Topic 'Hosts file attributes set to system and hidden' in forum 'Security'

Topic 'Hosts file attributes set to system and hidden' in forum 'Security' - dslreports.com http://www.dslreports.com/forum/Hosts-file-attributes-set-to-system-and-hidden-23042263 en Sat, 11 Feb 2012 05:19:48 EDT Sat, 11 Feb 2012 05:19:48 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23436418 --
If anything simply cannot go wrong, it will anyway.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23436418 Fri, 04 Dec 2009 03:27:47 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23414304
»www.malwarebytes.org/mbam.php]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23414304 Mon, 30 Nov 2009 13:05:36 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23412603 I tried to run hijack this, but it told me to delete my hosts file. I couldn't delete it, but could after following the instructions on this forum, using malwarebytes fileASSASIN. THANKS.

No, here's the issue. I'm still getting redirected to all these other sites when doing a search. I've tried everything and it's still happening. My task manager now works, the hosts file was replaced with a clean one, but I'm still getting redirected all over the place when doing searches. ANy suggestions???
--
If anything simply cannot go wrong, it will anyway.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23412603 Mon, 30 Nov 2009 05:13:42 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23364346 http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23364346 Thu, 19 Nov 2009 11:00:53 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23364166 said by MetalFRO:

I gave up & just did a wipe/reload on the machine. Other than an unrelated printer failure, all is well again :)

Just wish I could have figured out how to fix it otherwise.
Actually you're better off having done a nuke-to-the-bare-metal anyway IMHO. Who knows what else the malware might have squirreled away in the dark corners of your system?
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23364166 Thu, 19 Nov 2009 10:14:43 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23364157 Microsoft Fixit 50267 hosts site:microsoft.com - Google Search
»www.google.com/search?q=Microsof···soft.com

First hit (for me):

How do I reset the hosts file back to the default?
»support.microsoft.com/kb/972034

--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23364157 Thu, 19 Nov 2009 10:12:27 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23362038 http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23362038 Wed, 18 Nov 2009 21:08:41 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23347899 said by vkinetic:

Malware has changed the attributes of the hosts file to system and hidden. HostsXPert attempts to change these attributes unsuccessfully. How can the attributes be changed so that the hosts file can be edited?
You can use PropertiesPlus in the future:

PropertiesPlus -- Version: 1.65
»www.pcworld.com/downloads/file/f···ews.html

[att=1]
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23347899 Mon, 16 Nov 2009 10:26:00 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23346838
1. Run MicrosoftFixit50267.msi - Host file will be replace and renew.

2. Copy and paste the content of a clean Host file from another machine to the renew one.

3. Save the file and it's done. Hope it can solve everyone's problem !]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23346838 Mon, 16 Nov 2009 02:24:22 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23296186 said by vkinetic:

- when trying to change the attribs on the command line I get a response 'not resetting hidden file - C:\WINDOWS\system32\drivers\etc\hosts'

Its the same behaviour in Safe mode, and scans by Malwarebytes, SuperAntiSpy and Spybot all report the system clean.
Spybot will lock your HOSTS file and you have to unlock it in Spybot to work with it (for future reference).

[att=1]

EDIT Sorry, didn't see where Owlbet

posted this info.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23296186 Thu, 05 Nov 2009 12:16:19 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23260707 said by vkinetic:

Thanks JohnG - alas, this is an XP Home machine and there is no security tab and there is no security tab under 'Properties' for the hosts file. Looks like a full reinstall is all we can do. By the way, I believe that it was 'Windwos PC Defender' that caused this problem on this PC too. Thanks for your contribution.
You can add the Security Tab to an XP Home system with this:

»www.dougknox.com/xp/tips/xp_home_sectab.htm
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23260707 Thu, 29 Oct 2009 13:27:15 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23260437
Just wish I could have figured out how to fix it otherwise.
--
Music reviews: metalfroreview.blogspot.com
Listen to my radio show "The Gamut" Sunday nights 9PM-midnight EST on BlabberJesusRadio.com!]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23260437 Thu, 29 Oct 2009 12:48:49 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23230629 http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23230629 Fri, 23 Oct 2009 13:48:41 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23227076 --
Music reviews: metalfroreview.blogspot.com
Listen to my radio show "The Gamut" Sunday nights 9PM-midnight EST on BlabberJesusRadio.com!]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23227076 Thu, 22 Oct 2009 20:05:03 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23163166 I tried everything to delete the hosts file. I knew it was there, I had admin rights with the real admin account, I tried spybot to edit it, I tried what microsoft said to do with "run as admin", I tried changing its attributes and more.

Everyone else was able to do it with the way Microsoft said to do it but I wasn't. Something else was locking it down and no clue.

