Hosts File Problem

Discussion in 'Software' started by asj94553, Oct 18, 2004.

  1. asj94553

    asj94553 Private E-2

    For some reason my hosts file is 0 bytes but when I try to add to it, rename it, or try to delete it - I can't. It says it is in use by someone or another program. What's up?
     
    asj94553, Oct 18, 2004
    #1
  2. billH

    billH Master Sergeant

    Howdy asj :) What os are you running? What antivirus? Firewall? Spyware detectors? All of these things may have something to do with your hosts file. You might have a virus, trojan or hijacker. Info please :)
     
    billH, Oct 18, 2004
    #2
  3. asj94553

    asj94553 Private E-2

    I am running Windows XP with Service pack 2, I have spybot, spyhunter, and adaware 6
     
    asj94553, Oct 18, 2004
    #3
  4. billH

    billH Master Sergeant

    Those are all good proggies. Have you tried running spybot and then using "advanced" mode to take a look at your hosts file? For advanced mode go to toolbar and click on "mode", then "advanced." Advanced mode will look like the pic below. Click on hosts file and take a look.
     

    Attached Files:

    billH, Oct 18, 2004
    #4
  5. asj94553

    asj94553 Private E-2

    When I go to the spybot advanced - the host file is empty - I tried the 'add spybot host file option and this came up:

    Red X in a box (won't let me copy it)

    Datei "C:\Windows\system32\drivers\etc\hosts" kann nicht erstellt weden. This process cannot access the file because it is being used by another process.

    This is very weird - I also have Stopzilla on my PC and Norton AntiVirus
     
    asj94553, Oct 18, 2004
    #5
  6. asj94553

    asj94553 Private E-2

    Spybot-S&D process list report, 10/18/2004 7:43:57 PM

    PID: 0 ( 0) [System]
    PID: 4 ( 0) System
    PID: 240 (1384) alg.exe
    PID: 360 (1384) svchost.exe
    PID: 508 (2648) C:\Program Files\winzip\WZQKPICK.EXE
    PID: 660 (2648) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    PID: 692 (1384) C:\Windows\system32\spoolsv.exe
    PID: 800 (1384) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PID: 816 (1384) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    PID: 864 (1384) C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    PID: 876 ( 4) \SystemRoot\System32\smss.exe
    PID: 908 (1384) C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    PID: 936 (1384) C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    PID: 1016 ( 876) csrss.exe
    PID: 1056 ( 876) \??\C:\Windows\system32\winlogon.exe
    PID: 1180 (1384) C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    PID: 1232 (1384) C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    PID: 1280 (1384) C:\Windows\System32\svchost.exe
    PID: 1312 (1384) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    PID: 1384 (1056) C:\Windows\system32\services.exe
    PID: 1396 (1056) C:\Windows\system32\lsass.exe
    PID: 1476 (2648) C:\Program Files\Internet Explorer\iexplore.exe
    PID: 1564 (1384) C:\Windows\system32\svchost.exe
    PID: 1624 (1384) svchost.exe
    PID: 1816 (1384) C:\Windows\System32\svchost.exe
    PID: 1884 (1384) C:\Program Files\STOPzilla!\szntsvc.exe
    PID: 1980 (1384) svchost.exe
    PID: 2476 (2648) C:\Program Files\TechSmith\SnagIt 6\SnagIt32.exe
    PID: 2648 (2516) C:\Windows\Explorer.EXE
    PID: 2772 (2648) C:\Windows\system32\ltmsg.exe
    PID: 2784 (2648) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PID: 2800 (2648) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    PID: 2808 (2648) C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    PID: 2820 (2648) C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    PID: 3148 (2648) C:\Windows\system32\WDBtnMgr.exe
    PID: 3220 (2648) C:\Program Files\WDC\CR\SetIcon.exe
    PID: 3260 (2648) C:\Program Files\safe-share\SafeShare.exe
    PID: 3376 (2648) C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    PID: 3524 (2648) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PID: 3664 (2648) C:\Program Files\QuickTime\qttask.exe
    PID: 3708 (2648) C:\Windows\system32\atiptaxx.exe
    PID: 3768 (2648) C:\Windows\SM1BG.EXE
    PID: 3804 (2648) C:\Program Files\Compaq\EAB\EabServr.exe
    PID: 3832 (2648) C:\Program Files\STOPzilla!\Stopzilla.exe
    PID: 3840 (2648) C:\Program Files\Messenger\msmsgs.exe
    PID: 3908 (2648) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    PID: 3964 (2648) C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE


    This is my process list - do you know what some of the system32 entries are?
     
    asj94553, Oct 18, 2004
    #6
  7. Matacumbie

    Matacumbie Rocky Top

    This is a CWS infection. You can try the latest version of CWShredder (2.0) here, http://www.majorgeeks.com/download4086.html

    Also, make sure you have the latest version of SpyBot, http://majorgeeks.com/download2471.html

    If this does not solve your problem, start here http://forums.majorgeeks.com/showthread.php?t=35407

    The guy's in Spyware Specific can help.

    Steve
     
    Matacumbie, Oct 19, 2004
    #7
  8. asj94553

    asj94553 Private E-2

    Thanks for your help - I will go to the forum - it did find some CW dll but I still have the problem so I will go through the steps indicated on the web forum - thanks again
     
    asj94553, Oct 19, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds