PDA

View Full Version : Unexpected error in fixing problems



JDKasdan
2009-10-02, 06:33
When using Spybot to check for errors malware was found. I got the following message:
Unexpected error in fixing problems. Cannot create file c:\windows\system32\drivers\etc\hosts
Access denied

I am running windows xp professional, sp 3.

Can anyone help me deal with this problem in simple language?

Thanks!

Guru19713
2009-10-02, 11:55
When using Spybot to check for errors malware was found. I got the following message:
Unexpected error in fixing problems. Cannot create file c:\windows\system32\drivers\etc\hosts
Access denied

I am running windows xp professional, sp 3.

Can anyone help me deal with this problem in simple language?

Thanks!


I had written a small batch file a very long time ago, and currently I still use it to this day. Hopefully, it helps you as it does I. What you will want to do first is, create a batch file (can be named anything, but in this case, I choose "hosts.bat" for obvious reasons.)



--- BEGIN COPYING CODE ---

@ECHO OFF
"%WINDIR%\System32\ATTRIB.EXE" -A -H -R -S "%WINDIR%\system32\drivers\etc\hosts"
"%WINDIR%\System32\EDIT.COM" "%WINDIR%\system32\drivers\etc\hosts"
"%WINDIR%\System32\ATTRIB.EXE" +A +H +R +S "%WINDIR%\system32\drivers\etc\hosts"

--- END COPYING CODE ---

Additional notes and information about the commands that are used in the batch file.

The [@ECHO OFF] statement is only used so that the batch file isn't so verbose.

The [%WINDIR%] tells Microsoft Windows that you want to access the Windows directory, where it's installed. If you installed Windows on a drive other than C, it should know. If you are not comfortable with this, replace %WINDIR% with the drive letter and directory Windows is installed (e.g. C:\Windows\").

This batch file will not operate directly for Windows 95, Windows 98 or Windows Me because these platforms do not have a "system32\drivers" directory, instead the hosts file is found in the actual Windows\ directory.

The [ATTRIB.EXE] command is used to remove attributes of the hosts file so that you can access the file and make any changes you believe is necessary. After you have closed up hosts.bat, ATTRIB.EXE is again executed, restoring (or adding attributes) to help prevent/protect the file from being accessed.

[EDIT.COM] is used by this batch file, to keep things short, simple and sweet. Spybot Search & Destroy does have it's own hosts file manager in the Advanced Mode if I remember right. I've developed my own manager years ago, but the code is since long gone. :(

If you are using this batch file on a system that has User Access Control enabled, you need to elevate this batch file; otherwise you won't be able to do very much with it.

But anyway, I hope that this file helps you out. (If the hosts file does not exist, hopefully it'll help create it or otherwise fix your problem.) I'll be up for a bit longer I think, so I am up for a bit longer, I'll see if I can help you out with this further. Being up for nearly 3 days has no entertainment. :(


I just now thought about it, to save you the trouble (and others who may be interested,) I've attached the hosts.bat file in a compressed .zip archive.

JDKasdan
2009-10-04, 18:51
As I am only somehwhat computer literate, can you please explain in BASIC terms how to create this batch file.

Thanks!

Zenobia
2009-10-06, 09:37
Could you run a 'Check for Problems' scan,and when it's done,rightclick somewhere in the results window and select Copy results to clipboard,then paste the results here?

JDKasdan
2009-10-08, 04:43
These are the problems that are identified:--- Search result list ---
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securesoftwarebill.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

And when I select "Fix selected problems," I get this message:

Unexpected error in fixing problems
(Cannot create file "C:\WINDOWS\System32\drives\etc\hosts". Access is denied)

JDKasdan
2009-10-08, 04:45
Results posted from clipboard:


Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securesoftwarebill.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-10-06 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-10-06 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-10-06 Includes\HijackersC.sbi (*)
2009-09-29 Includes\Keyloggers.sbi (*)
2009-10-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-10-06 Includes\Malware.sbi (*)
2009-10-06 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-10-06 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-10-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-10-06 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-10-06 Includes\Trojans.sbi (*)
2009-10-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Zenobia
2009-10-08, 06:43
Thanks for posting your results list. :)

I suggest asking for help in malware removal.
Please read and follow the Before You Post sticky topic:
http://forums.spybot.info/showthread.php?t=288

Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22

inspector
2009-10-08, 15:09
I am having the same problem? Is this a false positive? I have downloaded and run other anti-malware/spyware programs to try and remove this but not one of them is detecting this spyware. Mine had 11 entries as follows:


--- Search result list ---
Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getavplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Another issue was that I couldn't use system restore to restore my pc to a previous date.

Please advise. Joined the forum to specifically address this problem

Zenobia
2009-10-10, 02:55
I suggest asking for help in malware removal.
Please read and follow the Before You Post sticky topic:
http://forums.spybot.info/showthread.php?t=288

Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22