BleepingComputer.com: changed hosts file

Hi,

My first post here altho I have read quite a few posts and that have helped me to fix my problems before. So, good job guys!

This time I could not fix my problem on my own. My kid reported that he could not use www.google.se any more. It results in a 404 page not found nginx page.

The problem is only on one computer at home, and i have located it to the hosts file. The idea for that came from another post on the forum. I cannot change the hosts-file and i tried to run point 17,18 from this guide: here, but am not allowed to delete or replace the hosts file.

the hosts file has these entries added to them, and i dont know how they got there, so not only need I help to restore it, but also check for the source that did the modifications.

209.97.213.114 google.com
209.97.213.114 google.com.au
209.97.213.114 www.google.com.au
209.97.213.114 google.be
209.97.213.114 www.google.be
209.97.213.114 google.com.br
209.97.213.114 www.google.com.br
209.97.213.114 google.ca
209.97.213.114 www.google.ca
209.97.213.114 google.ch
209.97.213.114 www.google.ch
209.97.213.114 google.de
209.97.213.114 www.google.de
209.97.213.114 google.dk
209.97.213.114 www.google.dk
209.97.213.114 google.fr
209.97.213.114 www.google.fr
209.97.213.114 google.ie
209.97.213.114 www.google.ie
209.97.213.114 google.it
209.97.213.114 www.google.it
209.97.213.114 google.co.jp
209.97.213.114 www.google.co.jp
209.97.213.114 google.nl
209.97.213.114 www.google.nl
209.97.213.114 google.no
209.97.213.114 www.google.no
209.97.213.114 google.co.nz
209.97.213.114 www.google.co.nz
209.97.213.114 google.pl
209.97.213.114 www.google.pl
209.97.213.114 google.se
209.97.213.114 www.google.se
209.97.213.114 google.co.uk

209.97.213.114 google.co.za
209.97.213.114 www.google.co.za

209.97.213.114 www.bing.com
209.97.213.114 search.yahoo.com
209.97.213.114 www.search.yahoo.com
209.97.213.114 uk.search.yahoo.com
209.97.213.114 ca.search.yahoo.com
209.97.213.114 de.search.yahoo.com
209.97.213.114 fr.search.yahoo.com
209.97.213.114 au.search.yahoo.com

Thanks a lot in advance.

Give this a try: How do I reset the hosts file?

didn't work. I cannot rename or move the hosts file. The automatic FixIt did not change the file either.

What Operating System are you using?

Win7

Navigate to c:\windows\system32\drivers\etc\ right click on the hosts file select properties and uncheck read only. Now double click it and when open with comes up hit Notepad and take out those entries leaving 127.0.0.1 localhost. Hit save and it should work.

I have tried that too.

I get first a warning "You have to use admin rights to do this", and I click continue.
Next dialog says "It was not possible to execute the request. Access denied".

Messages freely translated from Swedish

My account has Administrator rights.
The OS is Win 7 Home Premium 32 bit.

Then go to Accessories via All Programs and right click on Command Prompt and click Run As Administrator.

After that type in

cd c:\windows\system32\drivers\etc

dir

attrib -h hosts

edit hosts

or

notepad hosts

Another option is to try replacing it with a customized HOSTS file but do as cryptodan instructs first.

To add a customized HOSTS file to your system, do this:

Please read Blocking Unwanted Parasites with a Hosts File, then download hosts.zip, save it to your Desktop and follow these instructions to install the MVPS HOSTS File.

• Extract (unzip) the file to its own folder C:\hosts. (click here if you're not sure how to do this. Vista users refer to these instructions.)
  
• Open up the hosts folder and double-click on the mvps.bat file to run the script.
  
• When running the mvps.bat file you may see a DOS window indicating the Previous version was saved and renamed...Press any key to continue...
  
• Press any key and the DOS windows will close.
  
• The script will rename your present HOSTS file to HOSTS.MVP and copy the new HOSTS file to the correct location on your system.
  
• If any installed security programs provide an alert about changes to the HOSTS file, allow the change.
  
• You may have to overwrite the hosts file in Safe Mode if you get "an access denied message" when trying to do it in normal mode.

