SettingsModifier:Win32/HostsFileHijack (Simple Removal Guide) - Free Instructions

SettingsModifier:Win32/HostsFileHijack Removal Guide

What is SettingsModifier:Win32/HostsFileHijack?

SettingsModifier:Win32/HostsFileHijack – a computer infection designed to change Windows “hosts” file for malicious purposes

SettingsModifier:Win32/HostsFileHijackSettingsModifier:Win32/HostsFileHijack is a malicious program designed to change Windows "hosts" file for malicious purposes

SettingsModifier:Win32/HostsFileHijack is a heuristic detection name given to a particular malware by anti-malware solutions, such as Window Defender. Malware can be distributed in various methods by cybercriminals, including spam emails, adware bundle packages, drive-by downloads,[1] vulnerabilities, cracks/keygens, etc. Once inside the system, the virus begins to perform changes to the targeted computer.

The purpose of the SettingsModifier:Win32/HostsFileHijack virus might be different, although one of the main functions it is defined by is the modifications to the Windows “hosts” file – it can be used to block traffic to particular websites, and there can be many reasons for that. For example, malicious actors can prevent network connections to Windows update servers, rendering the machine vulnerable to cyber attackers.

However, SettingsModifier:Win32/HostsFileHijack detection might also be associated with a false positive when users themselves attempt to modify the hosts file in order to block Microsoft telemetry-related domains. This happens because Microsoft treats all modifications to these particular entries as a severe threat since July 2020, regardless of who attempts to perform these changes.

Name SettingsModifier:Win32/HostsFileHijack
Type Malware, false positive
Related BrowserModifier
Infiltration Spam emails, exploits, vulnerabilities, malicious websites, fake updates, drive-by downloads, etc.
Symptoms Inability to access particular websites on via Google Chrome, Mozilla Firefox, Safari, MS Edge, or another web browser; connectivity issues; modifications to Windows “hosts” file
Risks A malware infection can cause a variety of negative consequences, including financial losses, privacy issues, other malicious software infiltration, local data corruption, etc.
Removal Scan your system with alternative security software. To resolve a false-positive, add the “threat” as an exception
System repair Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the OS and avoid its reinstallation, we recommend scanning it with the FortectIntego repair tool

Before the DNS (Domain Name System) was popularized, the Windows “hosts” file was used to resolve hosts names – it was used to help users reach their destination websites.[2] However, Microsoft still retains the file, as it still has its uses – it is located in the following directory:


Unfortunately, this file can also be used by malware such as SettingsModifier:Win32/HostsFileHijack for malicious purposes and Hosts file modification is nothing new. Some malware, such as Moss, Lyli, and Copa, consistently employ it to prevent users from accessing security-oriented websites, which would otherwise help them with virus elimination. SettingsModifier:Win32/HostsFileHijack removal might be blocked in a similar manner.

Microsoft is treating the detection as “severe” due to several reasons. With the help of modifications to the hosts file, the attackers can perform the following:

  • Divert traffic to malicious domains
  • Download other malware
  • Prevent Windows from being updated
  • Prevent Windows from checking relevant security certificates, etc.

Such changes to the system might be devastating and result in further malware infections. Hence, it is important to remove SettingsModifier:Win32/HostsFileHijack malware as soon as possible. In Windows defender, once you select Actions > Remove, it will delete the related malware and the modified hosts file, creating a new one in the process.

It is important to note that if the detection began showing up from the end of July onwards, it might also be a false positive. If you or any type of program on your computer modified Windows hosts file to prevent connections to Microsoft telemetry domains (,,, etc.,)[3] you would also get a SettingsModifier:Win32/HostsFileHijack detection. To resolve this, simply let the security software recreate the file by deleting the modified one.

SettingsModifier:Win32/HostsFileHijack virusSettingsModifier:Win32/HostsFileHijack is a threat that Windows Defender might flag up, although it might also be a false positive

Nonetheless, if you are suspecting that malware could be involved (i.e., you never touched the hosts file before), you should check first your computer with alternative security software, such as SpyHunter 5Combo Cleaner or Malwarebytes. Note that none of the security apps can catch all the existing malware, so it worth sometimes performing repeated scans with alternative tools.

In case the SettingsModifier:Win32/HostsFileHijack virus was indeed in your system, and you are noticing a negative impact on it (crashes, lag, errors, etc.), other Windows parts might have been affected. To fix these issues automatically, we recommend using FortectIntego.

How to protect yourself from malware attacks? Here are a few helpful tips

Ransomware, Remote Access Trojans, worms, rootkits, and other malware can be particularly dangerous to any PC user. Once inside the system, it can completely change its functionality and allow the attackers to take over it. In other cases, the infection can operate silently in the background for weeks or even months before some symptoms are visible. Therefore, it is important to ensure that malware does not break into your machine. While it is impossible to prevent infections 100% of the time, there are several steps you could take to make that possibility as low as possible. Here are some tips from security researchers:[4]

  • Employ powerful anti-malware software and keep it updated at all times;
  • Apply the latest security patches for your operating system and all the installed apps;
  • Use strong passwords for all your accounts, and never reuse them;
  • Do not open email attachments that ask you to enable macro feature;
  • Beware that email address can be spoofed, so handle all links and attachments with caution;
  • Never download software cracks or pirated program installers;
  • Beware of software bundlers – always choose Advanced mode instead of Recommended one.

A simple way to get rid of SettingsModifier:Win32/HostsFileHijack

As previously mentioned, SettingsModifier:Win32/HostsFileHijack removal should not be that complicated – simply allow the security software to do it for you. Nonetheless, if the detection is a false positive, it will destroy the domain names listed within the host file that you actually wanted to keep. Many users were particularly dissatisfied with this, as they use a particular list of domains to block undesired and ad-filled websites.

SettingsModifier:Win32/HostsFileHijack detectionSettingsModifier:Win32/HostsFileHijack popup indicates changes to a hosts file that prevents connection to Microsoft-related servers

However, many users reported that once they remove SettingsModifier:Win32/HostsFileHijack, it soon returns. If you are sue that detection is a false positive, you can simply whitelist the detection, and it will allow entries within the hosts file and not delete it. Unfortunately, this can also render the system render vulnerable to real malware attacks that attempts to modify hosts file for malicious reasons. Another choice would be to disable Windows Defender completely and employ other security tools, such as SpyHunter 5Combo Cleaner or Malwarebytes, for the system protection.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of SettingsModifier:Win32/HostsFileHijack. Follow these steps

Manual removal using Safe Mode

If SettingsModifier:Win32/HostsFileHijack virus is tempering with your security software, access Safe Mode with Networking:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from SettingsModifier:Win32/HostsFileHijack and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting malware

Protect your privacy – employ a VPN

There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals. 

No backups? No problem. Use a data recovery tool

If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.

If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions