If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
OS XP... I had a virus that redirected yahoo, Google, etc to another web
site. Ran a scan and eliminated the virus. The C:\WINDOWS\system32\drivers\etc\hosts file was not visible when opening the etc folder. I tried to create a new hosts file and was stopped by an error that said the file already existed. I opened the etc\hosts file in the dos window and listed its contents. It was filled with yahoo / Google redirects. I tried to delete it with the dos command and was stopped by an error that said I didn't have permission... I was logged on as an administrator. Question should I boot up in protected mode and try to delete? If that doesn't work should I go into the registry???? Thanks, Neil |
Ads |
#2
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
try using "hijack this" and look
at the report. the top line entries will pertain to browser and will show any links that are redirecting your browser. -- db·´¯`·...¸)))º DatabaseBen, Retired Professional - Systems Analyst - Database Developer - Accountancy - Veteran of the Armed Forces - @Hotmail.com - nntp Postologist ~ "share the nirvana" - dbZen ~~~~~~~~~~~~~~~ "neil" wrote in message ... OS XP... I had a virus that redirected yahoo, Google, etc to another web site. Ran a scan and eliminated the virus. The C:\WINDOWS\system32\drivers\etc\hosts file was not visible when opening the etc folder. I tried to create a new hosts file and was stopped by an error that said the file already existed. I opened the etc\hosts file in the dos window and listed its contents. It was filled with yahoo / Google redirects. I tried to delete it with the dos command and was stopped by an error that said I didn't have permission... I was logged on as an administrator. Question should I boot up in protected mode and try to delete? If that doesn't work should I go into the registry???? Thanks, Neil |
#3
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
neil wrote:
OS XP... I had a virus that redirected yahoo, Google, etc to another web site. Ran a scan and eliminated the virus. The C:\WINDOWS\system32\drivers\etc\hosts file was not visible when opening the etc folder. I tried to create a new hosts file and was stopped by an error that said the file already existed. I opened the etc\hosts file in the dos window and listed its contents. It was filled with yahoo / Google redirects. I tried to delete it with the dos command and was stopped by an error that said I didn't have permission... I was logged on as an administrator. Question should I boot up in protected mode and try to delete? If that doesn't work should I go into the registry???? This has nothing to do with the registry. Your permissions on the file have simply been revoked or you have been explicitly denied permission to the file. Try granting yourself full control on the file. At the command prompt issue these commands and see if things change: cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G Administrators:F cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G "Your User Name":F If you have spaces in your user name you must use the "quotation marks" John |
#4
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
Hosts File FAQ
http://www.mvps.org/winhelp2002/hostsfaq.htm#Editor -- Rey "neil" wrote: OS XP... I had a virus that redirected yahoo, Google, etc to another web site. Ran a scan and eliminated the virus. The C:\WINDOWS\system32\drivers\etc\hosts file was not visible when opening the etc folder. I tried to create a new hosts file and was stopped by an error that said the file already existed. I opened the etc\hosts file in the dos window and listed its contents. It was filled with yahoo / Google redirects. I tried to delete it with the dos command and was stopped by an error that said I didn't have permission... I was logged on as an administrator. Question should I boot up in protected mode and try to delete? If that doesn't work should I go into the registry???? Thanks, Neil |
#5
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
On Dec 8, 3:03*pm, neil wrote:
OS XP... *I had a virus that redirected yahoo, Google, etc to another web site. *Ran a scan and eliminated the virus. *The * C:\WINDOWS\system32\drivers\etc\hosts file was not visible when opening the etc folder. *I tried to create a new hosts file and was stopped by an error that said the file already existed. *I opened the etc\hosts file in the dos window and listed its contents. *It was filled with yahoo / Google redirects. *I tried to delete it with the dos command and was stopped by an error that said I didn't have permission... *I was logged on as an administrator. * Question should I boot up in protected mode and try to delete? *If that doesn't work should I go into the registry???? Thanks, Neil None of the above and you don't need to waste time "trying" anything. Fix it. The hosts file is a read only, hidden system file. It is just a text file that you can manipulate with WordPad, Notepad or any text editor. Before modifying the hosts file, make a copy of the current one in case you need to restore the original. Some third party software scanning tools will add entries to the hosts file on purpose to block your browser from loading certain WWW sites entirely or block advertisements from certain WWW sites that the software knows about that contains ads or the software thinks are inappropriate. You can remove entries in the hosts file by hand if desired. Malicious software can also add entries to the host file to redirect your browser to some other WWW site than the one you really want to visit. For example, if you try to browse to www.google.com, you may end up on some WWW site that is inappropriate or just an advertisement for a product you never heard of and