I do web development, and I use the HOSTS files on our local machines to
access test servers that don't have 'public' DNS names and for virtual
servers on the local loop so we don't have to publish over the 'net to our
own IIS6 servers.
It works brilliantly. HOWEVER - I have one machine that just won't let me
create/edit a HOSTS file. Well, it will let me create it, and then it will
just wink out of existence right before your eyes.
This box is running XP Pro 32 with SP2 installed & is up-to-date on
hotfixes/patches.
This is the only machine I am having this problem with AFAIK. I have 4
others where this is not the case. 2 with XP Pro and 2 with Media Center.
I'm not sure when the problem began to be honest because machines are tasked
differently. I noticed when I started publishing to a new virtual server -
WOW - that was slow... of course I'm publishing to a fully qualified path,
and I had created a host file to point to the local server, so I first pinged
the FQDN - whoa - ti was resolving to the public DNS entry. It was so slow
because the traffic was flowing out over the internet to the provider and
then back to the server. I thought I might have made a mistake in the HOSTS
entry, so I went to system32\drivers\etc - NO HOST FILE!
Yep, I was logged on as Administrator when I created the file. I tried a
couple of times, and finally used Crimson editor to create the file, and left
the system32\drivers\etc folder open in Explorer. About a minute later -
POOF!
I suspect this is a function of Windows System File Checker. I have done
some research along those lines, but I'm unsure if the HOSTS file is one of
those protected? The only way I can figure this one based on what I have
read is that this machine didn't have a HOSTS file when SP2 was applied - so
SFC thinks there should not be one. One other thought has occurred and that
was the Malware Removal tool might be responsible.
I'm at a complete loss here - Thanks for any ideas.
jonnybee <jonnybee@discussions.microsoft.com> wrote:
> Hi All -
>
> I do web development, and I use the HOSTS files on our local machines
> to access test servers that don't have 'public' DNS names and for
> virtual servers on the local loop so we don't have to publish over
> the 'net to our own IIS6 servers.
>
> It works brilliantly. HOWEVER - I have one machine that just won't
> let me create/edit a HOSTS file. Well, it will let me create it, and
> then it will just wink out of existence right before your eyes.
>
> This box is running XP Pro 32 with SP2 installed & is up-to-date on
> hotfixes/patches.
>
> This is the only machine I am having this problem with AFAIK. I have
> 4 others where this is not the case. 2 with XP Pro and 2 with Media
> Center.
>
> I'm not sure when the problem began to be honest because machines are
> tasked differently. I noticed when I started publishing to a new
> virtual server - WOW - that was slow... of course I'm publishing to a
> fully qualified path, and I had created a host file to point to the
> local server, so I first pinged the FQDN - whoa - ti was resolving to
> the public DNS entry. It was so slow because the traffic was flowing
> out over the internet to the provider and then back to the server. I
> thought I might have made a mistake in the HOSTS entry, so I went to
> system32\drivers\etc - NO HOST FILE!
>
> Yep, I was logged on as Administrator when I created the file. I
> tried a couple of times, and finally used Crimson editor to create
> the file, and left the system32\drivers\etc folder open in Explorer.
> About a minute later - POOF!
>
> I suspect this is a function of Windows System File Checker. I have
> done some research along those lines, but I'm unsure if the HOSTS
> file is one of those protected? The only way I can figure this one
> based on what I have read is that this machine didn't have a HOSTS
> file when SP2 was applied - so SFC thinks there should not be one.
> One other thought has occurred and that was the Malware Removal tool
> might be responsible.
>
> I'm at a complete loss here - Thanks for any ideas.
>
> jon b
SFC can't have anything to do with this.
What antispyware/antimalware applications do you have running on this box?
Disable them and test again.
> My reply is at the bottom of your message.
>
> jonnybee <jonnybee@discussions.microsoft.com> wrote:
> > Hi All -
> >
> > I do web development, and I use the HOSTS files on our local machines
> > to access test servers that don't have 'public' DNS names and for
> > virtual servers on the local loop so we don't have to publish over
> > the 'net to our own IIS6 servers.
> >
> > It works brilliantly. HOWEVER - I have one machine that just won't
> > let me create/edit a HOSTS file. Well, it will let me create it, and
> > then it will just wink out of existence right before your eyes.
