Compromised Windows System (hosts File Check)
Critical Nessus Plugin ID 23910
SynopsisThe remote Windows host may be compromised.
DescriptionThe remote Windows host uses the file 'System32\drivers\etc\hosts' to fix the name resolution of some sites to localhost or internal systems. Some viruses or spyware modify this file to prevent antivirus software or other security software from obtaining updates.
Nessus has found one or more suspicious entries in this file that may prove the remote host is infected by a malicious program.
SolutionRemove the suspicious entries from the host file, update your antivirus software, and remove any malicious software.