My browser has apparently been hijacked. I reset my Internet Explorer settings and disabled addons (advice from my last post...thanks) but, this did not work. I ran Spybot and Smitfraudfix. With Spybot, received "Unexpected error in fixing problems. Cannot create file "C:\windows\system32\drivers\etc\hosts" access is denied. With Smitfraudfix, I went through the whole process of running the smitfraudfix.exe in safe mode and in the report, there were about 40 or so messages "access is denied". Does anyone know what this means? This is so crazy...who are these people that create these viruses which cause so much frustration for us "everyday people"?? Arghhhh..... Thanks so much for any help!
I suggest you to run Smitfraudfix.exe once again in Normal mode, also check for unwanted entries on host file & remove them, after removing them make sure to save the file....if an error appears stating "Access Denied" then there chances of host file might be corrupt & in that case you may have to replace the host file.
Navigating to host file - C:/windows/system32/drivers/etc/hosts - Open with notepad.
McAfee Technical Support
I attached a copy of that host file you referred me to so you can see whether it looks corrupt. They all look to be websites that my browser gets hijacked to.... I deleted everything and tried to save it but got "Cannot create the C:/windows/system32/drivers/etc/hosts. Make sure that the path and file name are correct". Is there another way that I should delete everything? Thanks!!!
Is this in XP SP3 may I ask? When you went to edit the HOSTS file, when finished, did you click on File/Save or Save as? Plain Save usually worked for me. I say worked because I no longer have XP installed in order to check it.
Do you have the actual Administrator account visible and available on your log in screen? If not you can enable it. I suggest this because this is best done by the Administrator account.
For XP only here's a quick method of enabling the hidden Admin account: http://www.dougknox.com/xp/scripts_desc/xp_admin_ok.htm
If you do enable it don't forget to password protect it and any other of your accounts if the machine is used by more than one person.Message was edited by: Ex_Brit on 06/01/10 10:00:40 EST AM
Another suggestion which might be a good idea in any case to double-check everything is as it should be. Download Hijackthis and post its log on one of the following specialist forums for expert advice:
Do not post the log here, we can't help!
Post the logs at a specialist Forum:
Be sure to read all the sticky announcements/instructions at the top of each malware forum!
It is Windows XP, Version 5.1, SP3 ... I did "file Save" in the administrator account and got the same message "Cannot create the C:\windows......" So, I'm still having the same problem. In one of the SmitFraudFix reports, on the 2nd page it states "hosts file corrupted".
Navigate to C:\WINDOWS\system32\drivers\etc\hosts and open the file with Notepad, (Right click, select Notepad and make sure that the option to "Always use this application to open this type of file" is NOT selected).
Make the changes, then goto File > Save As, ensure the "Save as file type:" is All files and not *.txt , then click Save. Accept the warning that this will overwrite the existing file.
Does that not work for you?
I can do the save as "all files" but, it is still only saving it as a .txt document. I clicked on one of the "hosts.201001105.213320.backup" files. & it let me override it. There are about 40 or so of these files with different #'s.... Does that mean anything?