Reclaim Your HOSTS File

If malware/spyware has penetrated a system, hijacked the HOSTS file and:

  • The HOSTS file is not visible in C:\WINDOWS\system32\drivers\etc\
  • The HOSTS file is not visible in C:\WINDOWS\system32\drivers\etc\ even after “Show hidden files and folders”
  • Unable to edit the HOSTS file
  • Unable to overwrite the HOSTS file when copying over a new HOSTS file

Then we first re-create the default HOSTS file and save it to the desktop making sure that it does not have .txt or anything else at the end.

# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
#          # source server
#              # x client host       localhost

Once it has been saved to the desktop or C:\ or wherever, execute the below command from CMD:

cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G Administrators:F

You can also insert any username instead of Administrators:

cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G “Your User Name”:F

Basically the calcs command resets the file permissions for that file/directory to whatever you wanted them to be.


One Comment to “Reclaim Your HOSTS File”

  1. Adnan

    i am unable to one this some one had blocked my etc file when i click on it it shows accessing denied some one applied cacls cmd on it so which camand open it so i vil b abel to remove some privecy from my computer i vil b very thank ful to you


Leave a Comment

Your email address will not be published. Required fields are marked *