Solved

HOSTS File (edit, rename, delete)

Posted on 2006-07-13
17
705 Views
Last Modified: 2010-03-05
I can no longer edit, rename or delete the HOSTS file without booting up in the safe mode and doing it from there. This just started with the June 30, 2006 release. I get the following message:

"Cannot delete HOSTS: access is denied.
Make sure the disk is not full or erite-protected
and that the file is currently not in use."

I'm sure this is a new anti-hijacking scheme but if I can't access some sites that it blocks it will be rendered useless.
0
Comment
Question by:wfmitchell
  • 5
  • 2
  • 2
  • +7
17 Comments
 
LVL 32

Expert Comment

by:r-k
ID: 17104191
Which release from June 30 do you mean specifically?

I have applied all the latest XP updates and can still edit and rename the HOSTS file.

Which version of Windows?
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17104195
I would probably check permissions and run FILEMON from SysInternals to monitor what program is locking it.
0
 
LVL 32

Expert Comment

by:jhance
ID: 17104342
I'm guessing that you've installed some anti-spyware utility that has "immunized" the HOSTS file.  This is not uncommon.  Either configure your anti-spyware to let you edit the HOSTS or disable it so you can edit.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17104498
Try and Download Hoster,
www.funkytoad.com/download/hoster.zip
This will restore your Hosts file.
Press "Restore Original Hosts" and press "OK"
Reboot.


If that doesn't work, then let us look at your hijackthis log to eliminate malware\viruses as being the caused.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 1

Expert Comment

by:lawyerboy780
ID: 17105862
I've run into this problem with files of different types, and although I haven't yet figured out what is causing the problem HijackThis hasn't been much help as it seems the problem is more like a "flipped switch"  something in the target file signals the OS that the target is in use.  If you have loads o' spare time, you can examine the files bit by bit, or you can try this work-around:  

Use Easy Recovery and recover the file to a different location.  After that's done, restart in safe mode, delete the old file, and copy the recovered file to the correct location

good luck
0
 

Author Comment

by:wfmitchell
ID: 17106907
I am running Windows XP home edition with all the updates and the June 30th HOSTS file.
0
 

Author Comment

by:wfmitchell
ID: 17107378
I have done what rpggamergirl suggested and analysed the Hijack This Log but nothing seems suspicous.
0
 

Author Comment

by:wfmitchell
ID: 17107485
HERE IS THE SOLUTION TO MY PROBLEM:


Why do I see "Access Denied when updating the HOSTS file?

There is a problem with certain versions of ZoneAlarm Firewall (v 6.5.700.000 -
6.5.714.000) where the HOSTS file is "locked" even though that option is unchecked in
the options. To resolve this problem:
1) ZoneAlarm Control Center > Firewall (left pane) > Main (tab in the right pane)
2) Advanced (button at the bottom) > and find "Lock hosts file" Check "Lock hosts file". Click OK.
3) Click Advanced (button at the bottom) Uncheck "Lock hosts file". Click OK.

You should now be able to update the HOSTS file, however until ZA resolves this problem, on the
next Windows restart the file will be locked again (even if that option is unchecked) ... hopefully ZA
will correct this shortly!
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17107645
Oh I see, I know the recent updates of ZA locks the Homepage but I didn't know it locks hosts file as well.
Thanks for sharing the answer to your own question.
If you like, you can ask for this question to be FAQed and your points refunded.
Or asks for it to be deleted and points also refunded.


How do I close a question?
http://www.experts-exchange.com/help.jsp#hi9


I answered the question myself what do I do?
http://www.experts-exchange.com/help.jsp#hi70
0
 
LVL 30

Expert Comment

by:ded9
ID: 17107997
do this in safe mode

ZoneAlarm->Firewall->Advanced->''check the lock host file check box''->OK->Advanced->''uncheck the the lock host file check box''->OK----------> host file is unlocked for SS&D to update.


Reps
0
 
LVL 1

Expert Comment

by:ccsenet
ID: 17111568
Do you have spybot search and detroy?

If you do, open the program -> go to tools -> IE tweaks -> uncheck 'lock hosts file'
0
 
LVL 30

Expert Comment

by:ded9
ID: 17112777
wfmitchell  any updates

Ded9
0
 

Author Comment

by:wfmitchell
ID: 17113802
As I said above I have solved the problem myself. It is a anomaly in ZoneAlarm. It does not require being in Safe mode. I would like for the question to be FAQed and added to the database for future searchers.
0
 
LVL 1

Expert Comment

by:callit
ID: 17147056
jhance mentioned that possibility early on
0
 

Author Comment

by:wfmitchell
ID: 17148644
I consider Zone Alarm a firewall as opposed to anti-spyware like Spybot and Adaware.
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 17156902
Closed, 100 points refunded.
Netminder
Site Admin
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now