In the past, we see threats modify Windows host file to redirect AV vendor websites to 127.0.0.1 loopback address. Some security software also injects known bad URLs into the same host file with 127.0.0.1 loopback address. Well nowadays the bad guys are getting smart and does more advanced stuff than host file modification. In few recent malwares [ie. Conficker aka Downadup], we see that infected machines are unable to access AV vendor sites although the host file is empty. And ping to av website yield a 127.0.0.1 address resolution. Well now there are a few tricks we can do to evade this issue. Its an old trick by removing DNS cache on our machine and check it everytime required to the DNS server. Microsoft has a KB for this as written in support.microsoft.com/kb/318803 . It is as simple as typing : 'net stop dnscache' or 'sc servername stop dnscache' [without ''] in your Start -> Run box. And again, you can always visit www.confickerworkinggroup.org/infection_test/cfeyechart.html for an eye test :)