don't want. Until you fix the hosts file, your browser will always be redirected. If your hosts file has been manipulated by malicious software, editing the hosts file will not remove the malicious software. You will still need to scan your system with software tools to be sure the malicious software is entirely gone. Malicious software scanning tools may also remove the malicious software and leave the bad entries in the hosts file. The scanning tools cannot tell if entries in the hosts file were made on purpose or by malicious software so you still may need to edit the hosts file by hand if browser redirection occurs after the malicious software has been removed. Some scanning tools will report modifications to the hosts file as suspicious and allow you to review the changes and let you decide if the changes are appropriate or not and take action. A hosts file is not required for your browser to function. If you suspect an issue with the hosts file you can rename the hosts file and test your browsing without it. Always reboot your system and test browsing after making any changes to the hosts file. To manipulate the hosts file, you must make hidden files unhidden and remove the Read Only attribute. In Explorer, navigate to c:\windows\system32\drivers\etc Click Tools. Folder Options, View. In Advanced Settings, enable (tick) the radio button for: Show hidden files and folders Click OK. The hosts file has no extension but some system files do and it may be helpful to also see the file extensions for all the files. While you are adjusting folder View options, make file extensions visible. Click Tools, Folder Options, View. In Advanced Settings, put a check mark (tick) in the box: Hide extensions for known file types Click OK. Now the hosts file should be visible. Make a copy of the current hosts file and name the copy appropriately so you can find it later and undo any changes if the changes do not work or things get worse. Remove the Read-only attribute: Right click the hosts file, Properties, uncheck the box that says: Read-only Click OK. Now you can edit the hosts file with any text editor. Be sure to save the hosts file after making any changes. You will have to decide what is appropriate for your hosts file. The default hosts file only has one entry (and a lot of comments) so if you suspect the hosts file is part of your issue, you can delete everything but the default entry and save the file. Always reboot your system and test browsing after making any changes to the hosts file. You should make the hosts file Read-only again when you are finished making changes. Obviously some programs or malicious software do not pay attention to the attributes of a Read- only file, but it is good practice for the hosts file to be Read-only. If desired, reverse the Explorer changes to hide system files and extensions for known file types. If you feel your hosts file is beyond repair, replace the contents with the Windows default values. The default hosts file for Windows XP looks like this: # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost |
#6
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
Jose wrote:
On Dec 8, 3:03 pm, neil wrote: OS XP... I had a virus that redirected yahoo, Google, etc to another web site. Ran a scan and eliminated the virus. The C:\WINDOWS\system32\drivers\etc\hosts file was not visible when opening the etc folder. I tried to create a new hosts file and was stopped by an error that said the file already existed. I opened the etc\hosts file in the dos window and listed its contents. It was filled with yahoo / Google redirects. I tried to delete it with the dos command and was stopped by an error that said I didn't have permission... I was logged on as an administrator. Question should I boot up in protected mode and try to delete? If that doesn't work should I go into the registry???? Thanks, Neil None of the above and you don't need to waste time "trying" anything. Fix it. The hosts file is a read only, hidden system file. It is just a text file that you can manipulate with WordPad, Notepad or any text editor. Before modifying the hosts file, make a copy of the current one in case you need to restore the original. Use Notepad, not Wordpad, as the former is a pure text editor, and the latter is a (albeit very limited) word processor (if using Wordpad, he'd have to be somewhat diligent in his settings to get a pure text file :-) |
#7
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
I have the exact same issue as reported by Neil. It is a windows XP computer. When I view the c:\windows\system32\drivers\etc folder (showing hidden files) the hosts file is not there. If I open up a run prompt, and type "C:\windows\system32\drivers\etc\hosts" it does open the hosts file however. It is filled with entries that a virus left in there. If remove them and then save the hosts file it will not let me. Looking at the permissions for the "etc" folder it is set to read-only. I try changing that - it looks like it takes, but when I check the permissions again it remains at read-only. I'm logged on as administrator. When I run HijackThis - it gives you a message along the lines that the hosts file is set to ReadOnly and HJT this may NOT be able to save changes. When I attempt to remove the entires in HJT, they are simply never removed. I've tried just about anything I can think of - and am about ready to whipe the computer and start over (which would be a real shame given this is the only issue). Is there a registry entry i can make to for change the read only element? Another thing - when i open a command prompt, and list the contents of the etc directory, it does not list the hosts file. |
#8
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
"csingsaas" wrote in message ...
