Discussion:
can't edit hosts file?
Add Reply
J. P. Gilliver (John)
2018-04-05 19:04:01 UTC
Reply
Permalink
Raw Message
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
being used by another process." (The process being plain original
NotePad.) If I try to delete it (having made a copy of course!), I get
"The action can't be completed because the file is open in System".

I've just done a restart, and tried again before opening anything I'd
have thought would be using it - no change. Though as I said, I'm sure
I've edited it before, and that _wouldn't_ have been under those
circumstances.

What's using it? "System" isn't very informative - could be a user
rather than a process.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

A man is not contemptible because he thinks science explains everything, and a
man is not contemptible because he doesn't. - Howard Jacobson, in Radio Times
2010/1/23-29.
Char Jackson
2018-04-05 20:35:24 UTC
Reply
Permalink
Raw Message
On Thu, 5 Apr 2018 20:04:01 +0100, "J. P. Gilliver (John)"
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
being used by another process." (The process being plain original
NotePad.) If I try to delete it (having made a copy of course!), I get
"The action can't be completed because the file is open in System".
I've just done a restart, and tried again before opening anything I'd
have thought would be using it - no change. Though as I said, I'm sure
I've edited it before, and that _wouldn't_ have been under those
circumstances.
What's using it? "System" isn't very informative - could be a user
rather than a process.
Some AV programs will lock the hosts file to prevent malicious editing.
Also, I believe you have to run your editor, Notepad in this case, as
Administrator. If you're already aware of those restrictions, then I'm
not sure what the deal is.
--
Char Jackson
J. P. Gilliver (John)
2018-04-05 20:59:25 UTC
Reply
Permalink
Raw Message
Post by Char Jackson
On Thu, 5 Apr 2018 20:04:01 +0100, "J. P. Gilliver (John)"
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
being used by another process." (The process being plain original
NotePad.) If I try to delete it (having made a copy of course!), I get
"The action can't be completed because the file is open in System".
I've just done a restart, and tried again before opening anything I'd
have thought would be using it - no change. Though as I said, I'm sure
I've edited it before, and that _wouldn't_ have been under those
circumstances.
What's using it? "System" isn't very informative - could be a user
rather than a process.
Some AV programs will lock the hosts file to prevent malicious editing.
Also, I believe you have to run your editor, Notepad in this case, as
Administrator. If you're already aware of those restrictions, then I'm
not sure what the deal is.
I've tried this - running Notepad as administrator, and turning off AVG.
I still get "...cannot access the file because it is being used by
another process."
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Capital flows toward lower costs like a river to lowest ground.
"MJ", 2015-12-05
Ed Cryer
2018-04-05 21:13:08 UTC
Reply
Permalink
Raw Message
Post by J. P. Gilliver (John)
Post by Char Jackson
On Thu, 5 Apr 2018 20:04:01 +0100, "J. P. Gilliver (John)"
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
being used by another process." (The process being plain original
NotePad.) If I try to delete it (having made a copy of course!), I get
"The action can't be completed because the file is open in System".
I've just done a restart, and tried again before opening anything I'd
have thought would be using it - no change. Though as I said, I'm sure
I've edited it before, and that _wouldn't_ have been under those
circumstances.
What's using it? "System" isn't very informative - could be a user
rather than a process.
Some AV programs will lock the hosts file to prevent malicious editing.
Also, I believe you have to run your editor, Notepad in this case, as
Administrator. If you're already aware of those restrictions, then I'm
not sure what the deal is.
I've tried this - running Notepad as administrator, and turning off AVG.
I still get "...cannot access the file because it is being used by
another process."
Try using Process Explorer to see what's got it tied up; Find tab, Find
Handle or DLL.
In Windows 7 the hosts file is;
C:\Windows\System32\drivers\etc\hosts

