BleepingComputer.com: can't reset host file

Hello,

I killed a virus but was left with a hijacked host file. I have been unable to create a new one. Tried the microsoft fix, changing admin options, OTL host reset. No luck so far, any suggestions?

Thanks, Dave

I just tried replacing mine and discovered that my AV (Avira Free) was interfering with any replacement effort.

http://www.bleepingcomputer.com/forums/topic123980.html

So I turned off real-time protection temporarily...went to http://winhelp2002.mvps.org/hosts.htm and downloaded the most recent hosts file to my desktop.

"Download: hosts.zip [right-click - Select: Save Target As] [Updated November-23-2011]"

I then opened file with program for doing so (7-Zip, in my case) and double-clicked the .bat file...complied with extraction of all files...double-clicked new .bat file, complied with onscreen instructions.

Louis

Louis,

Thank you for your reply. I tried the .bat file and was told "the system cannot find file specified. Access is denied"
it does however say that the file was updated (see attached screen print). I manually tried swapping the new host file for the old, again permission denied. Ran a dds and the old host shows. Not sure what to try next????

 srcp1.jpg (24.12K)
Number of downloads: 2

If you reached that screen, it should have updated.

You did reboot the system, correct?

What malware protection programs do you have running on your system?

Louis

Louis,

Thanks for the fast reply. Yes I rebooted and the hijacked host file is still there. I am not running any malware programs. I tried the microsoft supposed fix using notepad in admin mode. I can open and edit the host file but not save. The host file is hidden of course...


Dave

<<I am not running any malware programs>>

I think that you need to visit http://www.bleepingcomputer.com/forums/forum25.html and indulge in a little education about such.

Louis

Hi Louis,

Not sure exactly what direction you are trying to point me in? are you simply pointing out my folly of not running an anti-virus? Looking at my DDS log it appears that I am running Windows Defender, Do I need to disable? also found this in an old post(possible solution?):

"OTMoveIt3

* Download OTMoveIt3 and save it to your desktop. Then run it.
* Copy and paste the lines in the code box below into the input field at the bottom left corner:

:processes
explorer.exe

:files
C:\Windows\System32\DRIVERS\ETC\hosts


* Now click the red button that says MoveIt!
* To the right, the results show up. Copy and paste them all into a notepad file and post the notepad file in your next reply.


Then please run HostsXpert and try restore ms hosts file "

Update:

Tried HostXpert, didn't work:

 scrp2.jpg (48.1K)
Number of downloads: 2

 scrp3.jpg (27.1K)
Number of downloads: 2

 scrp4.jpg (51.76K)
Number of downloads: 1

Downloaded Unlocker and received this message in the event viewer:

UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

This post has been edited by hamluis: 18 December 2011 - 10:43 AM
Reason for edit: Removed excess blank lines.

Well...it's impossible for me to tell you what is wrong.

I have Unlocker installed...unlockerdriver5.sys is a valid filename for the install...and I have had no problems installing or using Unlocker.

My guess would be that your efforts to free the system from infection...were not successful, but that's just a wild guess.

FWIW: Windows Defender is not an AV program, it was designed to work in conjunction with an installed, updated AV program.

Louis

This post has been edited by hamluis: 18 December 2011 - 10:44 AM

You can use Norton power eraser

http://security.symantec.com/nbrt/npe.aspx?

Good luck