Yes its pointed to the right path in the registry. And its
named just HOSTS. I have used this before many times and
this is the first time I've seen it not work. Any more ideas?
Well, the Hosts file is part of DNS resolution. And DNS resolution is affected
by the LSP / Winsock subsystem.
http://support.microsoft.com/?id=318584
http://support.microsoft.com/?id=811259
If XP RTM or Service Pack 1:
1. Backup and delete the following registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
2. Reboot.
3. Open the network connections folder, right click your network connection, and
click Properties.
4. Click Install | Protocol | Add.
5. Click "Have Disk...", type "\windows\inf" in the box, and click OK.
6. Click "Internet Protocol (TCP/IP)", then click OK.
7. Reboot.
If XP SP2:
1. Start - Run - "cmd".
2. Type "netsh winsock reset catalog" into the command window.
Give LSP-Fix <
http://www.cexx.org/lspfix.htm>, WinsockFix
<
http://www.tacktech.com/display.cfm?ttid=257>, or WinsockXPFix
<
http://www.spychecker.com/program/winsockxpfix.html> a shot.
If no help yet, reset TCP/IP.
http://support.microsoft.com/?id=299357
Start - Run - "cmd". Type "netsh int ip reset c:\netsh.txt" into the command
window.
If no help yet, consider (this would be a new one but...) that malware has
hijacked the Hosts file to some new nefarious purpose. Maybe one spyware writer
(tired of seeing his efforts wasted by the diligence of the HPGuru or MVPS
websites) wants to prevent your access to his website from being blocked by a
hosts file entry, so he has bypassed the hosts file use in some new way.
HijackThis, and expert advice, may be the next thing to work with. Maybe you
can help others.
Start by downloading each of the following additional free tools:
AdAware <
http://www.lavasoftusa.com/>
HijackThis <
http://www.majorgeeks.com/download.php?det=3155>
Spybot S&D <
http://www.safer-networking.org/index.php?page=download>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run them.
Next, run AdAware. First update it, configure for full scan
(<
http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D. First update it, then run a scan. Trust Spybot, and
delete everything ("Fix Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<
http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <
http://forum.aumha.org/index.php>
Net-Integration: <
http://forums.net-integration.net/>
Spyware Info: <
http://forums.spywareinfo.com/>
Spyware Warrior: <
http://spywarewarrior.com/index.php>
Tom Coyote: <
http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.