Results 1 to 1 of 1

Thread: Spybot S&D failed to Immunize Global Hosts file SOLVED

  1. #1
    Junior Member
    Join Date
    May 2010
    Posts
    2

    Default Spybot S&D failed to Immunize Global Hosts file SOLVED

    I was called out to check out a client's PC because the client was sure that a virus was on it. When I got there no S&D installed and the installed AV wasn't running.

    I had downloaded Spybot and AVG beforehand and took them with me. After installing Spybot and updating it I tried to use the Immunize feature. All of them successfully immunized except for the "Global (Hosts)". I was running as a user with Computer Administrator rights on Windows XP. Dropping to a command prompt I looked at the attributes of the hosts file located in this dir:
    C:\WINDOWS\system32\drivers\etc
    attrib showed that the hosts file had the System, Hidden, and Read-only file attributes set. Trying to remove these attributes using:
    attrib -s -h -r hosts
    failed with some access denied error.

    I ran this command:
    cacls C:\WINDOWS\system32\drivers\etc\hosts /G Everyone:F
    and then this command worked fine:
    attrib -s -h -r hosts

    After examining the hosts file I saw that the malware/spyware/virus was redirecting most google sites to a different IP address. I deleted this hosts file and replaced it with a copy of the standard windows one. Then Spybot S&D was able to completely immunize successfully.
    Last edited by itsonlyjustincase; 2010-05-11 at 09:58.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •