If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Windows XP Corrupt (Hacked) Hosts file.
Yes, I totally agree, I don't even know quite why I even mentioned it in the first place. I always just set the following FOUR settings in "Folder Options" "View" (tab) : Display the contents of system folders = {Uncheck box} Hidden files and folders - Show hidden files and folders = {Select radio button} Hide extensions for known file types = {Uncheck box} Hide protected operating system files (Recommended) = {Uncheck box} ....in fact, I wrote a batch file that automatically does this for me and can also reverse the process and re-set the values back again..... ------------------- copy between lines ------------------- @echo off SETLOCAL if %1]==] goto USAGE if %1]==/?] goto USAGE if %1]==0] goto SHOW if %1]==1] goto HIDE echo. echo Invalid switch - %1 echo. goto :END :USAGE echo. echo Automatically sets / re-sets Show Hidden files in Explorer. echo. echo HIDDEN [0] [1] echo. echo 0 - Show hidden files and folders. echo 1 - Hide hidden files and folders. echo. goto :EOF :SHOW echo. echo Showing hidden files ^& folders... echo. set RGTMP=HKCU\Software\Microsoft\Windows\CurrentVersi on\Explorer\Advanced reg ADD %RGTMP% /v WebViewBarricade /t REG_DWORD /d 1 /f reg ADD %RGTMP% /v "Hidden" /t REG_DWORD /d 1 /f reg ADD %RGTMP% /v "HideFileExt" /t REG_DWORD /d 0 /f reg ADD %RGTMP% /v "ShowSuperHidden" /t REG_DWORD /d 1 /f echo done. echo. goto :EOF :HIDE echo. echo Hiding hidden files ^& folders... echo. set RGTMP=HKCU\Software\Microsoft\Windows\CurrentVersi on\Explorer\Advanced reg ADD %RGTMP% /v WebViewBarricade /t REG_DWORD /d 0 /f reg ADD %RGTMP% /v "Hidden" /t REG_DWORD /d 2 /f reg ADD %RGTMP% /v "HideFileExt" /t REG_DWORD /d 1 /f reg ADD %RGTMP% /v "ShowSuperHidden" /t REG_DWORD /d 0 /f echo done. echo. ------------------- copy between lines ------------------- *NB The lines that begin with "reg" may not show up here correctly due to the line-wrap of this post. Please ensure that each command line that begin with "reg" also ends with "/f". == Cheers, Tim Meddick, Peckham, London. :-) "dadiOH" wrote in message ... Tim Meddick wrote: Would that be at all relevant to the hosts file since it has no file extension? == Cheers, Tim Meddick, Peckham, London. :-) Maybe, maybe not but it can't hurt and "Hide protected operating system files" is definitely relavent. dadiOH ______________ "dadiOH" wrote in message ... jhill wrote: I have identified the problem as a corrupt (hacked) hosts file. If I enter the command C:\WINDOWS\system32\drivers\etc\hosts I can access the hosts file and open it in wordpad. Note that without actually typing in the file path the hosts file cannot be accessed. It is not visible in windows explorer even after changing the folder options to "show hidden files and folders" Also *untick* "Hide extensions for known file types", "Hide extensions for known file types" and "Hide protected operating system files" (Control panel-Folder options-View). -- dadiOH ____________________________ dadiOH's dandies v3.06... ...a help file of info about MP3s, recording from LP/cassette and tips & tricks on this and that. Get it at http://mysite.verizon.net/xico |
Ads |
#17
|
|||
|
|||
Windows XP Corrupt (Hacked) Hosts file.
P.S. Maybe I don't really need to say this, but, you will have to close
then re-open Windows Explorer for the change to take effect after each time you run the batch file. == Cheers, Tim Meddick, Peckham, London. :-) |
#18
|
|||
|
|||
Windows XP Corrupt (Hacked) Hosts file.
On Wed, 2 Mar 2011 17:28:30 -0600, jhill
wrote: Once open I can see almost 2 pages worth of entries of various google, yahoo and bing sites re-routing the browser to an unknown location explaining the problem. I know what the problem is, but I can’t fix it. I have tried deleting the hijacked entries in wordpad, but cannot re-save the file as I get an authorization error. As the file is not visible in windows explorer I cannot remove the “read-only” format. I have tried to overwrite the file, with a pure hosts file taken from a different computer; again I get an authorization failure. I have tried running the following codes to regain administrator rights cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G Administrators:F cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G admin:F (admin is the username) Both codes produced authorization failure errors. I do have full administrator credentials with this login. I have run Malwarebytes and SuperAnti Spyware and have removed several errors; however all of the above problems still remain. I have run HijackThis, and am informed that the Hijack this does not have “write” access to the hosts file and although it finds the hijacked lines in the hosts file, it cannot remove them. Hence all the above problems remain. I have tried booting the computer in Safe Mode to gain access over the hosts file, but even in Safe Mode the file is not visible in windows explorer and unchangeable and is exactly the same as the above issues in Normal Mode. I have tried deleting the entire etc folder, but cannot due to authorization failure. What else can I try? Any other ideas out there to fix this problem? How do I reset the hosts file back to the default? http://support.microsoft.com/kb/972034 |
|
Thread Tools | |
Display Modes | |
|
|