Avast - Changing My Hosts File

[REDACTED]

Avast v11.1.2241
Definitions 151130-0

Today I added an entry to my hosts file by editing it direct.
After about an hour it revert back to it's previous setting.

So I edited it again... and again it reverted back.
I downloaded SysInternals Process Monitor and could see avast had read and changed my hosts file.
How do I stop this ?

Thanks

[Eddy]

What OS/SP ?
What exact version of avast ?
Any other security (related) software installed ? (or was there)

[igor]

Did you receive any notification that Avast detected something?
Can you share the modification of the hosts file?

[REDACTED]

Avast hasn't warned me it found anything.

The hosts file is a default Windows host file with around 60,000 entries similar to the following added:

127.0.0.1    xkgmgkbdppkskud.net
127.0.0.1    xkgnrwobrichgd.biz
127.0.0.1    xkgpgaawwkfq.biz
127.0.0.1    xkgshoktsakf.ru
127.0.0.1    xkgtaembeknphd.org
127.0.0.1    xkgxlbcfiijjak.org
127.0.0.1    xkhsbijryplarg.org
127.0.0.1    xkiasnriddawlpl.com
127.0.0.1    xkiddsovdleatb.com
127.0.0.1    xkidpcrpoymeok.info
127.0.0.1    xkiqjdrfrkkxtb.com
127.0.0.1    xkisghibjhhruri.ru
127.0.0.1    xkjwhckvdikmmc.org
127.0.0.1    xkkcahpwwhev.org
127.0.0.1    xkkpnarmnpnjh.info
127.0.0.1    xkkqdpsscwxpms.co.uk
127.0.0.1    xkkuoqwdfmusyj.org
127.0.0.1    xkkwfgdcjjngnwd.org
127.0.0.1    xkkwgydllsjy.org
127.0.0.1    xkldtmlsxpss.co.uk
127.0.0.1    xklhdsrrekbike.org
127.0.0.1    xklqwrvejecfr.ru
127.0.0.1    xkmdxmxixmvkuhx.ru
127.0.0.1    xkmmqeapqyvp.net
127.0.0.1    xkmtkwubjtwma.info

I'm adding one new line to the file which is simply
IPADDRESS    DOMAINName

When it resets it goes back to the default plus the additional entries added.

Avast reports itself as :

Program Version: 11.1.2241
Virus Definitions Version: 151130-1
Number of Definitions: 3,434,844

I also have Zonealarm free firewall and anti virus and SpyBot Search and destroy installed.

Running sysinternals process monitor shows Avast had read and changed the hosts file.
I'm about to add the line back to the hosts file and will run sysinternal to see what it shows today. Hopefully I'll get a screenshot from it.

Can anyone confirm if Avast does monitor and change the hosts ? can it be disabled ?

Thanks

[Eddy]

First mistake, you are using two av's at the same time.
https://blog.kaspersky.com/multiple-antivirus-programs-bad-idea/2670/
Pick the one you want and delete the other completely.
http://www.ache.nl

Your second mistake is using Spybot S&D.
It used to be good, but that is years ago.
It lacks a huge amount of detections.
I advise to use MBam instead.

I very much doubt that avast is changing your hosts file.
It just scans it, not changes it.

[REDACTED]

Hi
After monitor the process for a while I can see Avast trying to edit/create the hosts, but that wasn't the issue.

BDAntiCryptoLocker
is installed and it is creating a new hosts file.

I've set the host to read only and that seems to have stopped the issue.

I'm going to look MBam and HitMan Pro.

Thanks