Compromised Windows System (hosts File Check)

critical Nessus Plugin ID 23910


The remote Windows host may be compromised.


The remote Windows host uses the file 'System32\drivers\etc\hosts' to fix the name resolution of some sites to localhost or internal systems. Some viruses or spyware modify this file to prevent antivirus software or other security software from obtaining updates.

Nessus has found one or more suspicious entries in this file that may prove the remote host is infected by a malicious program.


Remove the suspicious entries from the host file, update your antivirus software, and remove any malicious software.

See Also

Plugin Details

Severity: Critical

ID: 23910

File Name: smb_suspicious_host.nasl

Version: 1.26

Type: local

Agent: windows

Family: Backdoors

Published: 12/18/2006

Updated: 4/17/2023

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Rationale: Evidence indicates host may be compromised.


Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual


Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion