It is not possible to change the HOSTS file

By | 27.04.2016

It is not possible to change the file HOSTS

Most viruses that change the file hosts , and are not allowed on certain sites, or vice versa redirected to fraudulent sites that do the trick, which does not allow to modify the file the host . The options may be two, but more often they are used by both. So, down to business! Consider them.

The hosts file is hidden

hidden file hostsThe virus creates a second file system hosts file , which makes hidden. Thus the operating system reads the data from both files, and performs prescribed instructions of the virus hidden hosts file. Thus it is impossible to identify anything suspicious when checking the «visible» file.

If there is suspicion of a modification of the file hosts file , be sure to enable access to hidden files and folders , and then check whether the backup file with the virus records. Often the situation is compounded by the fact that the virus disables the display of hidden files and settings in the folder properties simply do not persist. In this case, you must first unlock the ability to display hidden files , and then delete the hidden file backup hosts file . Recall that the hosts file is edited application standard Notepad or any text editor, and is located in the folder C: \ WINDOWS \ system32 \ drivers \ etc

The script at startup

Virus writers — very resourceful people and always looking for new ways to disguise. Together with a hidden second hosts file is often used this trick, the script startup. What is this script and how borottsya with him?

The script is a set of standard Windows commands stored in a text file and edited with any text editor, such as Notepad. In our case, the most commonly used script that copies of the Windows temporary folder infected hosts file and makes it hidden. The script that basically sits in the menu Start — All Programs — Startup . Thus, each time the computer is rebooted hidden infected hosts file reappears in the system, and gives the impression that the hosts file is not possible to change.

in the startup virus

A script that copies the infected file, often disguised as common names such as adobe updater, igfxtray, system, svchost  , lsass, services, winlogon, csrss, smss, explorer, userinit, or something muffled type kG4tdew16gY . To remove a script you need to boot into safe mode, go to the menu Start — All Programs — Startup right-click the shortcut to the script and delete it. If you delete all the shortcuts menu Startup , nothing terrible will happen. Probably not boot at startup kind of program, but you will get rid of the virus. You can always reinstall the program.

In some cases, viruses mask and the Startup folder. In this case, nothing in it will not be displayed, even if the virus sits there. You must show hidden files and folders check:

For the Windows XP, : the C: \ the Documents and the Settings \ % the username% \ Start Menu \ Programs \ Startup

For Windows 7 : the C: \ Users Offline \% the username% \ the AppData \ Roaming folder \ the Microsoft \ Windows \ Etpu Start the Menu \ the Programs \ the Startup

After all the manipulations, it is desirable to clean the disk of debris and scan your computer anti-virus utility, such as AVZ 4

Changed the registry key

The last and most rare viruses trick — to change the registry key responsible for the location of the file hosts file . It is necessary to start the Registry Editor. In windows xp Start — Run — type the command regedit and press the Enter , in the Windows 7 Start —  enter the command regedit and press the Enter .

Now you need to check the option DataBasePath in branch the HKEY_LOCAL_MACHINE \ the SYSTEM \ CurrentControlSet \ Services \ Tcpip \ the Parameters . He must enter values have % SystemRoot% \ the System32 \ drivers \ etc .

path to the hosts in the registry

If the value is more, double click on the parameter and enter the correct value. Now close the registry editor.

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *