Solved

Can't Edit Hosts File on Windows XP

Posted on 2010-11-17
16
1,246 Views
Last Modified: 2012-05-10
I have a windows XP machine that has a host file that is set as a system file and is hidden.  When i go to c:\windows\system32\drivers\etc\hosts I see a ton of entries to all sorts of google and microsoft sites.  This explains why im getting so many redirects when going to google.  So i try and clear out all the entries and save it and it doesn't allow me to.

So i have tried many programs to remove the permissions but i have no luck.  Is there a way to remove the host file manually and re-create it?  
0
Comment
Question by:jmkotman
  • 4
  • 3
  • 3
  • +4
16 Comments
 
LVL 18

Expert Comment

by:Cluskitt
ID: 34154720
That happens because you've been infected with a rootkit. You need to clean your XP and then use a tool to delete the file. I've had this happen on my sister's pc recently. I ended up using Unlocker to do it. Though you can use a live CD as well.
0
 
LVL 17

Accepted Solution

by:
houssam_ballout earned 500 total points
ID: 34154735

Try to edit in safe mode

After that scan your virus with malware & combofix:

http://www.malwarebytes.org/

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Comment

by:jmkotman
ID: 34154741
Ill give unlocker a try tonight and see.  I ran malwarebytes and hitman pro but they seem to thing everything is fine
0
 

Author Comment

by:jmkotman
ID: 34154753
I did try and edit in safe mode and still no love
0
 
LVL 17

Expert Comment

by:houssam_ballout
ID: 34154761
Try combofix

Try this unlocker:

http://ccollomb.free.fr/unlocker/
0
 
LVL 4

Expert Comment

by:Jsblanton
ID: 34154853
This could also just be because you have run spybot search and destroy which locks down the hosts file. There is a whole process for recreating it, or unlocking it to edit that I can't remember right now. But, if you have run spybot in the past this is probably what it is, and why you aren't coming up with any infections. Cheers.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34154991
Right click it, and take ownership. Then click OK and go back into the Advanced Security Tab, and click the Top box, to inherit the permissions. Then Click OK again. Right Click the file, and deselect "Read Only"......

Now you should be able to save it.....

More than likely, all ACEs have been deleted to the file, and without them, Windows doesnt know who is allowed to access/edit the file....

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34154995
Oh, and if this is NOT XP Pro, do this in Safe NMode, as you will not se the Security Tab in regular mode in XP Home....
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 66

Expert Comment

by:johnb6767
ID: 34154999
Oh, and Right Click>Security>Advanced>Owner....As the first step. Re read ity and it was incomplete above.....
0
 
LVL 30

Expert Comment

by:flubbster
ID: 34155860
Download the following batch file to your desktop and run it. This will free up the hosts file and allow you to remove it completely.
http://download.bleepingcomputer.com/bats/hosts-perm.bat

Delete the C:\Windows\System32\Drivers\etc\HOSTS file. Once it is deleted, download the following HOSTS file by right-clicking the link and select "Save Target As"
and save it in the C:\Windows\System32\Drivers\etc folder

http://download.bleepingcomputer.com/misc/host-files/windows-xp/hosts

You should be all set.

0
 
LVL 10

Expert Comment

by:GlobaLevel
ID: 34155931
you can try HijackThis...its one of the best by Trend Micro...if this doesnt fix it..take it to your local Geek Squad...at best buy
http://free.antivirus.com/hijackthis/
0
 

Author Comment

by:jmkotman
ID: 34156478
Is there a way to see the file though if its hidden.  Even if i say "view hidden files and folders" it doesn't appear.  But i know its there b/c i can navigate to it through run command
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 34156491
You have to uncheck the option "Hide system files and folders", found in the same place where you find "View hidden files and folders", a bit further down.
0
 
LVL 30

Expert Comment

by:flubbster
ID: 34156552
Beware of a rogue (fake )hosts file also. I don't think you can do anything from a permissions standpoint to get access and delete the file. According to Malwarebytes, the best way is via the instructions I posted.

Up to you.....
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 34156815
If you use unlocker, you can delete it. Unlocker will fail the delete and ask to delete it on next boot. Say yes and it will be done. You can then use one of Microsoft's FixIt to reset the hosts file.

Another easy way is to simply boot a live CD (like Ubuntu) and simply delete it from there.
0
 

Author Closing Comment

by:jmkotman
ID: 34160458
Combofix fixed the issue!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Windows XP Recycle Bin - no permission to remove file 12 102
rebuilding your XP box 15 143
how to Repair Windows XP 12 84
no display on laptop 5 56
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now