If malware/spyware has penetrated a system, hijacked the HOSTS file and:

• The HOSTS file is not visible in C:\WINDOWS\system32\drivers\etc\
• The HOSTS file is not visible in C:\WINDOWS\system32\drivers\etc\ even after “Show hidden files and folders”
• Unable to edit the HOSTS file
• Unable to overwrite the HOSTS file when copying over a new HOSTS file

Then we first re-create the default HOSTS file and save it to the desktop making sure that it does not have .txt or anything else at the end.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

Once it has been saved to the desktop or C:\ or wherever, execute the below command from CMD:

cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G Administrators:F

You can also insert any username instead of Administrators:

cacls C:\WINDOWS\system32\drivers\etc\hosts /E /G “Your User Name”:F

Basically the calcs command resets the file permissions for that file/directory to whatever you wanted them to be.