Can't Edit Hosts File on Windows XP
I have a windows XP machine that has a host file that is set as a system file and is hidden. When i go to c:\windows\system32\driver
So i have tried many programs to remove the permissions but i have no luck. Is there a way to remove the host file manually and re-create it?
So i have tried many programs to remove the permissions but i have no luck. Is there a way to remove the host file manually and re-create it?
Cluskitt
That happens because you've been infected with a rootkit. You need to clean your XP and then use a tool to delete the file. I've had this happen on my sister's pc recently. I ended up using Unlocker to do it. Though you can use a live CD as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ill give unlocker a try tonight and see. I ran malwarebytes and hitman pro but they seem to thing everything is fine
ASKER
I did try and edit in safe mode and still no love
This could also just be because you have run spybot search and destroy which locks down the hosts file. There is a whole process for recreating it, or unlocking it to edit that I can't remember right now. But, if you have run spybot in the past this is probably what it is, and why you aren't coming up with any infections. Cheers.
Right click it, and take ownership. Then click OK and go back into the Advanced Security Tab, and click the Top box, to inherit the permissions. Then Click OK again. Right Click the file, and deselect "Read Only"......
Now you should be able to save it.....
More than likely, all ACEs have been deleted to the file, and without them, Windows doesnt know who is allowed to access/edit the file....
Now you should be able to save it.....
More than likely, all ACEs have been deleted to the file, and without them, Windows doesnt know who is allowed to access/edit the file....
Oh, and if this is NOT XP Pro, do this in Safe NMode, as you will not se the Security Tab in regular mode in XP Home....
Oh, and Right Click>Security>Advanced>Ow
Download the following batch file to your desktop and run it. This will free up the hosts file and allow you to remove it completely.
http://download.bleepingcomputer.com/bats/hosts-perm.bat
Delete the C:\Windows\System32\Driver
and save it in the C:\Windows\System32\Driver
http://download.bleepingcomputer.com/misc/host-files/windows-xp/hosts
You should be all set.
http://download.bleepingcomputer.com/bats/hosts-perm.bat
Delete the C:\Windows\System32\Driver
and save it in the C:\Windows\System32\Driver
http://download.bleepingcomputer.com/misc/host-files/windows-xp/hosts
You should be all set.
you can try HijackThis...its one of the best by Trend Micro...if this doesnt fix it..take it to your local Geek Squad...at best buy
http://free.antivirus.com/hijackthis/
http://free.antivirus.com/hijackthis/
ASKER
Is there a way to see the file though if its hidden. Even if i say "view hidden files and folders" it doesn't appear. But i know its there b/c i can navigate to it through run command
You have to uncheck the option "Hide system files and folders", found in the same place where you find "View hidden files and folders", a bit further down.
Beware of a rogue (fake )hosts file also. I don't think you can do anything from a permissions standpoint to get access and delete the file. According to Malwarebytes, the best way is via the instructions I posted.
Up to you.....
Up to you.....
If you use unlocker, you can delete it. Unlocker will fail the delete and ask to delete it on next boot. Say yes and it will be done. You can then use one of Microsoft's FixIt to reset the hosts file.
Another easy way is to simply boot a live CD (like Ubuntu) and simply delete it from there.
Another easy way is to simply boot a live CD (like Ubuntu) and simply delete it from there.
ASKER
Combofix fixed the issue!