Posted 03 March 2011 - 07:41 PM
Hello Tech Gurus,
I hope one of you can help me. I have a problem with one of my computers at the office I am having trouble solving. I will outline the problem and what I have attempted so far. Hopefully one of you can point out a solution or something new to try.
Computer at work cannot connect to google, yahoo, or bing search engines.
What I Have Done:
I have identified the problem as a corrupt (hacked) hosts file. If I enter the command C:\WINDOWS\system32\drivers\etc\hosts I can access the hosts file and open it in wordpad.
Note that without actually typing in the file path the hosts file cannot be accessed. It is not visible in windows explorer even after changing the folder options to “show hidden files and folders” However, as mentioned by typing in the file path location, I can view the hosts file in wordpad.
Once open I can see almost 2 pages worth of entries of various google, yahoo and bing sites re-routing the browser to an unknown location explaining the problem. I know what the problem is, but I can’t fix it. I have tried deleting the hijacked entries in wordpad, but cannot re-save the file as I get an authorization error.
As the file is not visible in windows explorer I cannot remove the “read-only” format. I have tried to overwrite the file, with a pure hosts file taken from a different computer; again I get an authorization failure. I have tried running the following codes to regain administrator rights
cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G Administrators:F
cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G admin:F (admin is the username)
Both codes produced authorization failure errors. I do have full administrator credentials with this login.
I have run Malwarebytes and SuperAnti Spyware and have removed several errors; however all of the above problems still remain.
I have run HijackThis, and am informed that the Hijack this does not have “write” access to the hosts file and although it finds the hijacked lines in the hosts file, it cannot remove them. Hence all the above problems remain.
I have tried booting the computer in Safe Mode to gain access over the hosts file, but even in Safe Mode the file is not visible in windows explorer and unchangeable and is exactly the same as the above issues in Normal Mode.
I have tried deleting the entire etc folder, but cannot due to authorization failure.
What else can I try? Any other ideas out there to fix this problem?