Ed
Auric__
2018-04-05 21:02:22 UTC
Reply
Permalink
Raw Message
Post by Char Jackson
On Thu, 5 Apr 2018 20:04:01 +0100, "J. P. Gilliver (John)"
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
being used by another process." (The process being plain original
NotePad.) If I try to delete it (having made a copy of course!), I get
"The action can't be completed because the file is open in System".
I've just done a restart, and tried again before opening anything I'd
have thought would be using it - no change. Though as I said, I'm sure
I've edited it before, and that _wouldn't_ have been under those
circumstances.
What's using it? "System" isn't very informative - could be a user
rather than a process.
Some AV programs will lock the hosts file to prevent malicious editing.
Also, I believe you have to run your editor, Notepad in this case, as
Administrator. If you're already aware of those restrictions, then I'm
not sure what the deal is.
If you have Sysinternals Process Explorer, search for "hosts" (Ctrl+F) and
it'll show you what has it open. You can close the handle from the lower main
pane (Ctrl+L). (You may need to "Show Details for All Processes".)

(Any program with similar capabilities should be able to do this.)

Otherwise, try rebooting to safe mode and editing there.
--
Your anger is a wellspring. You must use it.
J. P. Gilliver (John)
2018-04-05 23:53:53 UTC
Reply
Permalink
Raw Message
Post by Auric__
Post by Char Jackson
On Thu, 5 Apr 2018 20:04:01 +0100, "J. P. Gilliver (John)"
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
being used by another process." (The process being plain original
NotePad.) If I try to delete it (having made a copy of course!), I get
"The action can't be completed because the file is open in System".
I've just done a restart, and tried again before opening anything I'd
have thought would be using it - no change. Though as I said, I'm sure
I've edited it before, and that _wouldn't_ have been under those
circumstances.
What's using it? "System" isn't very informative - could be a user
rather than a process.
Some AV programs will lock the hosts file to prevent malicious editing.
Also, I believe you have to run your editor, Notepad in this case, as
Administrator. If you're already aware of those restrictions, then I'm
not sure what the deal is.
If you have Sysinternals Process Explorer, search for "hosts" (Ctrl+F) and
it'll show you what has it open. You can close the handle from the lower main
pane (Ctrl+L). (You may need to "Show Details for All Processes".)
(Any program with similar capabilities should be able to do this.)
Otherwise, try rebooting to safe mode and editing there.
Thanks, you and Ed. Excellent idea. Then I found my Process Explorer
won't work! I've extracted it again from the .zip file I downloaded (and
yes, it _did_ work then!); I run it, I get the UAC popup, I click Run in
that, and - nothing happens. And there's nothing beginning with P in
Task Manager other than Panorama.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

... "Peter and out." ... "Kevin and out." (Link episode)
Mayayana
2018-04-06 11:43:22 UTC
Reply
Permalink
Raw Message
"J. P. Gilliver (John)" <G6JPG-***@255soft.uk> wrote

| Thanks, you and Ed. Excellent idea. Then I found my Process Explorer
| won't work! I've extracted it again from the .zip file I downloaded (and
| yes, it _did_ work then!); I run it, I get the UAC popup, I click Run in
| that, and - nothing happens. And there's nothing beginning with P in
| Task Manager other than Panorama.

Sounds fishy to me. Your software generally
works but editing HOSTS and running ProcExp
are blocked? I'd suspect some kind of sneaky
thing had got onto the system.

If it were me I'd first shut off UAC and if that
didn't clear things up I'd try downloading some
malware/AV products. (Many of them can be
downloaded as free packages for emergency use.)

