Windows XP Corrupt (Hacked) Hosts file.

Yes, I totally agree, I don't even know quite why I even mentioned it in
the first place.

I always just set the following FOUR settings in "Folder Options" "View"
(tab) :


Display the contents of system folders = {Uncheck box}

Hidden files and folders -
Show hidden files and folders = {Select radio button}

Hide extensions for known file types = {Uncheck box}

Hide protected operating system files (Recommended) = {Uncheck box}


....in fact, I wrote a batch file that automatically does this for me and
can also reverse the process and re-set the values back again.....


------------------- copy between lines -------------------

@echo off
SETLOCAL
if %1]==] goto USAGE
if %1]==/?] goto USAGE
if %1]==0] goto SHOW
if %1]==1] goto HIDE
echo.
echo Invalid switch - %1
echo.
goto :END

:USAGE
echo.
echo Automatically sets / re-sets Show Hidden files in Explorer.
echo.
echo HIDDEN [0] [1]
echo.
echo 0 - Show hidden files and folders.
echo 1 - Hide hidden files and folders.
echo.
goto :EOF

:SHOW
echo.
echo Showing hidden files ^& folders...
echo.
set RGTMP=HKCU\Software\Microsoft\Windows\CurrentVersi on\Explorer\Advanced
reg ADD %RGTMP% /v WebViewBarricade /t REG_DWORD /d 1 /f
reg ADD %RGTMP% /v "Hidden" /t REG_DWORD /d 1 /f
reg ADD %RGTMP% /v "HideFileExt" /t REG_DWORD /d 0 /f
reg ADD %RGTMP% /v "ShowSuperHidden" /t REG_DWORD /d 1 /f
echo done.
echo.
goto :EOF

:HIDE
echo.
echo Hiding hidden files ^& folders...
echo.
set RGTMP=HKCU\Software\Microsoft\Windows\CurrentVersi on\Explorer\Advanced
reg ADD %RGTMP% /v WebViewBarricade /t REG_DWORD /d 0 /f
reg ADD %RGTMP% /v "Hidden" /t REG_DWORD /d 2 /f
reg ADD %RGTMP% /v "HideFileExt" /t REG_DWORD /d 1 /f
reg ADD %RGTMP% /v "ShowSuperHidden" /t REG_DWORD /d 0 /f
echo done.
echo.

------------------- copy between lines -------------------

*NB The lines that begin with "reg" may not show up here correctly due to
the line-wrap of this post. Please ensure that each command line that
begin with "reg" also ends with "/f".


==

Cheers, Tim Meddick, Peckham, London. :-)




"dadiOH" wrote in message
...
Tim Meddick wrote:
Would that be at all relevant to the hosts file since it has no file
extension?

==

Cheers, Tim Meddick, Peckham, London. :-)


Maybe, maybe not but it can't hurt and "Hide protected operating system
files" is definitely relavent.


dadiOH
______________

"dadiOH" wrote in message
...
jhill wrote:

I have identified the problem as a corrupt (hacked) hosts file. If
I enter the command C:\WINDOWS\system32\drivers\etc\hosts I can
access the hosts file and open it in wordpad.

Note that without actually typing in the file path the hosts file
cannot be accessed. It is not visible in windows explorer even
after changing the folder options to "show hidden files and folders"

Also *untick* "Hide extensions for known file types", "Hide
extensions for known file types" and "Hide protected operating
system files" (Control panel-Folder options-View).


--

dadiOH
____________________________

dadiOH's dandies v3.06...
...a help file of info about MP3s, recording from
LP/cassette and tips & tricks on this and that.
Get it at http://mysite.verizon.net/xico

P.S. Maybe I don't really need to say this, but, you will have to close
then re-open Windows Explorer for the change to take effect after each time
you run the batch file.

==

Cheers, Tim Meddick, Peckham, London. :-)

On Wed, 2 Mar 2011 17:28:30 -0600, jhill
wrote:

Once open I can see almost 2 pages worth of entries of various google,
yahoo and bing sites re-routing the browser to an unknown location
explaining the problem. I know what the problem is, but I can’t fix it.
I have tried deleting the hijacked entries in wordpad, but cannot
re-save the file as I get an authorization error.

As the file is not visible in windows explorer I cannot remove the
“read-only” format. I have tried to overwrite the file, with a pure
hosts file taken from a different computer; again I get an authorization
failure. I have tried running the following codes to regain
administrator rights

cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G Administrators:F
cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G admin:F (admin
is the username)

Both codes produced authorization failure errors. I do have full
administrator credentials with this login.

I have run Malwarebytes and SuperAnti Spyware and have removed several
errors; however all of the above problems still remain.

I have run HijackThis, and am informed that the Hijack this does not
have “write” access to the hosts file and although it finds the hijacked
lines in the hosts file, it cannot remove them. Hence all the above
problems remain.

I have tried booting the computer in Safe Mode to gain access over the
hosts file, but even in Safe Mode the file is not visible in windows
explorer and unchangeable and is exactly the same as the above issues in
Normal Mode.

I have tried deleting the entire etc folder, but cannot due to
authorization failure.

What else can I try? Any other ideas out there to fix this problem?



How do I reset the hosts file back to the default?

http://support.microsoft.com/kb/972034