If you encounter a problem with the zipped version, try using an alternative zipping tool like 7zip or ExtractNow. If you still encounter problems, then use the MVPS HOSTS File text version. Go to File in the top menu and select "Save As", then save hosts.txt to your desktop. Rename it hosts without an extension. Go to the folder containing your existing HOSTS file and rename it HOSTS.MVP. Then copy the hosts file on your desktop into the same folder where you renamed the existing file.

Important Note: If using Vista or Windows 7, be aware that they require special instructions.

• Updating the HOSTS file in Windows Vista
  
• Updating the HOSTS file in Windows 7

Tried cryptodans instructions - didn't work. Edit the file could not be done, because it was write protected.

Tried quitman7's tips. The bat-file could not access the file, no replacement was done. Tried also to do this in Safe Mode, but the file wasn't replaced this time either.

Then I am starting to believe that you are not running the commands via the right click method. All of these methods should have worked.

Try right clicking on the file then go to properties and uncheck the box that says Read Only.

I am running the commands as instructed.

I rightclick cmd.exe, run as administrator, but the command attrib -h hosts does not affect the file attributes.

Here is a clip (it is swedish..):

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. Med ensamrätt.

C:\Windows\system32>cd c:\windows\system32\drivers\etc

c:\Windows\System32\drivers\etc>dir
Volymen i enhet C har ingen etikett.
Volymens serienummer är FC8D-E358

Innehåll i katalogen c:\Windows\System32\drivers\etc

2011-02-27 10:48 <KAT> .
2011-02-27 10:48 <KAT> ..
2009-06-10 23:39 3 683 lmhosts.sam
2009-06-10 23:39 407 networks
2009-06-10 23:39 1 358 protocol
2009-06-10 23:39 17 463 services
4 fil(er) 22 911 byte
2 katalog(er) 45 702 565 888 byte ledigt

c:\Windows\System32\drivers\etc>attrib -h hosts
Återställer inte systemfil - C:\Windows\System32\drivers\etc\hosts <-- "Not restoring systemfile"- free translation

c:\Windows\System32\drivers\etc>notepad hosts <-- starts notpad, but file cannot be saved, it is protected

c:\Windows\System32\drivers\etc>

after the attrib -h hosts and you run another dir?

then run attrib -r hosts.

attrib -h hosts should make the file show on next dir right? well it doesn't.

----------------------------------------------
c:\Windows\System32\drivers\etc>attrib -h hosts
Återställer inte systemfil - C:\Windows\System32\drivers\etc\hosts

c:\Windows\System32\drivers\etc>dir
Volymen i enhet C har ingen etikett.
Volymens serienummer är FC8D-E358

Innehåll i katalogen c:\Windows\System32\drivers\etc

2011-02-27 10:48 <KAT> .
2011-02-27 10:48 <KAT> ..
2009-06-10 23:39 3 683 lmhosts.sam
2009-06-10 23:39 407 networks
2009-06-10 23:39 1 358 protocol
2009-06-10 23:39 17 463 services
4 fil(er) 22 911 byte
2 katalog(er) 45 636 202 496 byte ledigt

c:\Windows\System32\drivers\etc>attrib -r hosts
Återställer inte dold fil - C:\Windows\System32\drivers\etc\hosts

c:\Windows\System32\drivers\etc>dir
Volymen i enhet C har ingen etikett.
Volymens serienummer är FC8D-E358

Innehåll i katalogen c:\Windows\System32\drivers\etc

2011-02-27 10:48 <KAT> .
2011-02-27 10:48 <KAT> ..
2009-06-10 23:39 3 683 lmhosts.sam
2009-06-10 23:39 407 networks
2009-06-10 23:39 1 358 protocol
2009-06-10 23:39 17 463 services
4 fil(er) 22 911 byte
2 katalog(er) 45 636 202 496 byte ledigt

Try adding a new hosts file by doing the following:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost

Opening up a new Notepad thkat is blank:

1) Copy Paste the above code box into it.

2) Save it in my documents

3) copy and paste the new file to the etc directory

like so

copy hosts c:\windows\system32\drivers\etc

do this in an elevated command prompt.