Can't replace hosts file

just cleaned up an infected computer and it was redirecting search results, I found that the bad search results were coming from the hosts file, interestingly if you browse to c:\windows\system32\drivers\etc\ there is no hosts file present even with "show hidden files" turned on, I tried running hijackthis but it said that it could not rewrite the hosts file and that I must do it manually.

now if I type into run "notepad c:\windows\system32\drivers\etc\" it pulls up the bad hosts file. Now I save the hosts file elsewhere and remove the .txt extension and go to place it in that directory it comes up with the "would you like to replace file 'hosts"' but after I say yes it comes up with error "cannot move hosts: a file with that name already exists" I have tried this in safe mode logged on as administrator with no luck. but I cannot for the life of me rewrite the hosts file.

any ideas are greatly appreciated.
LVL 6
NerdsNowAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

houssam_balloutCommented:
did you try to login using safe mode?
0
NerdsNowAuthor Commented:
yeah I logged in safe mode as administrator and had the same problem
0
kerickCommented:
from shell, try to rename your old hosts. then rename the new hosts.
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

optomaCommented:
When you showed all files can you see other hidden files?
0
jameso99Commented:
I would have said try Unlocker (http://ccollomb.free.fr/unlocker) but it sounds like you can't even see the file.

Did you try a Run -> sfc /scannow or a Windows repair to see if you can restore an original hosts.etc?

Also, make sure it doesn't have the Read Only box checked on the file properties.
0
Darren SharplesSystems SpecialistCommented:
it sounds like your pc is still infected, make sure you have completly removed the virus and chase it out of the registry. I would say that this file is being recreated by the virus
0
B HCommented:
note that if you ran spybot search and destroy, and told it to protect your hosts file, SBS+D will block you from touching your own hosts file.

do this:

start > run > cmd
cd\windows\system32\drivers\etc
attrib hosts -s -h -r && del hosts

then optionally you can do something like this:
rename hosts.txt hosts
(if you have your wanted hosts file named hosts.txt in that directory
0
scrathcyboyCommented:
You have not got rid of the virus -- that is the only explanation for this behaviour.  Try NOD32 at www.eset.com -- it will wipe out any and every virus or tracker on your hard drive if you do an in-depth scan -- guaranteed to eliminate everything nasty, with the latest updates.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
johnb6767Commented:
In the registry under.....

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Check the DatabasePath value. Does it point to the \Etc folder?
0
NerdsNowAuthor Commented:
I tried everyones advice from every cmd command you can think of and deleting with every atribute combination, ran every cleaner/antivirus/repair tool  I had even heard of  checked all the settings you guys suggested, redid the regestry settings as suggested but I ran NOD32 and it said something about  , "found a locked error, a reboot is needed" and when it restarted I was able to replace the hosts file, horay! NOD32 did not find any threats but it did repair the "locked error"! but it looks like I have a new favorite antivirus! Thank you scrathcyboy!
0
scrathcyboyCommented:
Thanks NerdsNow -- I tell you, there is no end of what NOD32 discovers if you do a "deep clean search".  At times it is arduous, but it works better than all of them !!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.