Can't delete corrupt C:\WINDOWS\system32\drivers\etc\hosts file

  • Thread starter Thread starter csingsaas
  • Start date Start date
C

csingsaas

Guest
I have the exact same issue as reported by Neil. It is a windows XP

computer.



When I view the c:\windows\system32\drivers\etc folder (showing hidden

files) the hosts file is not there. If I open up a run prompt, and type

"C:\windows\system32\drivers\etc\hosts" it does open the hosts file

however. It is filled with entries that a virus left in there. If remove

them and then save the hosts file it will not let me. Looking at the

permissions for the "etc" folder it is set to read-only. I try changing

that - it looks like it takes, but when I check the permissions again it

remains at read-only. I'm logged on as administrator.



When I run HijackThis - it gives you a message along the lines that the

hosts file is set to ReadOnly and HJT this may NOT be able to save

changes. When I attempt to remove the entires in HJT, they are simply

never removed.



I've tried just about anything I can think of - and am about ready to

whipe the computer and start over (which would be a real shame given

this is the only issue).



Is there a registry entry i can make to for change the read only

element?



Another thing - when i open a command prompt, and list the contents of

the etc directory, it does not list the hosts file.
 
"csingsaas" wrote in message news:csingsaas.46qhs0@no.email.invalid...

> I have the exact same issue as reported by Neil. It is a windows XP

> computer.

> When I view the c:\windows\system32\drivers\etc folder (showing hidden

> files) the hosts file is not there. If I open up a run prompt, and type

> "C:\windows\system32\drivers\etc\hosts" it does open the hosts file

> however. It is filled with entries that a virus left in there. If remove

> them and then save the hosts file it will not let me. Looking at the

> permissions for the "etc" folder it is set to read-only. I try changing

> that - it looks like it takes, but when I check the permissions again it

> remains at read-only. I'm logged on as administrator.





Try changing the read-only properties of the file itself, not the folder.



> Another thing - when i open a command prompt, and list the contents of

> the etc directory, it does not list the hosts file.



Try typing "dir /a" at the command prompt.



Ben
 
csingsaas wrote in

news:csingsaas.46qhs0@no.email.invalid:



>

> I have the exact same issue as reported by Neil. It is a windows

> XP computer.

>

> When I view the c:\windows\system32\drivers\etc folder (showing

> hidden files) the hosts file is not there. If I open up a run

> prompt, and type "C:\windows\system32\drivers\etc\hosts" it does

> open the hosts file however. It is filled with entries that a

> virus left in there. If remove them and then save the hosts file

> it will not let me. Looking at the permissions for the "etc"

> folder it is set to read-only. I try changing that - it looks like

> it takes, but when I check the permissions again it remains at

> read-only. I'm logged on as administrator.

>

> When I run HijackThis - it gives you a message along the lines

> that the hosts file is set to ReadOnly and HJT this may NOT be

> able to save changes. When I attempt to remove the entires in HJT,

> they are simply never removed.

>

> I've tried just about anything I can think of - and am about ready

> to whipe the computer and start over (which would be a real shame

> given this is the only issue).

>

> Is there a registry entry i can make to for change the read only

> element?

>

> Another thing - when i open a command prompt, and list the

> contents of the etc directory, it does not list the hosts file.

>

>



Bring up the command prompt.

Then enter the following command to make the hosts file visible:

attrib -R -H -S c:\windows\system32\drivers\etc\hosts

Then give yourself permissions to change the file:

cacls c:\windows\system32\drivins\etc\hosts /P user:F

where you replace "user" with your username.



HTH,

John
 
On Feb 20, 12:37 pm, csingsaas

wrote:

> I have the exact same issue as reported by Neil. It is a windows XP

> computer.

>

> When I view the c:\windows\system32\drivers\etc folder (showing hidden

> files) the hosts file is not there. If I open up a run prompt, and type

> "C:\windows\system32\drivers\etc\hosts" it does open the hosts file

> however. It is filled with entries that a virus left in there. If remove

> them and then save the hosts file it will not let me. Looking at the

> permissions for the "etc" folder it is set to read-only. I try changing

> that - it looks like it takes, but when I check the permissions again it

> remains at read-only. I'm logged on as administrator.

>

> When I run HijackThis - it gives you a message along the lines that the

> hosts file is set to ReadOnly and HJT this may NOT be able to save

> changes. When I attempt to remove the entires in HJT, they are simply

> never removed.

>

> I've tried just about anything I can think of - and am about ready to

> whipe the computer and start over (which would be a real shame given

> this is the only issue).

>

> Is there a registry entry i can make to for change the read only

> element?

>

> Another thing - when i open a command prompt, and list the contents of

> the etc directory, it does not list the hosts file.



Sounds like you are still infected - one of the redirect things

tampers with the hosts file.



Malware thinks of ways to prevent you from finding and removing it.

First it screws up your hosts file and sends you places you don't want

to go and then fixes your system so you can't get to the hosts file to

fix it. You need to remove the malware first, then fix the hosts file

if it still needs fixin'. Not the other way around.



