Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista can't access hosts file to restore


  • Please log in to reply
1 reply to this topic

#1 elldee1112

elldee1112

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 05 October 2010 - 09:31 PM

For a couple of months my gateway laptop (running Vista Home Premium SP 2) has gotten abyssmally slow at doing everything. A spybot scan identified something, not sure what it means, but I'll append the log file, to the effect that it could not open the hosts file. I tried all the suggestions people had, such as creating a new hosts file with notepad, making sure I was logged in as Administrator, and even used a quick fix thingy at the microsoft website - no joy, access denied. Checking in administrative tools, under reliability/stability monitor, it is still showing high marks, and a check in Event Viewer showed nothing that my admittedly limited knowledge identified as possibly related.

I tried putting the whole log for today's spybot run here, but it was apparently too long, so I'm going to truncate it, and hope that works to let me post.


--- Report generated: 2010-10-05 19:07 ---

Error during check!: Win32.AdAgent.q [1 - $7A034F48] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Fraud.Sysguard [10 - $52F85B79] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Fraud.Sysguard [11 - $4B75F45C] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Fraud.Sysguard [12 - $4ED7AEDC] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Fraud.VirusDoctor [18 - $0C71C5B8] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Fraud.WindowsEnterpriseDefender [8 - $4648F8E3] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Fraud.WindowsEnterpriseDefender [9 - $31C9E1F3] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Fraud.WindowsProtectionSuite [8 - $B197733A] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Fraud.WindowsProtectionSuite [9 - $3A1D70D6] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Fraud.WindowsProtectionSuite [10 - $85FC4658] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Microsoft.Windows.RedirectedHosts [1 - $A3B707CB] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Microsoft.Windows.RedirectedHosts [2 - $D103550A] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Microsoft.Windows.RedirectedHosts [3 - $9D14B66F] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Microsoft.Windows.RedirectedHosts [4 - $9566CBD4] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


{{{ After this, there are entries of microsoft.windows.redirectedhosts numbered sequentially from 4 to 1193}}}}}

Error during check!: Virtumonde.sdn [2023 - $0C71C5B8] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Win32.VkHost [1 - $24750BEE] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Error during check!: Win32.VkHost [2 - $AE5EF0A5] (Cannot open file "C:\Windows\System32\drivers\etc\hosts". Access is denied) (Status)


Congratulations!: No immediate threats were found. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-09-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-08-24 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-09-22 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-31 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-09-28 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-09-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-09-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-09-28 Includes\TrojansC-04.sbi (*)
2010-09-28 Includes\TrojansC-05.sbi (*)
2010-09-13 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:33 PM

Posted 06 October 2010 - 12:53 PM

Since the Hosts file is sometimes used and altered by malware, some security programs (like Spybot S&D, WinPatrol, ZoneAlarm Pro, etc) will lock the HOSTS file's read-only attributes as protection so it cannot be changed without your knowledge unless you disable that feature. As such, you may receive an access is denied message.

When you go into Spybot > Mode > Advanced Mode > Tools > Hosts File and do an "Add Spybot-S&D hosts list", Spybot..."lock" the HOSTS file by setting the attributes on the HOSTS file to read-only.

If you do not want the read-only attribute set on the HOSTS file after doing a "Add Spybot-S&D hosts list", go into Spybot > Mode > Advanced Mode > Tools > IE Tweaks. Under "Miscellaneous locks" uncheck the following: * Lock Hosts file read-only as protection against hijackers.

Spybot Forums: Host file - Access is Denied

If using Vista or Windows 7, be aware that it's User Account Control (UAC) blocks access to the HOSTS file since itís a system file. To get around this you may have to turn off UAC - How to Disable UAC the Easy Way on Win 7 or Vista.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users