I have the exact same issue as reported by Neil. It is a windows XP computer. When I view the c:\windows\system32\drivers\etc folder (showing hidden files) the hosts file is not there. If I open up a run prompt, and type "C:\windows\system32\drivers\etc\hosts" it does open the hosts file however. It is filled with entries that a virus left in there. If remove them and then save the hosts file it will not let me. Looking at the permissions for the "etc" folder it is set to read-only. I try changing that - it looks like it takes, but when I check the permissions again it remains at read-only. I'm logged on as administrator. snip Try changing the read-only properties of the file itself, not the folder. Another thing - when i open a command prompt, and list the contents of the etc directory, it does not list the hosts file. Try typing "dir /a" at the command prompt. Ben |
#9
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
csingsaas wrote in
: I have the exact same issue as reported by Neil. It is a windows XP computer. When I view the c:\windows\system32\drivers\etc folder (showing hidden files) the hosts file is not there. If I open up a run prompt, and type "C:\windows\system32\drivers\etc\hosts" it does open the hosts file however. It is filled with entries that a virus left in there. If remove them and then save the hosts file it will not let me. Looking at the permissions for the "etc" folder it is set to read-only. I try changing that - it looks like it takes, but when I check the permissions again it remains at read-only. I'm logged on as administrator. When I run HijackThis - it gives you a message along the lines that the hosts file is set to ReadOnly and HJT this may NOT be able to save changes. When I attempt to remove the entires in HJT, they are simply never removed. I've tried just about anything I can think of - and am about ready to whipe the computer and start over (which would be a real shame given this is the only issue). Is there a registry entry i can make to for change the read only element? Another thing - when i open a command prompt, and list the contents of the etc directory, it does not list the hosts file. Bring up the command prompt. Then enter the following command to make the hosts file visible: attrib -R -H -S c:\windows\system32\drivers\etc\hosts Then give yourself permissions to change the file: cacls c:\windows\system32\drivins\etc\hosts /P user:F where you replace "user" with your username. HTH, John |
#10
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
On Feb 20, 12:37*pm, csingsaas
wrote: I have the exact same issue as reported by Neil. It is a windows XP computer. When I view the c:\windows\system32\drivers\etc folder (showing hidden files) the hosts file is not there. If I open up a run prompt, and type "C:\windows\system32\drivers\etc\hosts" it does open the hosts file however. It is filled with entries that a virus left in there. If remove them and then save the hosts file it will not let me. Looking at the permissions for the "etc" folder it is set to read-only. I try changing that - it looks like it takes, but when I check the permissions again it remains at read-only. I'm logged on as administrator. When I run HijackThis - it gives you a message along the lines that the hosts file is set to ReadOnly and HJT this may NOT be able to save changes. When I attempt to remove the entires in HJT, they are simply never removed. I've tried just about anything I can think of - and am about ready to whipe the computer and start over (which would be a real shame given this is the only issue). Is there a registry entry i can make to for change the read only element? Another thing - when i open a command prompt, and list the contents of the etc directory, it does not list the hosts file. Sounds like you are still infected - one of the redirect things tampers with the hosts file. Malware thinks of ways to prevent you from finding and removing it. First it screws up your hosts file and sends you places you don't want to go and then fixes your system so you can't get to the hosts file to fix it. You need to remove the malware first, then fix the hosts file if it still needs fixin'. Not the other way around. Perform some scans for malicious software, then fix any remaining issues: Download, install, update and do a full scan with these free malware detection programs: Malwarebytes (MBAM): http://malwarebytes.org/ SUPERAntiSpywa (SAS): http://www.superantispyware.com/ They can be uninstalled later if desired. |
#11
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
Ben - The file does not appear to be there when I though windows explorer or list the directory contents in the command prompt. However, when I try to open the hosts file from the run prompt it opens and displays its contents. I do have the directory view set-up to view hidden files. Cody Ben Myers;1181933 Wrote: "csingsaas" wrote in message ... I have the exact same issue as reported by Neil. It is a windows XP computer. When I view the c:\windows\system32\drivers\etc folder (showing hidden files) the hosts file is not there. If I open up a run prompt, and type "C:\windows\system32\drivers\etc\hosts" it does open the hosts file however. It is filled with entries that a virus left in there. If remove them and then save the hosts file it will not let me. Looking at the permissions for the "etc" folder it is set to read-only. I try changing that - it looks like it takes, but when I check the permissions again it remains at read-only. I'm logged on as administrator. snip Try changing the read-only properties of the file itself, not the folder. Another thing - when i open a command prompt, and list the contents of the etc directory, it does not list the hosts file. Try typing "dir /a" at the command prompt. Ben |
