Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hosts file can't be Deleted/Modified


  • Please log in to reply
3 replies to this topic

#1 Neil Bradley

Neil Bradley

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 16 March 2011 - 10:39 AM

I had some malware that I have successfully removed on this computer. The one thing I have not yet been able to do is delte/modify the hosts file which has been filled with browser re-directs.

Here is what I have tried so far without success

1. Deleteing the file in explorer.
2. Command prompt delete.
3. Both 1 & 2 in safe mode.
4. Safe mode command prompt only.
- changing attributes from attrib -s -h hosts (permission denied)
- cacls c:\windows\system32\drivers\etc\hosts /e /g Administrators:f (permission denied)
5. Boot from xp cd, in recovery console, 1-4 above. All "permission denied"
6. Removed hard drive from computer, hooked up as slave.
- Using win7, attempted to take ownership and change attributes. "Permission denied".

I have put the HD back in the original machine, and am now turning my problem over to the experts here :)


Below is the contents of the hosts file, for what it's worth.


Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
69.10.57.34 www.google.com
69.10.57.34 google.com
69.10.57.34 google.com.au
69.10.57.34 www.google.com.au
69.10.57.34 google.be
69.10.57.34 www.google.be
69.10.57.34 google.com.br
69.10.57.34 www.google.com.br
69.10.57.34 google.ca
69.10.57.34 www.google.ca
69.10.57.34 google.ch
69.10.57.34 www.google.ch
69.10.57.34 google.de
69.10.57.34 www.google.de
69.10.57.34 google.dk
69.10.57.34 www.google.dk
69.10.57.34 google.fr
69.10.57.34 www.google.fr
69.10.57.34 google.ie
69.10.57.34 www.google.ie
69.10.57.34 google.it
69.10.57.34 www.google.it
69.10.57.34 google.co.jp
69.10.57.34 www.google.co.jp
69.10.57.34 google.nl
69.10.57.34 www.google.nl
69.10.57.34 google.no
69.10.57.34 www.google.no
69.10.57.34 google.co.nz
69.10.57.34 www.google.co.nz
69.10.57.34 google.pl
69.10.57.34 www.google.pl
69.10.57.34 google.se
69.10.57.34 www.google.se
69.10.57.34 google.co.uk
69.10.57.34 www.google.co.uk
69.10.57.34 google.co.za
69.10.57.34 www.google.co.za
69.10.57.34 www.google-analytics.com
69.10.57.34 www.bing.com
69.10.57.34 search.yahoo.com
69.10.57.34 www.search.yahoo.com
69.10.57.34 uk.search.yahoo.com
69.10.57.34 ca.search.yahoo.com
69.10.57.34 de.search.yahoo.com
69.10.57.34 fr.search.yahoo.com
69.10.57.34 au.search.yahoo.com

Edited by Neil Bradley, 16 March 2011 - 10:44 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:49 AM

Posted 16 March 2011 - 12:37 PM

I suspect, your computer is still infected.

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Neil Bradley

Neil Bradley
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 16 March 2011 - 01:22 PM

Problem has been solved. Another computer guru friend of mine suggested I change the cacls line to a user instead of the administrator, and viola, got permissions reset.

Please go ahead and close the thread here as problem resolved.

Thanks for the quick reply!

Neil

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:49 AM

Posted 16 March 2011 - 01:53 PM

Ahh...nice :)
Thanks for posting back....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users