Solved

Windows 7 ignoring hosts file!

Posted on 2011-03-07
9
1,271 Views
Last Modified: 2012-05-11
I have windows 7 64 bit, and it is now ignoring the hosts file!!

This seems to have happened, just after running some tools suggested to me at bleepingcomputer.com.   The tools were OTL.exe and OTM.exe.    (This was part of an effort to remove a not incredibly bad malware, that would redirect perhaps 1 our of 20 google links I clicked to another site)

Anyway -- windows is ignoring the hosts file now, and the people at bleepingcomputer claim that all the tools did was clean out the host file -- they did nothing to stop windows from paying attention to it.

I can put something in the hosts file, and then try running a ping, and it will not find it.

Please help!
0
Comment
Question by:Xetroximyn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 84 total points
ID: 35063038
Are you editing the hosts file by running your text editor in "Run as Administrator" mode?
And editing the hosts file (no file extension) at %systemroot%\system32\drivers\etc\ then restarting the PC?

0
 
LVL 12

Assisted Solution

by:Kent W
Kent W earned 83 total points
ID: 35063051
0
 
LVL 8

Assisted Solution

by:subhashchy
subhashchy earned 83 total points
ID: 35063082
After trying above steps if still  issue seems persist then try these .

1. Open notepad in "RunAsAdministrator" mode
2. Edit Hosts file from Drivers\etc directory.
3. Add a dummy line, like  say  127.0.0.1 blahblah.com
4. Open a commnd promot and type "ipconfig /flushdns" and press enter
5. Again type "ipconfig /displaydns" and press enter.

Are you seeing the dummy entery here,the blah blah .com entry . Let us know the outcome..
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 166 total points
ID: 35063151
Xetroximyn--Forgive me.  I do not understand "ignoring the HOSTS file".  If those other programs "cleaned out " the HOSTS file, there is nothing to ignore.
The normal function of a HOSTS file nowadays is to block access to certain URL s.
A good explanation is
http://www.mvps.org/winhelp2002/hosts.htm                     
0
 

Author Comment

by:Xetroximyn
ID: 35063311
I use the hosts file so that I can point a particular name to an particular IP address.  Because I access exchange through a hamachi VPN.

After this tool cleared out the hosts file, I did in fact put my needed entries back in there.  and they were in fact ignored.   I know the entries where getting saved, because I could reopen the hosts file and see them there.  (I am quite used to editing the hosts file -- thats why I was so shocked to see windows ignore the hosts file)

Normally after editing the hosts file there is no need to reboot.  I just make a change, and try a ping to the name, and it resolved to the IP I specified.

But in the course of troubleshooting this, I tried everything under the sun, including
ipconfig /flushdns
nbtstat -R
and rebooting

Still the hosts file was ignored.

Eventually I tried system restore to before I ran these tools, and thank god it is working like normal again.  (I can add things to the hosts file and immediately they take, no reboot or flushdns required)

Any idea how this can happen?







0
 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 166 total points
ID: 35063393
Xetroximyn--Glad to hear all is well.   I have no idea what happened.  Did you reboot after recreating the HOSTS file?  That often cures mayn problems.
Ca
0
 

Author Comment

by:Xetroximyn
ID: 35063400
Oh yea -- I rebooted multiple times.  tried flushdns and nbtstat -R -- nothing would make it pay attention to the hosts file.  (I test with ping)

If I still have this redirect malware on my PC (hard to tell since it only does a redirect every once in a while)

then when I run the tools again this weekend, to try to clean the malware, I will test hosts functionality just before and after each tool, so I can find out exactly which one did it.  

0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 84 total points
ID: 35067126
nbtstat -R only reads the lmhosts file, not hosts, so that could not help ;-).

Thinking about why a System Restore should have helped - maybe a DLL exchanged (should not), maybe one missing (should neither). Vista and W7 have changed the protecting behaviour (SFC) for system DLLs and files, which is now to be run manually (sfc /once). With XP there has been a service watching for changes, and replacing them immediately, to prevent from Virus and other malicious stuff.
0
 

Author Closing Comment

by:Xetroximyn
ID: 35134410
Thanks!
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question