can't fix with S&D > hosts file problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by annmartinson, Oct 9, 2009.

  1. annmartinson

    annmartinson Private E-2

    I have successfully gotten all the bad stuff off this machine except the 'hosts' file problem. Running Windows XP Home. It started out with AntiVirus 2009 and who knows what else. Lots of stuff.

    When I start Hijackthis it says >>
    ---------------------

    For some reason your system denied write access to the Hosts file. If any hijacked domains are in the file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
    notepad C:\WINDOWS\System32\drivers\etc\hosts
    and press Enter. Find the line(s) Hijackthis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot. For Vista: simply exit Hijackthis, right click on the Hijackthis icon, choose 'Run as administrator.'

    ---------------------

    I have tried following these directions and using notepad to edit this file. I managed this fine. Before I got the viruses taken care of, every time I edited the 'hosts.' file, it came back again. Now that the viruses are clean, the file it is telling me to look at is blank, BUT, when I run Hijackthis, it still shows about 100 redirect entries. I don't know where else it might be getting them.

    Spybot S & D is finding one last thing on re-start/re-run. It is called FraudWindowsProtectionSuite (12 entries) ... when I tell it to fix it, I get the error "Unexpected error in fixing problems. (Cannot create file "C:\WINDOWS\System32\drivers\etc\'hosts'. Access is denied).

    One of the things I tried was to take ownership of the entire C drive for Administrators ... this machine only has one user and it is a member of this user group, so I thought maybe that would fix. Then I made sure SYSTEM had full read/write/modify rights to the entire drive also. This isn't fixing it.

    I am a support tech with a moderate amount of experience, I've done this cleanup process many times (50+). I follow your majorgeeks list every time. I use Hijackthis regularly and I have never seen this notice before.

    I'm hoping someone can give me a solution or more clues about how to fix this problem.
     
    annmartinson, Oct 9, 2009
    #1
  2. annmartinson

    annmartinson Private E-2

    figured it out!
    ran a search for just hosts it showed one 'hosts.' and one hosts (no quotes). Only one was there before (C:\WINDOWS\System32\drivers\etc\). the plain one had all the redirects in it. so I copied the good one over the top of it, ran Hijack This and now it is all good. no error

    yeah!
     
    annmartinson, Oct 10, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.
     
    TimW, Oct 14, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds