Denied Access to Hosts File

Question

I just can't get into it. No matter what I do... It resulted from malware, my hosts file was "turned" into a system file that can not be altered or deleted in any way, shape or form.

I have attempted numerous "Internet fixes" to no avail. Can anyone help?

I receive access denied errors whenever I attempt to modify, add, edit, change or delete my hosts file. Safe Mode doesn't help. Run As Administrator with Administrator enabled doesn't help (Windows 7, 64bit machine, btw)... nothing works.

Anyone? Any ideas other than a complete wipe and rebuild?

Thanks!

score 6 · Answer 1 · answered Dec 23 '11 at 18:47

6

It could actually be your antivirus.. Have you checked out that avenue?

answered Dec 23 '11 at 18:47

SirCharlo

160
4

I had MSE installed... it was removed with the malware. I had not had a chance to reinstall. – ClaytonDaniels Dec 23 '11 at 18:49
Here, Kaspersky Pure 3.0 was enabled and file was readonly. Paused it for some minutes then reopened file and it worked. – Niloct Apr 09 '15 at 18:38

score 4 · Answer 2 · answered Sep 26 '13 at 01:17

Windows has placed special permissions on system files since around Vista. I tried many ways to edit my Hosts file including attempting to "take control" of the file as administrator with no luck. Now I found an easy way to edit these types of files:

Bring up Windows Start menu
Type in the name of your text editor (e.g. notepad) into the search box and press enter.
When your editor shows up, right click the program and select 'Run as administrator' from the list of options. (I used textpad.exe, but any should work). If you skip this step it will not work!
You will have to use the open dialog in your editor to open the file since Windows will not allow drag-n-drop. In Textpad, the etc folder was hidden, so I had to type it into the file box to get into that directory within the open dialog.
Now that you see the hosts file, select it for editing.
Perform your editing and click save when finished.

I found a Microsoft support reference to this issue here: http://support.microsoft.com/kb/923947

It should save with no access denied permissions. If you still get an error, then your issue is probably being compounded with another issue like an extremely protective antivirus program (which you can probably temporarily disable and repeat the steps above. I performed this workaround in Windows 7x64 that runs Microsoft Security Essentials and it worked without having to do anything else. I hope this helps.

score 2 · Answer 3 · answered Jul 11 '13 at 17:34

Shortcut to edit windows hosts file as Admin

Creating the batch file

Paste this in a new notepad file and save it somewhere as hosts.bat

takeown /f "%windir%\system32\drivers\etc\hosts" && icacls "%windir%\system32\drivers\etc\hosts" /grant administrators:F
attrib -r -h -s hosts
%windir%\notepad.exe %windir%\system32\drivers\etc\hosts

Making it easy to access

Copy that file to c:\windows\system32\hosts.bat

How to access it

Click start then type "hosts" (no qutoes) and hit enter. You will notice you are not prompted for UAC but can save the file and the changes stick!

Source

http://brakertech.com/bat-file-as-administrator/

Alex · Accepted Answer · 2015-04-20T08:57:28.680

2

I recommend you download Hiren's tool box ( http://www.hirensbootcd.org/download/ ) and try some cleaning, give it a try... it's a wonderful compilation of tools.

And yes, it has a tool that is about modifying host file. Did you tried to drag host file to desktop remove the read-only (if has) and then edit it? If not generate one new!

edited Apr 20 '15 at 08:57

answered Dec 23 '11 at 18:44

Alex

7,089
19
74
141

Moving it to the desktop did nothing, still access denied errors. I cannot generate a new one as it won't let me overwrite the current one nor will it let me save anything without an extension. – ClaytonDaniels Dec 23 '11 at 18:52
give it a try to hiren, and also try replacing the original one with one downloaded (clean it first) try searching hosts on www.4shared.com – Alex Dec 23 '11 at 19:01
also you could try and online antivirus scan as using the existing tools in hiren for anti-malware and such – Alex Dec 23 '11 at 19:04
This was successful... i booted into Mini XP and was able to delete the file. Thanks! – ClaytonDaniels Dec 23 '11 at 19:08

score 1 · Answer 5 · answered Dec 23 '11 at 18:49

1

Try rebooting your machine in Safe Mode.

In case you don't know how to restart in safe mode, here are the steps:

Restart your computer
Press and Hold F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will have to restart the machine again.
On the Advanced Boot Options screen, use the arrow keys to highlight the safe mode option you want, and then press Enter.
Log on to your computer with a user account that has administrator rights.

Once you are in safe mode try editing the file.

answered Dec 23 '11 at 18:49

Virendra

2,480
3
21
36

Nada... even in safe mode, access denied. – ClaytonDaniels Dec 23 '11 at 18:54
Try using this tool to remove the malware http://www.microsoft.com/security/pc-security/malware-removal.aspx This is a good tool to remove malwares. Hope it helps. – Virendra Dec 23 '11 at 19:00
A friend also recommended using this http://www.superantispyware.com/ Try using the portable version, which creates a new name everytime you use it and I think can also change its signature so that the virus/malware cannot detect it. – Virendra Dec 23 '11 at 19:04

test · Answer 6 · 2016-04-05T00:56:38.827

change attribute is No avail reboot is No avail

there are two notepad.exe in x64 windows,

you must use full path c:\windows\system2\notepad.exe ,this one is 64 bit version,

only type notepad whithout path may be launch 32 bit notepad. (c:\windows\syswow64\notepad.exe)

"Run as administrator" just let you enforce launch 64 bit notepad.exe

using 32 bit software to edit c:\windows\system32\drivers\etc\hosts

the x64 system will automatic redirect to c:\windows\syswow64\drivers\etc

and there is no hosts file.

the GUI stiil display current folder is c:\windows\system32

but the real folder is c:\windows\syswow64

change attribute is No avail

score 0 · Answer 7 · answered Jun 26 '16 at 04:01

If you're on a 64-bit architecture and trying to edit with a 32-bit editor (e.g. Notepad++) you can't save the file. Try editing your file with the regular notepad that is shipped with Windows. To be absolutely sure, also run Notepad as an Administrator

score 0 · Answer 8 · answered Dec 23 '11 at 18:49

0

As a quick first step, I would try running cmd.exe (as adminstrator) and then using the command

attrib -r -h -s hosts

but I would guess something else is going on