Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't reset host file


  • Please log in to reply
9 replies to this topic

#1 davelake

davelake

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 December 2011 - 08:21 AM

Hello,

I killed a virus but was left with a hijacked host file. I have been unable to create a new one. Tried the microsoft fix, changing admin options, OTL host reset. No luck so far, any suggestions?

Thanks, Dave

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:11 AM

Posted 17 December 2011 - 10:17 AM

I just tried replacing mine and discovered that my AV (Avira Free) was interfering with any replacement effort.

http://www.bleepingcomputer.com/forums/topic123980.html

So I turned off real-time protection temporarily...went to http://winhelp2002.mvps.org/hosts.htm and downloaded the most recent hosts file to my desktop.

"Download: hosts.zip [right-click - Select: Save Target As] [Updated November-23-2011]"

I then opened file with program for doing so (7-Zip, in my case) and double-clicked the .bat file...complied with extraction of all files...double-clicked new .bat file, complied with onscreen instructions.

Louis

#3 davelake

davelake
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 December 2011 - 05:23 PM

Louis,

Thank you for your reply. I tried the .bat file and was told "the system cannot find file specified. Access is denied"
it does however say that the file was updated (see attached screen print). I manually tried swapping the new host file for the old, again permission denied. Ran a dds and the old host shows. Not sure what to try next????

Attached File  srcp1.jpg   24.12KB   2 downloads

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:11 AM

Posted 17 December 2011 - 05:33 PM

If you reached that screen, it should have updated.

You did reboot the system, correct?

What malware protection programs do you have running on your system?

Louis

#5 davelake

davelake
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 December 2011 - 05:55 PM

Louis,

Thanks for the fast reply. Yes I rebooted and the hijacked host file is still there. I am not running any malware programs. I tried the microsoft supposed fix using notepad in admin mode. I can open and edit the host file but not save. The host file is hidden of course...


Dave

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:11 AM

Posted 17 December 2011 - 07:31 PM

<<I am not running any malware programs>>

I think that you need to visit http://www.bleepingcomputer.com/forums/forum25.html and indulge in a little education about such.

Louis

#7 davelake

davelake
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 18 December 2011 - 08:17 AM

Hi Louis,

Not sure exactly what direction you are trying to point me in? are you simply pointing out my folly of not running an anti-virus? Looking at my DDS log it appears that I am running Windows Defender, Do I need to disable? also found this in an old post(possible solution?):

"OTMoveIt3

* Download OTMoveIt3 and save it to your desktop. Then run it.
* Copy and paste the lines in the code box below into the input field at the bottom left corner:

:processes
explorer.exe

:files
C:\Windows\System32\DRIVERS\ETC\hosts


* Now click the red button that says MoveIt!
* To the right, the results show up. Copy and paste them all into a notepad file and post the notepad file in your next reply.


Then please run HostsXpert and try restore ms hosts file "

#8 davelake

davelake
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 18 December 2011 - 09:04 AM

Update:

Tried HostXpert, didn't work:

Attached File  scrp2.jpg   48.1KB   2 downloads

Attached File  scrp3.jpg   27.1KB   2 downloads

Attached File  scrp4.jpg   51.76KB   1 downloads

Downloaded Unlocker and received this message in the event viewer:

UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Edited by hamluis, 18 December 2011 - 10:43 AM.
Removed excess blank lines.


#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:11 AM

Posted 18 December 2011 - 10:41 AM

Well...it's impossible for me to tell you what is wrong.

I have Unlocker installed...unlockerdriver5.sys is a valid filename for the install...and I have had no problems installing or using Unlocker.

My guess would be that your efforts to free the system from infection...were not successful, but that's just a wild guess.

FWIW: Windows Defender is not an AV program, it was designed to work in conjunction with an installed, updated AV program.

Louis

Edited by hamluis, 18 December 2011 - 10:44 AM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 AM

Posted 23 December 2011 - 03:05 AM

You can use Norton power eraser

http://security.symantec.com/nbrt/npe.aspx?

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users