I thought I was adminstrator! 3

[TheAceMan1]

Howdy All . . .

Finished a fight with Trojan.Fraudpack. However the attack has left me with no Inrernet access (connection OK!). In attempting to change an entry in the Hosts file ... I found I had to have permission to do so!

Permission? ... I thought I was an [blue]admin[/blue] (checking revealed this to be so). Security reveals the file is locked somehow. If I could change just one line:

[blue]127.0.0.1       localhost
::1             localhost[/blue]

Any Ideas? ...

See Ya! . . . . . .

Be sure to see thread181-473997 [blue]Worthy Reading![/blue]
Also faq181-2886 [blue]Worthy Reading![/blue]

 

[vacunita]

1. Try Taking ownership of the file.
2. Try Running Command Prompt with Administrative Privileges.
Type command in the search bx in the start menu, and then right click on the executable that shows up in the results, and select run as Administrator. Then just navigate to the hosts file from the command prompt
cd Windows
cd system32
cd etc
edit hosts

and try to edit it from there.

3. Log in with the built in Admin account and try the change that way.


----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[kjv1611]

I'd wonder if you really got rid of the threat. If something else had the file open, then perhaps they'd somehow lock the file.

Besides that, did you install any software that would try and protect the file? A firewall with "defense", the antivirus you're using, an Antispwyare program, such as SpywareBlaster or SuperAntiSpyware?

 

[kjv1611]

Also, take a look at this walk-through, and see if it gives any help:

http://www.mvps.org/winhelp2002/hostsvista.htm

 

[kjv1611]

Another reference from Microsoft:

http://support.microsoft.com/kb/923947

 

[linney]

Most Host files have the Read-only attribute set, have you checked that?

 

[firewolfrl]

Right click internet explorer icon IE> Properties> Connections> Lan Settings> unclick proxy server Or open internet explorer; hit Alt and go to tools then Connections> Lan Settings> unclick proxy serverthat is a common trick in the malware world

 

[BadBigBen]

1. an Admin account is just another account with more privileges than a standard user account, but by no means do you have FULL control over the machine...

to gain FULL control log in as the default ADMINISTRATOR, which is turned OFF by default. once done disable it again, see the following HowTo:

Activate, Enable and Show Administrator Account in Vista Welcome Screen

http://www.mydigitallife.info/2007/...dministrator-account-in-vista-welcome-screen/

2. what line are you trying to fix in the HOST file, the two lines you posted are the LOCAL HOST ADDRESS in IPv4 and IPv6, and they do not need to be changed...

3. good idea to check the PROXY settings... this could be the cause...

4. my thoughts are that the WINSOCKS got hit/scrambled, to fix this issue the following command in either the RUN BOX, a CLI window, or in a SHELL (such as PowerShell):

netsh winsock reset catalog

this resets the winsocks to the default values, then reboot the PC...

keep us posted...


Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

 

[TheAceMan1]

firewolfrl: Hit the nail on the head!

BadBigBen: Beautiful!

See Ya! . . . . . .

Be sure to see thread181-473997 [blue]Worthy Reading![/blue]
Also faq181-2886 [blue]Worthy Reading![/blue]