Re: Disappearing HOSTS file XP Pro SP2
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 3 Mar 2008 19:14:35 -0500
jonnybee <jonnybee@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
My reply is at the bottom of your message.
jonnybee <jonnybee@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi All -
I do web development, and I use the HOSTS files on our local
machines to access test servers that don't have 'public' DNS names
and for virtual servers on the local loop so we don't have to
publish over the 'net to our own IIS6 servers.
It works brilliantly. HOWEVER - I have one machine that just won't
let me create/edit a HOSTS file. Well, it will let me create it,
and then it will just wink out of existence right before your eyes.
This box is running XP Pro 32 with SP2 installed & is up-to-date on
hotfixes/patches.
This is the only machine I am having this problem with AFAIK. I
have 4 others where this is not the case. 2 with XP Pro and 2 with
Media Center.
I'm not sure when the problem began to be honest because machines
are tasked differently. I noticed when I started publishing to a
new virtual server - WOW - that was slow... of course I'm
publishing to a fully qualified path, and I ha created a host file
to point to the local server, so I first pinged the FQDN - whoa -
ti was resolving to the public DNS entry. It was so slow because
the traffic was flowing out over the internet to the provider and
then back to the server. I thought I might have made a mistake in
the HOSTS entry, so I went to system32\drivers\etc - NO HOST FILE!
Yep, I was logged on as Administrator when I created the file. I
tried a couple of times, and finally used Crimson editor to create
the file, and left the system32\drivers\etc folder open in Explorer.
About a minute later - POOF!
I suspect this is a function of Windows System File Checker. I have
done some research along those lines, but I'm unsure if the HOSTS
file is one of those protected? The only way I can figure this one
based on what I have read is that this machine didn't have a HOSTS
file when SP2 was applied - so SFC thinks there should not be one.
One other thought has occurred and that was the Malware Removal tool
might be responsible.
I'm at a complete loss here - Thanks for any ideas.
jon b
SFC can't have anything to do with this.
What antispyware/antimalware applications do you have running on
this box? Disable them and test again.
Heh - NOT running any anti-spyware or anti-malware. I checked for the
presence of the MS malware tool - not in sight. I tried uninstalling
a couple of toolbars that had attached themselves thinking that might
be the source - nope. We run the Big 4 browsers for testing IE, FF,
Opera and Safari - and sometimes those toolbars get attached.
BUT - I think we might have 'acquired' a rootkit. Whatever is
killing the HOSTS file takes a minute or two to find it. BUT if you
launch a browser - presto - doesn't matter what browser. I'm
thinking a port 80 watcher. I had done a full system virusscan -
negative - then I ran HijackThis and came across one of those gnarly
dll names and a reference to it from a virusscan log. So I'm gonna
do the brave (and sensible) thing at wipe it. I have already burned
two many hours on this... Thank God for a couple of spare machines.
Before I do I will run ActivePorts on it to see if there's a logger or
redirector hanging about.
Thanks very much for your speedy, speedy and thoughtful input
jon b
You're most welcome - and ugh, what a pain in the ___. Best of luck. You're
probably doing the right thing.
.
- References:
- Re: Disappearing HOSTS file XP Pro SP2
- From: Lanwench [MVP - Exchange]
- Re: Disappearing HOSTS file XP Pro SP2
- From: jonnybee
- Re: Disappearing HOSTS file XP Pro SP2
- Prev by Date: Re: Wireless LAN
- Next by Date: Re: How to apply permissions for files and folders in Windows XP
- Previous by thread: Re: Disappearing HOSTS file XP Pro SP2
- Next by thread: Re: Disappearing HOSTS file XP Pro SP2
- Index(es):
Relevant Pages
|
