When malware gets onto the system, one of the first things it may do is disable your antivirus scanner. It may also modify the HOSTS file to block access to antivirus update servers.
Testing Your Antivirus
The easiest way to ensure that your antivirus software is working is to use the EICAR test file. It’s also a good idea to ensure that your security settings are configured properly in Windows.
The EICAR Test File
The EICAR test file is a virus simulator developed by the European Institute for Computer Antivirus Research and Computer Antivirus Research Organization.
EICAR is a non-viral string of code that most antivirus software have included in their signature definition files specifically for the purpose of testing — therefore, antivirus applications respond to this file as if it were a virus.
You can create one yourself easily using any text editor or you can download it from the EICAR website. To create an EICAR test file, copy and paste the following line into a blank file using a text editor such as Notepad:
Save the file as. If your active protection is working properly, the simple act of saving the file should trigger an alert. Some antivirus applications will immediately quarantine the file as soon as it is saved.
Windows Security Settings
Test to make sure you have the most secure settings configured in Windows.
- In Windows 7, your security and firewall settings are available via Start | Control Panel | System & Security. Choose Action Center from the right pane.
- For Windows 8 and 8.1, type the word “action” on the Start screen and then select Action Center from the results.
- For Windows 10, enter “security and maintenance” in the search box on the taskbar and then select Security and Maintenance.
Once in the Action Center, ensure that Windows Update is turned on so that you can get the latest updates and patches, and schedule a backup to ensure you don’t lose data.
Checking and Fixing the HOSTS File
Some malware adds entries to your computer’s HOSTS file. The hosts file contains information regarding your IP addresses and how they map to host names, or websites. Malware edits can effectively block your internet connection. If you are familiar with the normal contents of your HOSTS file, you will recognize unusual entries.
On Windows 7, 8 and 10, the HOSTS file is located in the same location: in the C:\Windows\System32\drivers\etc folder. To read the contents of the HOSTS file, just right-click it and choose Notepad (or your favorite text editor) to view it.
All HOSTS files contain several descriptive comments and then a mapping to your own machine, like this:
# 127.0.0.1 localhost
The IP address is 127.0.0.1 and it maps back to your own computer, i.e. localhost. If there are other entries you do not expect, the safest solution is to just replace the entire HOSTS file with the default.
Replacing the HOSTS File
- Rename the existing HOSTS file to something else such as “ . This is just a precaution in case you need to revert to it later.
- Open Notepad and create a new file.
- Copy and paste the following into the new file:
# Copyright (c) 1993-2009 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 22.214.171.124 rhino.acme.com # source server
# 126.96.36.199 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost # ::1 localhost
- Save this file as “hosts” in the same location as the original HOSTS file.