Well. It really took me a long time (days) to find out the solutions to clean up the hosts file on Windows. The solutions is actually fair easy. So I want to share this solution to people who had so much troubles fixing it. Almost every search result I found on the Internet are asking me to down extra software, which may or may not contain spyware or virus. So it actually make your problem worst.
For some reasons, my computer was infected with either undetectable virus or spyware (tried MacFee, TrendMicro HouseCall and even Microsoft Security Essential without any luck) that lock up the entire etc folders and make the hosts file disappear even I login as administrator on my Windows7 PC.
The hosts file is located under C:/windows/system32/drivers/etc folder.
What hosts file does is to cache a copy of website / domain with their IP address. Hackers and spammer knows how to use this files to drive traffic to their advertiser sites. Once every few hours, when I click on link on Google, Bing or even Facebook, the browser redirect the link to a third-party unknown advertisement site or porn site. So I know my DNS records was hijacked.
So the only way to solve this problem is to find out what process are locking up the hosts file, and delete the file and clean the hosts file.
- First of all, I have to download the HijackThis software (HJT) to check what resources and processes are locking the hosts file found on HijackThis log at line O20. (It was nvinit.dll under sysWOW64 folder).
- I run msconfig and restart my computer into SAVE MODE
- Delete the nvint.dll file by running cmd as administrators and run del command to remove the file
- Restart the computer back to normal startup mode.
- For the same reasons, HJT told me that the hosts file can NOT be modified due to permission. So I know there was a problem with the hosts file, which is owned by non-adminstrator account.
- So I run cmd as administrator again and run the following commend to change the ownership of the file to administrator using ICACLS Command.
- Now I can change the attribute of the hosts file and make it modifiable. Just type attrib -S -H -R hosts command to change the file attribute to un-hide and writable.
Here you go!
At this point, I am still not sure how I got myself into this troubles, but I do believe I click some malicious email or pop-up windows on the browser.