I had malwarebytes already installed and file assassin did the trick. I still don't know how malwarebytes was able to do it. There must have been a registry setting still set somewhere, maybe by the hijackers, that malwarebytes checks on.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23163166 Sat, 10 Oct 2009 15:09:46 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23129050 www.avast.com/eng/download-avast-home.html]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23129050 Sun, 04 Oct 2009 08:42:37 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23118238
After cleaning my computer with every anti-virus package in the universe, I was still getting redirected links in all my search engine searches (Google, Yahoo, Bing, etc). All signs pointed to a DNS changer or a hijacked hosts file. I couldn't find any evidence of a DNS changer, and there was no hosts file in windows\system32\drivers\etc -- no hosts file I COULD SEE, that is.

While blindly following some instructions for virus removal (I don't recall which one, I literally tried dozens of disinfection solutions), I used Run.. and entered "notepad c:\windows\system32\drivers\etc\hosts" and much to my surprise, a hosts file appeared in notepad! And it was corrupted with tons of redirects for all the common search engines. At that point, I knew this had been the culprit all along. But for some reason, I could not see the hosts file in the etc directory, even though I had "Show hidden files" turned on. To make it even worse, I could not edit, save, delete, or move the hosts file.

I downloaded all sorts of tools and utilities to try and edit, delete, or change permissions on the hosts file. No luck AT ALL.

Finally, I came across this discussion thread, thank goodness!! I used the FileAssassin in MalwareBytes (which was the first AV tool I used in the beginning). That did the trick. It removed the hosts file, and then I replaced it with a clean hosts file. All problems DISAPPEARED (as I expected it would, once I found the hidden hosts file).

One note for anyone else using FileAssassin -- when you navigate into the etc directory, you will not see the hosts file in the file chooser list. Just type "hosts" in the input field, and press the open button. The file is actually there, and FileAssassin WILL delete it.

For the record, I too had the "Windows PC Defender" malware problem, along with a few other things, that seemed to start the whole mess. MalwareBytes fixed up all that other stuff in one shot. I'm STUNNED that this hosts file thing is not documented very much on the internet. This discussion is the ONLY place I have seen this problem or solution specifically mentioned. I guess I'm just unlucky.

Anyway, thanks to everyone that helped vkinetic solve the problem. Your discussion was a HUGE help to me too! ]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23118238 Fri, 02 Oct 2009 03:57:04 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23063585
Since the task mgr wasn't working, I installed Russinovich's Process Explorer. On the Process Explorer window in the options tab is an option: "replace task manager". I did that. Then in the options tab a new label replaces the former called "enable task Manager". I asserted that.

After that the task manager was working again.

(this particular infection also stopped system restore and safe boot. Both these were fixed by registry fixes that I found through Google. Probably a similar fix exists for the task mgr...)

Don
]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23063585 Tue, 22 Sep 2009 11:50:26 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062954 said by JohnG6:

I just ran into the same problem, (created by "Windows PC Defender" rouge anti-spyware) on a client's computer.

...

I also have the Task Manager problem, and will work on that next. Will post the solution here as soon as I find it.

»www.avertlabs.com/research/blog/···options/

Thanks.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062954 Tue, 22 Sep 2009 09:45:07 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062216 XP home, for the security tab, use safe mode for it to appear. If it is not there, do a google search, as there is a reg hack available from memory to make the tab visable.

At least you have it sorted. ]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062216 Tue, 22 Sep 2009 04:38:23 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062080
So thanks to everyone, we finally did it - we'll have to remember this fix because somehow I think we'll be seeing more of this in the future

:) :) :)]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062080 Tue, 22 Sep 2009 01:53:34 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062007
I used FileASSASSIN ~~program~~ (on the More Tools tab) in Malwarebytes' Anti-Malware to delete it, no reboot needed.

Perhaps it would work to delete your Hosts file and then you could start fresh. :hmm:]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062007 Tue, 22 Sep 2009 01:15:00 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062006 http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23062006 Tue, 22 Sep 2009 01:14:29 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23060963
- John]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23060963 Mon, 21 Sep 2009 20:38:13 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23060913
I just ran into the same problem, (created by "Windows PC Defender" rouge anti-spyware) on a client's computer.

Right click on the hosts file, click the Security tab, and give "Authenticated Users" full access permissions. (The malware gave it only read permissions).

You will now be able to delete the file. When you recreate it the correct NTFS permissions will reappear.

I also have the Task Manager problem, and will work on that next. Will post the solution here as soon as I find it.

