Image Source: Day 486 / 365 – Late Night High Level Coding Courtesy Of: JasonRogers
Well. It really took me a long time (days) to find out the solutions to clean up the hosts file on Windows. The solutions is actually fair easy. So I want to share this solution to people who had so much troubles fixing it. Almost every search result I found on the Internet are asking me to down extra software, which may or may not contain spyware or virus. So it actually make your problem worst.
The problem:
For some reasons, my computer was infected with either undetectable virus or spyware (tried MacFee, TrendMicro HouseCall and even Microsoft Security Essential without any luck) that lock up the entire etc folders and make the hosts file disappear even I login as administrator on my Windows7 PC.
The hosts file is located under C:/windows/system32/drivers/etc folder.
What hosts file does is to cache a copy of website / domain with their IP address. Hackers and spammer knows how to use this files to drive traffic to their advertiser sites. Once every few hours, when I click on link on Google, Bing or even Facebook, the browser redirect the link to a third-party unknown advertisement site or porn site. So I know my DNS records was hijacked.
So the only way to solve this problem is to find out what process are locking up the hosts file, and delete the file and clean the hosts file.
The solutions:
- First of all, I have to download the HijackThis software (HJT) to check what resources and processes are locking the hosts file found on HijackThis log at line O20. (It was nvinit.dll under sysWOW64 folder).
- I run msconfig and restart my computer into SAVE MODE
- Delete the nvint.dll file by running cmd as administrators and run del command to remove the file
- Restart the computer back to normal startup mode.
- For the same reasons, HJT told me that the hosts file can NOT be modified due to permission. So I know there was a problem with the hosts file, which is owned by non-adminstrator account.
- So I run cmd as administrator again and run the following commend to change the ownership of the file to administrator using ICACLS Command.
- Now I can change the attribute of the hosts file and make it modifiable. Just type attrib -S -H -R hosts command to change the file attribute to un-hide and writable.
Here you go!
At this point, I am still not sure how I got myself into this troubles, but I do believe I click some malicious email or pop-up windows on the browser.
About Terence Chang
Very interesting, I wonder how you got infected originally? I have used AVG Free virus software for years and have never had a problem (knocking on wood)…
Thanks for this info, I will keep it filed away in case it happens to myself or someone I know…
Phil McDonnell recently posted..Does your Facebook Page have a Friendly URL?
@Phil:
I believe I accidentally click on either a malicious email in ThunderBird program or on a webpages. It loads the program in the sysWOW64 folder (Windows7 64bit), which is not currently fully detectable by many Anti-virus / spyware software.
None of the major software company detech that. Even Microsoft’s MSDN solution won’t solve the problem.
I hope you don’t get this. It’s very time consuming and annoying.
I really wonder how much money the spammer or hacker were making. They maybe get tons’s traffic, but I doubt they are making fortune. It sounds like slowlane business model to me.
Terence Chang recently posted..She Is On Fire