Perform some scans for malicious software, then fix any remaining

issues:



Download, install, update and do a full scan with these free malware

detection programs:



Malwarebytes (MBAM): http://malwarebytes.org/

SUPERAntiSpyware: (SAS): http://www.superantispyware.com/



They can be uninstalled later if desired.
 
Ben -

The file does not appear to be there when I though windows explorer or

list the directory contents in the command prompt. However, when I try

to open the hosts file from the run prompt it opens and displays its

contents. I do have the directory view set-up to view hidden files.





Cody





Ben Myers;1181933 Wrote:

> "csingsaas" wrote in message

> news:csingsaas.46qhs0@no.email.invalid...

> > I have the exact same issue as reported by Neil. It is a windows XP

> > computer.

> > When I view the c:\windows\system32\drivers\etc folder (showing

> hidden

> > files) the hosts file is not there. If I open up a run prompt, and

> type

> > "C:\windows\system32\drivers\etc\hosts" it does open the hosts file

> > however. It is filled with entries that a virus left in there. If

> remove

> > them and then save the hosts file it will not let me. Looking at the

> > permissions for the "etc" folder it is set to read-only. I try

> changing

> > that - it looks like it takes, but when I check the permissions again

> it

> > remains at read-only. I'm logged on as administrator.

>

>

> Try changing the read-only properties of the file itself, not the

> folder.

>

> > Another thing - when i open a command prompt, and list the contents

> of

> > the etc directory, it does not list the hosts file.

>

> Try typing "dir /a" at the command prompt.

>

> Ben
 
I have already run Malwarebtyes - it said it cleaned up the infection.

Scans are coming back as clean. I'll try the other suggestion and see if

that works.



I did not try SuperAntiSpyware - so maybe that is worth a go also.





Jose;1182005 Wrote:

> On Feb 20, 12:37*pm, csingsaas

> wrote:

> > I have the exact same issue as reported by Neil. It is a windows XP

> > computer.

> >

> > When I view the c:\windows\system32\drivers\etc folder (showing

> hidden

> > files) the hosts file is not there. If I open up a run prompt, and

> type

> > "C:\windows\system32\drivers\etc\hosts" it does open the hosts file

> > however. It is filled with entries that a virus left in there. If

> remove

> > them and then save the hosts file it will not let me. Looking at the

> > permissions for the "etc" folder it is set to read-only. I try

> changing

> > that - it looks like it takes, but when I check the permissions again

> it

> > remains at read-only. I'm logged on as administrator.

> >

> > When I run HijackThis - it gives you a message along the lines that

> the

> > hosts file is set to ReadOnly and HJT this may NOT be able to save

> > changes. When I attempt to remove the entires in HJT, they are

> simply

> > never removed.

> >

> > I've tried just about anything I can think of - and am about ready

> to

> > whipe the computer and start over (which would be a real shame given

> > this is the only issue).

> >

> > Is there a registry entry i can make to for change the read only

> > element?

> >

> > Another thing - when i open a command prompt, and list the contents

> of

> > the etc directory, it does not list the hosts file.

>

> Sounds like you are still infected - one of the redirect things

> tampers with the hosts file.

>

> Malware thinks of ways to prevent you from finding and removing it.

> First it screws up your hosts file and sends you places you don't want

> to go and then fixes your system so you can't get to the hosts file to

> fix it. You need to remove the malware first, then fix the hosts file

> if it still needs fixin'. Not the other way around.

>

> Perform some scans for malicious software, then fix any remaining

> issues:

>

> Download, install, update and do a full scan with these free malware

> detection programs:

>

> Malwarebytes (MBAM): http://malwarebytes.org/

> SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

>

> They can be uninstalled later if desired.
 
To follow-up, the suggestion below worked. The first part (to make the

file visible) didn't work because it said it didn't have permissions.

But the 2nd part worked great and allowed me to save changes.



I suppose I could now do the command to make it visible now that I

fixed the permissions. Thanks!



John Wunderlich;1181991 Wrote:

>

> Bring up the command prompt.

> Then enter the following command to make the hosts file visible:

> attrib -R -H -S c:\windows\system32\drivers\etc\hosts

> Then give yourself permissions to change the file:

> cacls c:\windows\system32\drivins\etc\hosts /P user:F

> where you replace "user" with your username.

>

> HTH,

> John
 
csingsaas wrote in

news:csingsaas.46t1db@no.email.invalid:



> John Wunderlich;1181991 Wrote:

>>

>> Bring up the command prompt.

>> Then enter the following command to make the hosts file visible:

>> attrib -R -H -S c:\windows\system32\drivers\etc\hosts

>> Then give yourself permissions to change the file:

>> cacls c:\windows\system32\drivers\etc\hosts /P user:F

>> where you replace "user" with your username.

>>

>> HTH,

>> John

>

> To follow-up, the suggestion below worked. The first part (to make

> the file visible) didn't work because it said it didn't have

> permissions. But the 2nd part worked great and allowed me to save

> changes.

>

> I suppose I could now do the command to make it visible now that I

> fixed the permissions. Thanks!

>



Thanks for the feedback. Glad it worked.

Yeah, I suppose I got the order wrong.



-- John
 
You must log in or register to reply here.
Back
Top