- JohnG]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23060913 Mon, 21 Sep 2009 20:28:38 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23056277
»www.knoppix-std.org/tools.html]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23056277 Sun, 20 Sep 2009 23:32:55 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23056169
But thanks so much for all your assistance, and the assistance and input of all the other posters.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23056169 Sun, 20 Sep 2009 23:04:54 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23056137 http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23056137 Sun, 20 Sep 2009 22:53:41 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23056045
Running:

attrib -r -h c:\WINDOWS\system32\drivers\etc\hosts displays the message:

'Not resetting system file - C:\WINDOWS\system32\drivers\etc\hosts'

Thanks]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23056045 Sun, 20 Sep 2009 22:27:11 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23055946 http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23055946 Sun, 20 Sep 2009 22:01:55 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23055816
Attached is the autoruns.txt as requested

Autoruns.txt 8,612 bytes

]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23055816 Sun, 20 Sep 2009 21:21:39 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23053035
This may or may not be true, but I always like to entertain these thoughts.

In theory, you could boot off another CD that will provide access to the file system through some kind of shell where you can change the hidden flag. However, as soon as the system starts back up normally, an errant process might clamp down on it again. We would really need to start digging much deeper into your system at this point which may require us to ask you to provide details which you may not be familiar with.

Ideally, you'd have your data backed-up and you reinstall the OS fresh to ensure a clean slate. Otherwise, it's the hard way. These kinds of "unknown / possibly malicious code in my system" scenarios are common where the user(s) of the system use an account day-to-day which has admin privileges. Recommend you don't do that going forward if your situation permits it:

»wicked-styles.com/bitsandpieces/···windows/

Here's a simple experiment - can you boot into Safe Mode and try renaming the hosts file to something else like "hostsbackup" and create a new text document called hosts (ensure there's no extension like .txt on it). This might not work on a file that has the system attribute flagged on it, and I think you might've tried doing "attrib -s -h" already, but it's worth a shot.

Also, while a well-embedded rootkit isn't going to be revealed by this, use AutoRuns to comprehensively view what's launching when you start-up your system.

»technet.microsoft.com/en-us/sysi···902.aspx

Use the command line version and do:

autorunsc.exe >> c:\autorun.txt

and while this doesn't account for everything, it might help us get a partial visual on what turns on when you log into your machine. Upload the results file and we'll take a look.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23053035 Sun, 20 Sep 2009 02:55:53 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23053029 note: If resorting to the O/S CD taking you back to the date of the installer on the disk with no updates, including re-entering the key, and you have done this and the minimum, the task manager is broken, I know I'm an extremist, and many wouldn't go a wipe of the HDD with Dban and start fresh, but I would just on file corruption, or what ever has messed things up alone.

Also XP home really doesn't give you too many options to work with but maybe someone can give you a better path to go down?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23053029 Sun, 20 Sep 2009 02:52:48 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052944 http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052944 Sun, 20 Sep 2009 01:57:16 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052834
Thanks docrice for the mini lesson on NTFS permissions. This is an XP Home machine - secpol.msc is not found and neither is gpedit.msc. Net Use shows Shane & Jodi as belonging to the Administrator's Group and no Global Group membership.

The system had Malwarebytes, SuperAntiSpy and Spybot installed (used for cleaning the original infections) none of which were running, but I have uninstalled them all anyway. The usual system security is Bullguard 8.7 and that is running.

However I found that TaskManager was disabled, and I performed the usual registry edits to enable it....with no change! At this pint I have taken an image of the drive and I'm about to perform a repair install to see if that rectifies things.

Unless I hear further from anyone I'll report how that repair install went.

Really appreciate everyone's input.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052834 Sun, 20 Sep 2009 01:12:50 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052452
For example, a DACE is like a line-item that says members of the Administrators group has Full Control, the Users group has Read & Execute, etc.. In some cases, child folders inherit their permissions from their parent folders and files inherit their permissions from the folder they are in. In other cases, permissions can be set so a child folder is its own new "root" in regards to permission inheritance. "Special Access" refers to a granular permission set which doesn't fall into one of the main pre-defined categories (such as writing extended attributes).

The question is which local group your "Shane & Jodi" account is a member of. You can check this using lusrmgr.msc or (my preferred directly CLI way) doing:

net user "Shane & Jodi"

(and knowing how most XP user accounts default their settings, you're probably running with an admin-level account)

If you're using XP, the default security mode hides the Security tab (which shows the permissions) from you unless you change the Local Security Policy (secpol.msc) under Local Policies - Security Options - Network access: Sharing and security model for local accounts to Classic. If you flip this switch (assuming the account you're using is a member of the local Administrators group), it may be easier for you to manipulate permissions. Be careful, however, if you don't know what you're doing, this may end up being more confusing than it is. If you end up changing this setting, you may want to consider changing it back later on.

To get back to your original problem, you may want to list all the "security" apps you have installed. Many of us might know right off the bat whether these might attempt to lock down your hosts file.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052452 Sat, 19 Sep 2009 22:45:32 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052424
Actual permssions are given by a fairly detailed list, but the cacls program will classify certain well-known patterns as (something like) "read", "read+write", "full control". Any non-standard combo is described as "special access".