> >
> > This box is running XP Pro 32 with SP2 installed & is up-to-date on
> > hotfixes/patches.
> >
> > This is the only machine I am having this problem with AFAIK. I have
> > 4 others where this is not the case. 2 with XP Pro and 2 with Media
> > Center.
> >
> > I'm not sure when the problem began to be honest because machines are
> > tasked differently. I noticed when I started publishing to a new
> > virtual server - WOW - that was slow... of course I'm publishing to a
> > fully qualified path, and I had created a host file to point to the
> > local server, so I first pinged the FQDN - whoa - ti was resolving to
> > the public DNS entry. It was so slow because the traffic was flowing
> > out over the internet to the provider and then back to the server. I
> > thought I might have made a mistake in the HOSTS entry, so I went to
> > system32\drivers\etc - NO HOST FILE!
> >
> > Yep, I was logged on as Administrator when I created the file. I
> > tried a couple of times, and finally used Crimson editor to create
> > the file, and left the system32\drivers\etc folder open in Explorer.
> > About a minute later - POOF!
> >
> > I suspect this is a function of Windows System File Checker. I have
> > done some research along those lines, but I'm unsure if the HOSTS
> > file is one of those protected? The only way I can figure this one
> > based on what I have read is that this machine didn't have a HOSTS
> > file when SP2 was applied - so SFC thinks there should not be one.
> > One other thought has occurred and that was the Malware Removal tool
> > might be responsible.
> >
> > I'm at a complete loss here - Thanks for any ideas.
> >
> > jon b
>
> SFC can't have anything to do with this.
> What antispyware/antimalware applications do you have running on this box?
> Disable them and test again.
>
Heh - NOT running any anti-spyware or anti-malware. I checked for the
presence of the MS malware tool - not in sight. I tried uninstalling a
couple of toolbars that had attached themselves thinking that might be the
source - nope. We run the Big 4 browsers for testing IE, FF, Opera and Safari
- and sometimes those toolbars get attached.
BUT - I think we might have 'acquired' a rootkit. Whatever is killing the
HOSTS file takes a minute or two to find it. BUT if you launch a browser -
presto - doesn't matter what browser. I'm thinking a port 80 watcher. I had
done a full system virusscan - negative - then I ran HijackThis and came
across one of those gnarly dll names and a reference to it from a virusscan
log. So I'm gonna do the brave (and sensible) thing at wipe it. I have
already burned two many hours on this... Thank God for a couple of spare
machines.
Before I do I will run ActivePorts on it to see if there's a logger or
redirector hanging about.
Thanks very much for your speedy, speedy and thoughtful input
jonnybee <jonnybee@discussions.microsoft.com> wrote:
>
>> My reply is at the bottom of your message.
>>
>> jonnybee <jonnybee@discussions.microsoft.com> wrote:
>>> Hi All -
>>>
>>> I do web development, and I use the HOSTS files on our local
>>> machines to access test servers that don't have 'public' DNS names
>>> and for virtual servers on the local loop so we don't have to
>>> publish over the 'net to our own IIS6 servers.
>>>
>>> It works brilliantly. HOWEVER - I have one machine that just won't
>>> let me create/edit a HOSTS file. Well, it will let me create it,
>>> and then it will just wink out of existence right before your eyes.
>>>
>>> This box is running XP Pro 32 with SP2 installed & is up-to-date on
>>> hotfixes/patches.
>>>
>>> This is the only machine I am having this problem with AFAIK. I
>>> have 4 others where this is not the case. 2 with XP Pro and 2 with
>>> Media Center.
>>>
>>> I'm not sure when the problem began to be honest because machines
>>> are tasked differently. I noticed when I started publishing to a
>>> new virtual server - WOW - that was slow... of course I'm
>>> publishing to a fully qualified path, and I ha created a host file
>>> to point to the local server, so I first pinged the FQDN - whoa -
>>> ti was resolving to the public DNS entry. It was so slow because
>>> the traffic was flowing out over the internet to the provider and
>>> then back to the server. I thought I might have made a mistake in
>>> the HOSTS entry, so I went to system32\drivers\etc - NO HOST FILE!
>>>
>>> Yep, I was logged on as Administrator when I created the file. I
>>> tried a couple of times, and finally used Crimson editor to create
>>> the file, and left the system32\drivers\etc folder open in Explorer.
