I use hosts to resolve some ip's that I use a lot, but it keeps reverting. I read that the Bonjour service will mess with hosts, so I removed it, but I won't know for a couple days if that did anything. I also read that some malware scanners don't like it if hosts is +s, +h, +r, etc, so I applied those switches, but a couple days later (today) it did it again. Does anyone know anything about the hosts file reverting to stock?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
win 7 hosts file keeps reverting
- Thread starter jmille34
- Start date
You cannot modify the Hosts file or the Lmhosts file in Windows Vista and Windows 7
If it is a user that is modifying your file, the Deny Permissions might be an alternative but don't lock yourself out.
Even with all the attributes set, a "System" or "Trusted Installer" user may still have access?
I think that even without a Hosts file, Windows, and Browsing, will not worry too much about the fact it is missing and carry on without it. It only checks it if it exists.
If it is a user that is modifying your file, the Deny Permissions might be an alternative but don't lock yourself out.
Even with all the attributes set, a "System" or "Trusted Installer" user may still have access?
I think that even without a Hosts file, Windows, and Browsing, will not worry too much about the fact it is missing and carry on without it. It only checks it if it exists.
- Thread starter
- #3
I used the hosts file extensively in Vista. I have 6 or so systems that I keep mapped, and I also get the no-spam type hosts file and append that, so my hosts file was huge in vista, and it was reliable. In windows 7, though, I can't even quite place exactly what it's doing. It has reverted or otherwise lost my changes no less than 8-10 times, but I was having other problems, so I did a clean reinstall, and now it has done it to me another 4-5 times. It seems that sometimes it actually deletes the file, because I go to edit it, and notepad asks if I want to create the file. This most recent time, it reverted to bone stock with the comments section and then the ipv4 localhost and ipv6 localhost. I use a .bat file that calls notepad c:\windows\system32\drivers\etc\hosts, and I put a shortcut to the .bat in my start menu, so I hit start, type hosts, "hosts.bat" comes up at the top of the list, hit the properties button, hit A (run as administrator), hit Y (yes). I've done it this way in Vista and Server 08 for years with no problem, but Win7 just isn't having it. I just added my main server back to my hosts file while typing this, and it is still there, but I bet by tomorrow it will be gone, maybe the whole file.
You could turn on Auditing to figure out who or what is accessing the file after you do.
----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
Try what Phil has suggested, this is not a problem that I see myself, and not one that I have seen reports about.
It does seem to be something that you are running that is causing this. I'd be looking at the security programs you run, any startup or login scripts, and anything coming down via Group Policy.
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
Autoruns for Windows v9.57
It does seem to be something that you are running that is causing this. I'd be looking at the security programs you run, any startup or login scripts, and anything coming down via Group Policy.
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
Autoruns for Windows v9.57
- Thread starter
- #6
It was reconfigured back to bone stock in the middle of the night last night, and the date stamp is 4/2/2010 (today) at 2:31am. I have turned on auditing (I think, never used it before) for the hosts file. So hopefully some time today or possible monday, it will show what exactly? The name of the service that keeps fiddling with it?
- Thread starter
- #9
Hi
I would bet on Bonjour Services (I think this is part of an Apple plot to undermine Windows 7, but then again I'm paranoid) but I can't tell you how much trouble I have see caused by this app.
This has been a problem since Beta and it was still a problem when I got my new computer a couple of months ago.
After installing ITunes and my Adobe software my connection cut out and sure enough, Bonjour Services again.
I don't understand whey this hasn't been fixed by now.
Either by Apple or Microsoft since the problem was so universal.
Mike
I would bet on Bonjour Services (I think this is part of an Apple plot to undermine Windows 7, but then again I'm paranoid) but I can't tell you how much trouble I have see caused by this app.
This has been a problem since Beta and it was still a problem when I got my new computer a couple of months ago.
After installing ITunes and my Adobe software my connection cut out and sure enough, Bonjour Services again.
I don't understand whey this hasn't been fixed by now.
Either by Apple or Microsoft since the problem was so universal.
Mike
- Thread starter
- #12
The file is stone cold deleted today, and along with it, presumably my auditing, because I did a find on my security log for "hosts" and all it found was when I initially set up auditing on 4/2 at 10:59, and you can see above that I posted at 11:01 that I had just done it. I have removed bonjour such that itunes complained the first time I started it. I also checked Windows Defender, and it does have some activity, but nothing about the hosts file. To check further, I created a new hosts file (again), set it up with a couple addresses, and then ran defender against the etc folder, but it left it alone. I'm completely stumped. I'm about ready to create a backup hosts file and set up a scheduled task to copy it every hour or something kludgy like that. I find it hard to believe I've actually done anything special and that other people aren't having the problem. Maybe not many people touch their hosts file?
The actual location of the Hosts is defined in the following Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, in the Value called DataBasePath
You already know the location of the file.
See if you can use a program like Process Monitor to see what is reading, writing to, or deleting your Hosts and that Registry location.
Process Monitor v2.8
Important! Updating the MVPS HOSTS file in Windows 7 requires special instructions
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
Autoruns for Windows v9.57
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, in the Value called DataBasePath
You already know the location of the file.
See if you can use a program like Process Monitor to see what is reading, writing to, or deleting your Hosts and that Registry location.
Process Monitor v2.8
Important! Updating the MVPS HOSTS file in Windows 7 requires special instructions
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
Autoruns for Windows v9.57
- Status
