Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hosts file permissions changed by virus?


  • Please log in to reply
7 replies to this topic

#1 Pqqwetiqe

Pqqwetiqe

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 19 September 2016 - 07:01 PM

 
I noticed a today the the permissions to the hosts file ("C:\Windows\System32\drivers\etc\hosts") where changes such that admin privileges are no longer required. I suspect it was done by a virus. If it was, is there a way to make sure it didn't change any other permissions (or other stuff)?
 
I also updated win 10 to the anniversary update. could that be the cause?
 
BTW, if it was a virus, I probably already deleted it by running all sorts of anti malware programs.


BC AdBot (Login to Remove)

 


#2 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:02:02 PM

Posted 20 September 2016 - 09:22 AM

How did you setup User Account Control settings is it on?

Do you you notice any other permission settings been altered.

Open the Command Prompt as a administrator and type below command.

icacls C:\Windows\System32\drivers\etc\hosts  | Clip

Above command will list permission settings for the Host file these list will be copied to clipboard at your next post screen right click empty space and select Paste from contexts menu and post the result.


Posted Image


#3 Pqqwetiqe

Pqqwetiqe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 20 September 2016 - 11:47 AM

How did you setup User Account Control settings is it on?

Do you you notice any other permission settings been altered.

Open the Command Prompt as a administrator and type below command.

icacls C:\Windows\System32\drivers\etc\hosts  | Clip

Above command will list permission settings for the Host file these list will be copied to clipboard at your next post screen right click empty space and select Paste from contexts menu and post the result.

 

I already fixed the permissions to the hosts file (I think):

__________________________________________________________________

C:\Windows\System32\drivers\etc\hosts NT AUTHORITY\SYSTEM:(I)(F)
                                      BUILTIN\Administrators:(I)(F)
                                      BUILTIN\Users:(I)(RX)
                                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
                                      APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
__________________________________________________________________
 
before i fixed it, there was an additional full control permission to a specific user.
i was just wondering how i can make sure other important files weren't affected.
 

Edited by Pqqwetiqe, 20 September 2016 - 11:47 AM.


#4 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:02:02 PM

Posted 20 September 2016 - 02:51 PM

Hast file permission look good you can use Tweaking.com - Windows Repair  tool to Reset Registry Permissions, Reset Service Permissions, Register System Files, Restore Important Windows Services, Remove Policies Set By Infections, Set Windows Services To Default Startup, Restore UAC (User Account Control) Settings, Repair Hosts File, Reset File Permissions.


Posted Image


#5 Pqqwetiqe

Pqqwetiqe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 20 September 2016 - 06:48 PM

Hast file permission look good you can use Tweaking.com - Windows Repair  tool to Reset Registry Permissions, Reset Service Permissions, Register System Files, Restore Important Windows Services, Remove Policies Set By Infections, Set Windows Services To Default Startup, Restore UAC (User Account Control) Settings, Repair Hosts File, Reset File Permissions.

 

Thanks.

What does it mean to Register System Files? 



#6 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:02:02 PM

Posted 21 September 2016 - 05:41 AM

 

Hast file permission look good you can use Tweaking.com - Windows Repair  tool to Reset Registry Permissions, Reset Service Permissions, Register System Files, Restore Important Windows Services, Remove Policies Set By Infections, Set Windows Services To Default Startup, Restore UAC (User Account Control) Settings, Repair Hosts File, Reset File Permissions.

 

Thanks.

What does it mean to Register System Files? 

 

Windows system files like Dynamic-link library (or DLL) will be registered to repair any issue that may cause by unregistered system files.


Posted Image


#7 Pqqwetiqe

Pqqwetiqe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 21 September 2016 - 02:02 PM

Hast file permission look good you can use Tweaking.com - Windows Repair  tool to Reset Registry Permissions, Reset Service Permissions, Register System Files, Restore Important Windows Services, Remove Policies Set By Infections, Set Windows Services To Default Startup, Restore UAC (User Account Control) Settings, Repair Hosts File, Reset File Permissions.

 

i ran this crap and now i can't change the default browser and i can't uninstall staff. what the bleep do i do now?



#8 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:02:02 PM

Posted 22 September 2016 - 08:03 AM

That program did not cause any issue you computer still infected by malware you should ask for malware infection checkup visit below link for more information. After your computer clear of malware infection and you still have issues you have mentioned you can do a repair install of Windows 10 your personal setting, personal files and installed programs will not be touch by repair installing Windows 10.

 

 

Am I Infected? What do I do? How do I get help? Who is helping me?

 

 

How to Do a Repair Install of Windows 10 with an In-place Upgrade


Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users