wow. on the net long enough ... you're bound to see it all.... ;) I poke, of course, but really you're
that on most of the time..
So.. Hosts file ... operates like hosts on linux, the default for windows is to check the hosts file first then resolve via DNS ... any entry in the hosts file in windows that is setup with #PRE at the end of the line, causes windows to preload that entry
ie. 127.0.0.1 some.adserver.com #PRE
And agreed, that its odd the cracker/spammer/malware would delete the file, more likely to either wipe out the file and add its own redirections ...