But the upshot is that you don't have the permissions to change the system/hidden/readonly attributes of the file. Follow the instructions given for changing them with cacls.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052424 Sat, 19 Sep 2009 22:36:17 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052385
Currently logged in as Shane & Jodi

The output of CALCS looks interesting - Authenticated users? Special Access??

TIA

foo.txt 670 bytes

]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23052385 Sat, 19 Sep 2009 22:24:20 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049595
attrib C:\WINDOWS\system32\drivers\etc\hosts >foo.txt
cacls C:\WINDOWS\system32\drivers\etc\hosts >>foo.txt

Note two angle brackets in the second command!

The output will be in file foo.txt; please post the contents here.

Those will tell us the current atributes and permissions. (If the permissions are not the problem, then no sense in changing them).

If you're sensitive about us knowing the usernames in the output, then replace it but do it consistently (e.g. you could replace VKINETIC by USER1, OTHER by USER2, etc). And we'd also need to know the (translated) username you're logged in as -- i.e., in this example, are you currently USER1?]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049595 Sat, 19 Sep 2009 09:24:42 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049536
open a command prompt and type

c:\windows\system32\cacls c:\windows\system32\drivers\etc\hosts /g Shane & Jodi:rwcf

This should work, but I am not sure if the syntax allows your user name. If not, put the user name in double quotes:

cacls c:\windows\system32\drivers\etc\hosts /g: "Shane & Jodi":rwcf

If that doesn't work, try:

cacls "c:\windows\system32\drivers\etc\hosts /g: Shane & Jodi:rwcf"]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049536 Sat, 19 Sep 2009 09:02:09 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049506 http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049506 Sat, 19 Sep 2009 08:42:03 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049477 http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049477 Sat, 19 Sep 2009 08:31:14 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049160 said by docrice:

You may have to turn off services related to this, perhaps an AV app?
Spybot Search & Destroy has a feature to render the Hosts File as read only as protection against malware.

[att=1]

Spy Sweeper has a similar feature.

I've had to temporarily disable both to update and/or edit my Hosts File. Once edited, Windows Defender wants me to approve or deny the edits.

Sigh! Malware sucks.

]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049160 Sat, 19 Sep 2009 03:10:23 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049152 I wonder if SuperAntiSpyware, Spybot S&D or some similar program has a protection module locking the hosts' file. I'm seconding your thought on a spyware program protecting it.

If there was malware and no third party program locking it, my choice would be to look at doing a re-install repair (not to be confused with the repair function) as CALC's and resetting permissions might work, however what other file has been played with?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049152 Sat, 19 Sep 2009 03:04:25 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049097
Another route for investigation is to use Process Monitor and examine the file system for processes that hit the hosts file. You'll have to define a filter to look for instances only relating to that file, otherwise you'd have to do a lot of unnecessary parsing.

»technet.microsoft.com/en-us/sysi···645.aspx]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23049097 Sat, 19 Sep 2009 02:29:15 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23048936
Thanks

myresults.txt 56,824 bytes

]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23048936 Sat, 19 Sep 2009 01:22:06 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23048914
Thanks]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23048914 Sat, 19 Sep 2009 01:13:03 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23046119
handle.exe >> c:\myresults.txt

and you can scan through that.]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23046119 Fri, 18 Sep 2009 14:51:56 EDT Re: Hosts file attributes set to system and hidden http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23044233 Here is a link to the command syntax:

»technet.microsoft.com/en-us/libr···872.aspx

You may need to download cacls.exe from Microsoft, as not all systems have it.

Here is some relevant info from that link:

Cacls
Displays or modifies discretionary access control list (DACL) files.

Syntax
cacls FileName [/t] [/e] [/c] [/g User:permission] [/r User [...]] [/p User:permission [...]] [/d User [...]]

Top of page

Parameters
FileName : Required. Displays DACLs of specified files.

/t : Changes DACLs of specified files in the current directory and all subdirectories.

/e : Edits a DACL instead of replacing it.

/c : Continues to change DACLs, ignoring errors.

/g User : permission : Grants access rights to the specified user. The following table lists valid values for permission.

Value
Description

n
None

r
Read

w
Write

c
Change (Write)

f
Full Control

/r User : Revokes access rights for the specified user.

/p User : permission : Replaces access rights for the specified user. The following table lists valid values for permission.

Value
Description

n
None

r
Read

w
Write

c
Change (Write)

f
Full Control

/d User : Denies access for the specified user.

/? : Displays help at the command prompt. ]]> http://www.dslreports.com/forum/Re-Hosts-file-attributes-set-to-system-and-hidden-23044233 Fri, 18 Sep 2009 09:36:38 EDT