>>> About a minute later - POOF!
>>>
>>> I suspect this is a function of Windows System File Checker. I have
>>> done some research along those lines, but I'm unsure if the HOSTS
>>> file is one of those protected? The only way I can figure this one
>>> based on what I have read is that this machine didn't have a HOSTS
>>> file when SP2 was applied - so SFC thinks there should not be one.
>>> One other thought has occurred and that was the Malware Removal tool
>>> might be responsible.
>>>
>>> I'm at a complete loss here - Thanks for any ideas.
>>>
>>> jon b
>>
>> SFC can't have anything to do with this.
>> What antispyware/antimalware applications do you have running on
>> this box? Disable them and test again.
>>
>
> Heh - NOT running any anti-spyware or anti-malware. I checked for the
> presence of the MS malware tool - not in sight. I tried uninstalling
> a couple of toolbars that had attached themselves thinking that might
> be the source - nope. We run the Big 4 browsers for testing IE, FF,
> Opera and Safari - and sometimes those toolbars get attached.
>
> BUT - I think we might have 'acquired' a rootkit. Whatever is
> killing the HOSTS file takes a minute or two to find it. BUT if you
> launch a browser - presto - doesn't matter what browser. I'm
> thinking a port 80 watcher. I had done a full system virusscan -
> negative - then I ran HijackThis and came across one of those gnarly
> dll names and a reference to it from a virusscan log. So I'm gonna
> do the brave (and sensible) thing at wipe it. I have already burned
> two many hours on this... Thank God for a couple of spare machines.
>
> Before I do I will run ActivePorts on it to see if there's a logger or
> redirector hanging about.
>
> Thanks very much for your speedy, speedy and thoughtful input
>
> jon b
You're most welcome - and ugh, what a pain in the ___. Best of luck. You're
probably doing the right thing.
=?Utf-8?B?am9ubnliZWU=?= <jonnybee@discussions.microsoft.com> wrote
in news:C55BBD09-9273-4D60-9205-F4F4235DFBAF@microsoft.com:
> Hi All -
>
> I do web development, and I use the HOSTS files on our local
> machines to access test servers that don't have 'public' DNS names
> and for virtual servers on the local loop so we don't have to
> publish over the 'net to our own IIS6 servers.
>
> It works brilliantly. HOWEVER - I have one machine that just won't
> let me create/edit a HOSTS file. Well, it will let me create it,
> and then it will just wink out of existence right before your
> eyes.
>
> This box is running XP Pro 32 with SP2 installed & is up-to-date
> on hotfixes/patches.
>
> This is the only machine I am having this problem with AFAIK. I
> have 4 others where this is not the case. 2 with XP Pro and 2
> with Media Center.
>
> I'm not sure when the problem began to be honest because machines
> are tasked differently. I noticed when I started publishing to a
> new virtual server - WOW - that was slow... of course I'm
> publishing to a fully qualified path, and I had created a host
> file to point to the local server, so I first pinged the FQDN -
> whoa - ti was resolving to the public DNS entry. It was so slow
> because the traffic was flowing out over the internet to the
> provider and then back to the server. I thought I might have made
> a mistake in the HOSTS entry, so I went to system32\drivers\etc -
> NO HOST FILE!
>
> Yep, I was logged on as Administrator when I created the file. I
> tried a couple of times, and finally used Crimson editor to create
> the file, and left the system32\drivers\etc folder open in
> Explorer. About a minute later - POOF!
>
> I suspect this is a function of Windows System File Checker. I
> have done some research along those lines, but I'm unsure if the
> HOSTS file is one of those protected? The only way I can figure
> this one based on what I have read is that this machine didn't
> have a HOSTS file when SP2 was applied - so SFC thinks there
> should not be one. One other thought has occurred and that was
> the Malware Removal tool might be responsible.
>
> I'm at a complete loss here - Thanks for any ideas.
>
> jon b
If you don't want to spend the time finding the cause, after editing
the file, you can go into the security settings for the file and change
them such that nobody (even SYSTEM or yourself) can alter or delete the
file while allowing the normal Read access. You'd have to change the
permissions back to further edit the file, but this may be a workaround
that won't take too much of your time.
Disappearing HOSTS file XP Pro SP2 
Linear Mode
