HarryX said:
Robert-
The problem remains. Here's what I did and answers to your questions:
1. The "hosts" file regenerates itself after I rename it & log off/log back
on again; it still exists on my PC.
Let's be clear. The HOSTS file can not regenerate itself.
Some program is causing that to happen. I was just guessing
that it might be spybotsd.
2. Installed XP support tools. Ran cmd prompt. Re-ran the two sep. cmds.
After entering the 2nd cmd, ("ipseccmd show filters") I get " 'ipseccmd' is
not recognized as an internal or external command, operable program or batch
file".
I have my Support Tools directory in my PATH environment variable.
I don't think I did anything special to have that happen but if that isn't
the case with your PATH variable it would explain your symptom if you
were trying to use the command from any other location than the
Support Tools directory. Even if this path wasn't specified I have a
Start menu shortcut, which again I suspect was created by the install,
which is labeled: Command Prompt underneath the Support Tools
submenu; so I would use that as an alternative.
To avoid any question about how your Support Tools were installed,
including which shortcuts you have in your Start menu's Programs submenu,
why not just do a change directory to wherever they are installed and verify
that the command is there? E.g.
cd %ProgramFiles%\Support Tools
dir ips*
If you installed the Support Tools to some other directory than Program Files
or if you renamed it something other than Support Tools modify the first
command appropriately.
3. The only thing I saw in SPYBOT was an explanation as to what the "hosts"
file does in the help file. I saw no configuration settings, etc pertaining
to "hosts" file.
Recommendations or ideas?
As I mentioned above the spybotsd idea was a guess.
In that case what I would do is use FileMon to monitor HOSTS
to help find out which program is creating that file.
(FileMon is freeware from SysInternals.)
BTW have you tried the other suggestions anyway?
If you are getting hung up on trying to assess the validity
of the malware hypothesis try using the telnet test to start
diagnosing particular problems.
Good luck
Robert
---