there can be many reasons for that. For example, malicious actors can prevent network connections to Windows update servers, rendering the machine vulnerable to cyber attackers.

However, SettingsModifier:Win32/HostsFileHijack detection might also be associated with a false positive when users themselves attempt to modify the hosts file in order to block Microsoft telemetry-related domains. This happens because Microsoft treats all modifications to these particular entries as a severe threat since July 2020, regardless of who attempts to perform these changes.

Name SettingsModifier:Win32/HostsFileHijack
Type Malware, false positive
Related BrowserModifier
Infiltration Spam emails, exploits, vulnerabilities, malicious websites, fake updates, drive-by downloads, etc.
Symptoms Inability to access particular websites on via Google Chrome, Mozilla Firefox, Safari, MS Edge, or another web browser; connectivity issues; modifications to Windows “hosts” file
Risks A malware infection can cause a variety of negative consequences, including financial losses, privacy issues, other malicious software infiltration, local data corruption, etc.
Removal Scan your system with alternative security software. To resolve a false-positive, add the “threat” as an exception
System repair Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the OS and avoid its reinstallation, we recommend scanning it with the FortectIntego repair tool

Before the DNS (Domain Name System) was popularized, the Windows “hosts” file was used to resolve hosts names – it was used to help users reach their destination websites.[2] However, Microsoft still retains the file, as it still has its uses – it is located in the following directory:

C:\windows\system32\drivers\etc\hosts

Unfortunately, this file can also be used by malware such as SettingsModifier:Win32/HostsFileHijack for malicious purposes and Hosts file modification is nothing new. Some malware, such as Moss, Lyli, and Copa, consistently employ it to prevent users from accessing security-oriented websites, which would otherwise help them with virus elimination. SettingsModifier:Win32/HostsFileHijack removal might be blocked in a similar manner.

Microsoft is treating the detection as “severe” due to several reasons. With the help of modifications to the hosts file, the attackers can perform the following:

  • Divert traffic to malicious domains
  • Download other malware
  • Prevent Windows from being updated
  • Prevent Windows from checking relevant security certificates, etc.

Such changes to the system might be devastating and result in further malware infections. Hence, it is important to remove SettingsModifier:Win32/HostsFileHijack malware as soon as possible. In Windows defender, once you select Actions > Remove, it will delete the related malware and the modified hosts file, creating a new one in the process.

It is important to note that if the detection began showing up from the end of July onwards, it might also be a false positive. If you or any type of program on your computer modified Windows hosts file to prevent connections to Microsoft telemetry domains (www.microsoft.com, telemetry.microsoft.com, us.vortex-win.data.microsoft.com, etc.,)[3] you would also get a SettingsModifier:Win32/HostsFileHijack detection. To resolve this, simply let the security software recreate the file by deleting the modified one.

SettingsModifier:Win32/HostsFileHijack virus

Nonetheless, if you are suspecting that malware could be involved (i.e., you never touched the hosts file before), you should check first your computer with alternative security software, such as SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. Note that none of the security apps can catch all the existing malware, so it worth sometimes performing repeated scans with alternative tools.

In case the SettingsModifier:Win32/HostsFileHijack virus was indeed in your system, and you are noticing a negative impact on it (crashes, lag, errors, etc.), other Windows parts might have been affected. To fix these issues automatically, we recommend using FortectIntego.

How to protect yourself from malware attacks? Here are a few helpful tips 

Ransomware, Remote Access Trojans, worms, rootkits, and other malware can be particularly dangerous to any PC user. Once inside the system, it can completely change its functionality and allow the attackers to take over it. In other cases, the infection can operate silently in the background for weeks or even months before some symptoms are visible. Therefore, it is important to ensure that malware does not break into your machine. While it is impossible to prevent infections 100% of the time, there are several steps you could take to make that possibility as low as possible. Here are some tips from security researchers:[4]

  • Employ powerful anti-malware software and keep it updated at all times;
  • Apply the latest security patches for your operating system and all the installed apps;
  • Use strong passwords for all your accounts, and never reuse them;
  • Do not open email attachments that ask you to enable macro feature;
  • Beware that email address can be spoofed, so handle all links and attachments with caution;
  • Never download software cracks or pirated program installers;
  • Beware of software bundlers – always choose Advanced mode instead of Recommended one.

A simple way to get rid of SettingsModifier:Win32/HostsFileHijack

As previously mentioned, SettingsModifier:Win32/HostsFileHijack removal should not be that complicated – simply allow the security software to do it for you. Nonetheless, if the detection is a false positive, it will destroy the domain names listed within the host file that you actually wanted to keep. Many users were particularly dissatisfied with this, as they use a particular list of domains to block undesired and ad-filled websites.

SettingsModifier:Win32/HostsFileHijack detection

However, many users reported that once they remove SettingsModifier:Win32/HostsFileHijack, it soon returns. If you are sue that detection is a false positive, you can simply whitelist the detection, and it will allow entries within the hosts file and not delete it. Unfortunately, this can also render the system render vulnerable to real malware attacks that attempts to modify hosts file for malicious reasons. Another choice would be to disable Windows Defender completely and employ other security tools, such as SpyHunterCombo Cleaner or MalwarebytesMalwarebytes, for the system protection. 

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.