#12
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
I have already run Malwarebtyes - it said it cleaned up the infection. Scans are coming back as clean. I'll try the other suggestion and see if that works. I did not try SuperAntiSpyware - so maybe that is worth a go also. Jose;1182005 Wrote: On Feb 20, 12:37*pm, csingsaas wrote: I have the exact same issue as reported by Neil. It is a windows XP computer. When I view the c:\windows\system32\drivers\etc folder (showing hidden files) the hosts file is not there. If I open up a run prompt, and type "C:\windows\system32\drivers\etc\hosts" it does open the hosts file however. It is filled with entries that a virus left in there. If remove them and then save the hosts file it will not let me. Looking at the permissions for the "etc" folder it is set to read-only. I try changing that - it looks like it takes, but when I check the permissions again it remains at read-only. I'm logged on as administrator. When I run HijackThis - it gives you a message along the lines that the hosts file is set to ReadOnly and HJT this may NOT be able to save changes. When I attempt to remove the entires in HJT, they are simply never removed. I've tried just about anything I can think of - and am about ready to whipe the computer and start over (which would be a real shame given this is the only issue). Is there a registry entry i can make to for change the read only element? Another thing - when i open a command prompt, and list the contents of the etc directory, it does not list the hosts file. Sounds like you are still infected - one of the redirect things tampers with the hosts file. Malware thinks of ways to prevent you from finding and removing it. First it screws up your hosts file and sends you places you don't want to go and then fixes your system so you can't get to the hosts file to fix it. You need to remove the malware first, then fix the hosts file if it still needs fixin'. Not the other way around. Perform some scans for malicious software, then fix any remaining issues: Download, install, update and do a full scan with these free malware detection programs: Malwarebytes (MBAM): http://malwarebytes.org/ SUPERAntiSpywa (SAS): http://www.superantispyware.com/ They can be uninstalled later if desired. |
#13
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
To follow-up, the suggestion below worked. The first part (to make the file visible) didn't work because it said it didn't have permissions. But the 2nd part worked great and allowed me to save changes. I suppose I could now do the command to make it visible now that I fixed the permissions. Thanks! John Wunderlich;1181991 Wrote: Bring up the command prompt. Then enter the following command to make the hosts file visible: attrib -R -H -S c:\windows\system32\drivers\etc\hosts Then give yourself permissions to change the file: cacls c:\windows\system32\drivins\etc\hosts /P user:F where you replace "user" with your username. HTH, John |
#14
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file
csingsaas wrote in
: John Wunderlich;1181991 Wrote: Bring up the command prompt. Then enter the following command to make the hosts file visible: attrib -R -H -S c:\windows\system32\drivers\etc\hosts Then give yourself permissions to change the file: cacls c:\windows\system32\drivers\etc\hosts /P user:F where you replace "user" with your username. HTH, John To follow-up, the suggestion below worked. The first part (to make the file visible) didn't work because it said it didn't have permissions. But the 2nd part worked great and allowed me to save changes. I suppose I could now do the command to make it visible now that I fixed the permissions. Thanks! Thanks for the feedback. Glad it worked. Yeah, I suppose I got the order wrong. -- John |
#15
|
|||
|
|||
Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts fil
i did this and no change - still locked
"John John - MVP" wrote: neil wrote: OS XP... I had a virus that redirected yahoo, Google, etc to another web site. Ran a scan and eliminated the virus. The C:\WINDOWS\system32\drivers\etc\hosts file was not visible when opening the etc folder. I tried to create a new hosts file and was stopped by an error that said the file already existed. I opened the etc\hosts file in the dos window and listed its contents. It was filled with yahoo / Google redirects. I tried to delete it with the dos command and was stopped by an error that said I didn't have permission... I was logged on as an administrator. Question should I boot up in protected mode and try to delete? If that doesn't work should I go into the registry???? This has nothing to do with the registry. Your permissions on the file have simply been revoked or you have been explicitly denied permission to the file. Try granting yourself full control on the file. At the command prompt issue these commands and see if things change: cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G Administrators:F cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G "Your User Name":F If you have spaces in your user name you must use the "quotation marks" John . |
|
Thread Tools | |
Display Modes | |
|
|