Compromised Windows System (hosts File Check)

Critical Nessus Plugin ID 23910


The remote Windows host may be compromised.


The remote Windows host uses the file 'System32\drivers\etc\hosts' to fix the name resolution of some sites to localhost or internal systems. Some viruses or spyware modify this file to prevent antivirus software or other security software from obtaining updates.

Nessus has found one or more suspicious entries in this file that may prove the remote host is infected by a malicious program.


Remove the suspicious entries from the host file, update your antivirus software, and remove any malicious software.

See Also

Plugin Details

Severity: Critical

ID: 23910

File Name: smb_suspicious_host.nasl

Version: $Revision: 1.23 $

Type: local

Family: Backdoors

Published: 2006/12/18

Modified: 2017/02/14

Dependencies: 73980, 13855

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C


Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion