OS XP... I had a virus that redirected yahoo, Google, etc to another web
site. Ran a scan and eliminated the virus. The
C:\WINDOWS\system32\drivers\etc\hosts file was not visible when opening the
etc folder. I tried to create a new hosts file and was stopped by an error
that said the file already existed. I opened the etc\hosts file in thedos
window and listed its contents. It was filled with yahoo / Google redirects.
I tried to delete it with the dos command and was stopped by an error that
said I didn't have permission... I was logged on as an administrator.
Question should I boot up in protected mode and try to delete? If that
doesn't work should I go into the registry????
Thanks,
Neil
None of the above and you don't need to waste time "trying" anything.
Fix it.
The hosts file is a read only, hidden system file. It is just a text
file that you can manipulate
with WordPad, Notepad or any text editor. Before modifying the hosts
file, make a copy of the current one
in case you need to restore the original.
Some third party software scanning tools will add entries to the hosts
file on purpose to block your browser
from loading certain WWW sites entirely or block advertisements from
certain WWW sites that the software knows
about that contains ads or the software thinks are inappropriate. You
can remove entries in the hosts file
by hand if desired.
Malicious software can also add entries to the host file to redirect
your browser to some other WWW site than
the one you really want to visit. For example, if you try to browse
to
www.google.com, you may end up on
some WWW site that is inappropriate or just an advertisement for a
product you never heard of and don't
want. Until you fix the hosts file, your browser will always be
redirected.
If your hosts file has been manipulated by malicious software, editing
the hosts file will not remove the
malicious software. You will still need to scan your system with
software tools to be sure the malicious
software is entirely gone.
Malicious software scanning tools may also remove the malicious
software and leave the bad entries in the hosts
file. The scanning tools cannot tell if entries in the hosts file
were made on purpose or by malicious software
so you still may need to edit the hosts file by hand if browser
redirection occurs after the malicious software
has been removed.
Some scanning tools will report modifications to the hosts file as
suspicious and allow you to review the changes
and let you decide if the changes are appropriate or not and take
action.
A hosts file is not required for your browser to function. If you
suspect an issue with the hosts file you
can rename the hosts file and test your browsing without it.
Always reboot your system and test browsing after making any changes
to the hosts file.
To manipulate the hosts file, you must make hidden files unhidden and
remove the Read Only attribute.
In Explorer, navigate to c:\windows\system32\drivers\etc
Click Tools. Folder Options, View. In Advanced Settings, enable
(tick) the radio button for:
Show hidden files and folders
Click OK.
The hosts file has no extension but some system files do and it may be
helpful to also see the file extensions
for all the files. While you are adjusting folder View options, make
file extensions visible.
Click Tools, Folder Options, View. In Advanced Settings, put a check
mark (tick) in the box:
Hide extensions for known file types
Click OK.
Now the hosts file should be visible.
Make a copy of the current hosts file and name the copy appropriately
so you can find it later and undo
any changes if the changes do not work or things get worse.
Remove the Read-only attribute:
Right click the hosts file, Properties, uncheck the box that says:
Read-only
Click OK.
Now you can edit the hosts file with any text editor. Be sure to save
the hosts file after making any changes.
You will have to decide what is appropriate for your hosts file. The
default hosts file only has one entry (and a lot of comments) so if
you suspect the hosts file is part of your issue, you can delete
everything but the default entry and save the file.
Always reboot your system and test browsing after making any changes
to the hosts file.
You should make the hosts file Read-only again when you are finished
making changes. Obviously some programs
or malicious software do not pay attention to the attributes of a Read-
only file, but it is good practice for
the hosts file to be Read-only.
If desired, reverse the Explorer changes to hide system files and
extensions for known file types.
If you feel your hosts file is beyond repair, replace the contents
with the Windows default values.
The default hosts file for Windows XP looks like this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host
name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost