1 2 Previous Next 17 Replies Latest reply: Dec 15, 2010 10:01 AM by vinoo RSS

    How do you find C:\Windows\System32\Drivers\etc\HOSTS file?

      Can someone please help me? I am using McAfee Internet Security and my laptop was infected with the Antivirus Action malware. I researched a way on here to get rid of it by going to BleepingComputer.com. I was following the directions until I got to   # 19 which said to delete the C:\Windows\System32\Drivers\etc\HOSTS file.

       

      I was doing fine to that point. I don't know how to find that file. I really need some help. Can someone please help me?

       

      Thanks.

       

       

        • 1. Re: How do you find C:\Windows\System32\Drivers\etc\HOSTS file?
          Peacekeeper

          Open explorer and click on windows and then system32 and drivers and etc there is host file open it with notepad.

           

          Where are you striking trouble you may need to if you are on XP open explorer and go to view folder options and tick/untick the option re showing hidden files/folders.

          • 2. Re: How do you find C:\Windows\System32\Drivers\etc\HOSTS file?

            Thanks, Peacekeeper. I will try that. I have Windows Vista. The directions said I need to delete that file and download the HOSTS file that corresponds with my Windows and save it to the C:\Windows\Systems32\Drivers\etc folder. I hope I get this right.

             

            Update: Tried it. Won't let me save the file, says "You don't have permission to save in this location. Contact the administrator to obtain permission." Its my computer, therefore, it makes me the Admin. This is stopping me from finishing. Please help. I very much appreciate all the help.

             

             

            Message was edited by: antBean on 12/4/10 1:45:27 PM CST
            • 3. Re: How do you find C:\Windows\System32\Drivers\etc\HOSTS file?
              Peacekeeper

              Just open the file in notepad and edit it to remove what is not in the 1 you are supposed to save. Usually it has no addresses other than 127.0.0.1 the # lines are not read by windows

              ie

              # Copyright (c) 1993-1999 Microsoft Corp.
              #
              # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
              #
              # This file contains the mappings of IP addresses to host names. Each
              # entry should be kept on an individual line. The IP address should
              # be placed in the first column followed by the corresponding host name.
              # The IP address and the host name should be separated by at least one
              # space.
              #
              # Additionally, comments (such as these) may be inserted on individual
              # lines or following the machine name denoted by a '#' symbol.
              #
              # For example:
              #
              # 102.54.94.97 rhino.acme.com # source server
              # 38.25.63.10 x.acme.com # x client host

              127.0.0.1 localhost
              • 4. Re: How do you find C:\Windows\System32\Drivers\etc\HOSTS file?
                Ex_Brit

                You have to turn off access protection first in SecurityCenter.

                 

                Double-click the taskbar icon to open SecurityCenter

                Click Navigation (top right)

                Click General Settings and Alerts

                Click Access Protection

                Uncheck it and click Apply.

                 

                You should have access now and don't forget to re-enable it.

                 

                 

                Message was edited by: Ex_Brit on 04/12/10 2:46:50 CST PM
                • 5. Re: How do you find C:\Windows\System32\Drivers\etc\HOSTS file?

                  Ok, I tried what both of you said to do. I deleted the file like I was supposed to but I still cannot save the new file in the folder like I was told to. It asks me if I would like to save in the Tina (my name) instead? Please help. This is 1 of the last remaining steps I need to do from removing and fixing my laptop like BleepingComputer says in their instructions. Stupid antivirus action malware!

                   

                  Thanks again in advance for any help.

                  • 6. Re: How do you find C:\Windows\System32\Drivers\etc\HOSTS file?
                    Peacekeeper

                    Tried booting into safe made and try there? Ie tap F8 key during boot.

                    • 7. Re: How do you find C:\Windows\System32\Drivers\etc\HOSTS file?

                      I was able to do it that way but now Windows Defender tells me Backdoor:Win32/Cycbot.B. I have no idea what that is except its been quarantined 6 times since yesterday. I have ran McAfee and Malwarebytes Anti-Malware. I am about ready to give up. Any other ideas to try? Thanks again.

                      • 8. Re: How do you find C:\Windows\System32\Drivers\etc\HOSTS file?
                        Peacekeeper

                        Second post here http://www.bleepingcomputer.com/forums/topic354181.html says do not do any banking on this PC. There is a set of removal instructions. Not common here as you only post here re this beastie.

                        • 9. Re: How do you find C:\Windows\System32\Drivers\etc\HOSTS file?
                          vinoo

                          @antBean:

                           

                          If you suspect you're infected and have trouble finding what is causing the infection, I'd suggest giving this handy tool a try.

                           

                          "McAfee  GetSusp is intended for users who suspect undetected malware on their  system. By using a combination of clever heuristics and querying  McAfee's online database of known clean files to gather suspicious  files, GetSusp eliminates the user's need for deep technical knowledge  of computer systems to isolate undetected malware. McAfee GetSusp is  recommended as a tool of first choice when analyzing a suspect machine."

                           

                          Get it from here: https://community.mcafee.com/servlet/JiveServlet/download/160970-6957/GetSusp3.0 .0.120.zip

                           

                          Once GetSusp identifies and collects the suspect files, post the logs here and we community members can help isolate the malware on your machine.

                          1 2 Previous Next