The only other thing I can think of would be if you
had somehow screwed up file restrictions.... maybe
logging on as Guest or some such? But you have a
lot of experience. I can't think of anything you
might have done accidentally.
It's an interesting mystery.
Paul
2018-04-06 13:04:23 UTC
Reply
Permalink
Raw Message
Post by Mayayana
| Thanks, you and Ed. Excellent idea. Then I found my Process Explorer
| won't work! I've extracted it again from the .zip file I downloaded (and
| yes, it _did_ work then!); I run it, I get the UAC popup, I click Run in
| that, and - nothing happens. And there's nothing beginning with P in
| Task Manager other than Panorama.
Sounds fishy to me. Your software generally
works but editing HOSTS and running ProcExp
are blocked? I'd suspect some kind of sneaky
thing had got onto the system.
If it were me I'd first shut off UAC and if that
didn't clear things up I'd try downloading some
malware/AV products. (Many of them can be
downloaded as free packages for emergency use.)
The only other thing I can think of would be if you
had somehow screwed up file restrictions.... maybe
logging on as Guest or some such? But you have a
lot of experience. I can't think of anything you
might have done accidentally.
It's an interesting mystery.
I think Kaspersky blocks about half of the
Sysinternals programs. As an example.

And even without an AV, you can use SRP in the
OS, to block particular things. SRP was used to
block the first round of Ransomware (before the
Ransomware became more sophisticated and borrowed
techniques from existing malware).

Paul
Ed Cryer
2018-04-06 11:43:40 UTC
Reply
Permalink
Raw Message
Post by J. P. Gilliver (John)
Post by Auric__
Post by Char Jackson
On Thu, 5 Apr 2018 20:04:01 +0100, "J. P. Gilliver (John)"
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
being used by another process." (The process being plain original
NotePad.) If I try to delete it (having made a copy of course!), I get
"The action can't be completed because the file is open in System".
I've just done a restart, and tried again before opening anything I'd
have thought would be using it - no change. Though as I said, I'm sure
I've edited it before, and that _wouldn't_ have been under those
circumstances.
What's using it? "System" isn't very informative - could be a user
rather than a process.
Some AV programs will lock the hosts file to prevent malicious editing.
Also, I believe you have to run your editor, Notepad in this case, as
Administrator. If you're already aware of those restrictions, then I'm
not sure what the deal is.
If you have Sysinternals Process Explorer, search for "hosts" (Ctrl+F) and
it'll show you what has it open. You can close the handle from the lower main
pane (Ctrl+L). (You may need to "Show Details for All Processes".)
(Any program with similar capabilities should be able to do this.)
Otherwise, try rebooting to safe mode and editing there.
Thanks, you and Ed. Excellent idea. Then I found my Process Explorer
won't work! I've extracted it again from the .zip file I downloaded (and
yes, it _did_ work then!); I run it, I get the UAC popup, I click Run in
that, and - nothing happens. And there's nothing beginning with P in
Task Manager other than Panorama.
Try running it as Administrator.
If that doesn't work, look here;
https://support.microsoft.com/en-us/help/816683/process-explorer-from-sysinternals-does-not-start

If it's still unfixed after that, then do a comprehensive check of what
else is shut out; and then let us know.

Ed
Ed Cryer
2018-04-06 14:02:54 UTC
Reply
Permalink
Raw Message
Post by Ed Cryer
Post by J. P. Gilliver (John)
Post by Auric__
Post by Char Jackson
On Thu, 5 Apr 2018 20:04:01 +0100, "J. P. Gilliver (John)"
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
being used by another process." (The process being plain original
NotePad.) If I try to delete it (having made a copy of course!), I get
"The action can't be completed because the file is open in System".
I've just done a restart, and tried again before opening anything I'd
have thought would be using it - no change. Though as I said, I'm sure
I've edited it before, and that _wouldn't_ have been under those
circumstances.
What's using it? "System" isn't very informative - could be a user
rather than a process.
Some AV programs will lock the hosts file to prevent malicious editing.
Also, I believe you have to run your editor, Notepad in this case, as
Administrator. If you're already aware of those restrictions, then I'm
not sure what the deal is.
If you have Sysinternals Process Explorer, search for "hosts" (Ctrl+F) and
it'll show you what has it open. You can close the handle from the lower main
pane (Ctrl+L). (You may need to "Show Details for All Processes".)
(Any program with similar capabilities should be able to do this.)
Otherwise, try rebooting to safe mode and editing there.
Thanks, you and Ed. Excellent idea. Then I found my Process Explorer
won't work! I've extracted it again from the .zip file I downloaded
(and yes, it _did_ work then!); I run it, I get the UAC popup, I click
Run in that, and - nothing happens. And there's nothing beginning with
P in Task Manager other than Panorama.
Try running it as Administrator.
If that doesn't work, look here;
https://support.microsoft.com/en-us/help/816683/process-explorer-from-sysinternals-does-not-start
If it's still unfixed after that, then do a comprehensive check of what
else is shut out; and then let us know.
Ed
A useful help in cases like this is to find what file permissions are
available.
Proxexp.exe Properties, Security tag.
Mine has full for System and Administrators; all but that for
Authenticated Users.

