If malware/spyware has penetrated a system, hijacked the HOSTS file and:
- The HOSTS file is not visible in C:\WINDOWS\system32\drivers\etc\
- The HOSTS file is not visible in C:\WINDOWS\system32\drivers\etc\ even after “Show hidden files and folders”
- Unable to edit the HOSTS file
- Unable to overwrite the HOSTS file when copying over a new HOSTS file
Then we first re-create the default HOSTS file and save it to the desktop making sure that it does not have .txt or anything else at the end.
# Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 220.127.116.11 rhino.acme.com # source server # 18.104.22.168 x.acme.com # x client host 127.0.0.1 localhost
Once it has been saved to the desktop or C:\ or wherever, execute the below command from CMD:
cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G Administrators:F
You can also insert any username instead of Administrators:
cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G “Your User Name”:F
Basically the calcs command resets the file permissions for that file/directory to whatever you wanted them to be.