Ed
J. P. Gilliver (John)
2018-04-06 14:56:37 UTC
Reply
Permalink
Raw Message
In message <pa7mms$s3q$***@dont-email.me>, Ed Cryer
<***@somewhere.in.the.uk> writes:
[]
Post by Ed Cryer
Post by J. P. Gilliver (John)
Thanks, you and Ed. Excellent idea. Then I found my Process Explorer
won't work! I've extracted it again from the .zip file I downloaded
(and yes, it _did_ work then!); I run it, I get the UAC popup, I
click Run in that, and - nothing happens. And there's nothing
beginning with P in Task Manager other than Panorama.
Try running it as Administrator.
It did, thanks!

I've just modified the properties of the shortcut to run as
administrator, and that works too.
[]
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Veni Vidi Vacuum [I came, I saw, It sucked] - ***@saslimited.demon.co.uk, 1998
Good Guy
2018-04-05 21:22:59 UTC
Reply
Permalink
Raw Message
could be a user rather than a process.
Yes it's a user who has very serious demented brain.

To edit a host file you need to drag it to your desktop (i.e. move it)
and then edit it. after editing it, drag it back to its original location.

Voila it works. It wasn't difficult was it, old man?
/--- This email has been checked for viruses by
Windows Defender software.
//https://www.microsoft.com/en-gb/windows/comprehensive-security/
--
With over 600 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.
slate_leeper
2018-04-06 13:18:38 UTC
Reply
Permalink
Raw Message
Post by Good Guy
could be a user rather than a process.
Yes it's a user who has very serious demented brain.
To edit a host file you need to drag it to your desktop (i.e. move it)
and then edit it. after editing it, drag it back to its original location.
Voila it works. It wasn't difficult was it, old man?
I have always edited it directly in the original location, but since I
change it fairly often, I now have a link to it on the desktop, and
open it with right-click "Open with notepad."
--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)
J. P. Gilliver (John)
2018-04-06 15:00:17 UTC
Reply
Permalink
Raw Message
Post by slate_leeper
Post by Good Guy
could be a user rather than a process.
Yes it's a user who has very serious demented brain.
(I think bad guy has a mirror.)
Post by slate_leeper
Post by Good Guy
To edit a host file you need to drag it to your desktop (i.e. move it)
and then edit it. after editing it, drag it back to its original location.
Voila it works. It wasn't difficult was it, old man?
I have always edited it directly in the original location, but since I
change it fairly often, I now have a link to it on the desktop, and
open it with right-click "Open with notepad."
Me too. Well, I have a shortcut to NotePad+, with hosts as a parameter
(i. e. the shortcut's Target line is
C:\Windows\Notepad+.exe C:\WINDOWS\system32\drivers\etc\hosts. [and its
startup line is %HOMEDRIVE%%HOMEPATH%, though that's probably not
necessary]). That saves the right-click and open with step.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Veni Vidi Vacuum [I came, I saw, It sucked] - ***@saslimited.demon.co.uk, 1998
Bob_S
2018-04-06 01:18:40 UTC
Reply
Permalink
Raw Message
I'm sure I have edited it since moving to W7! But now when I try, I am told
it is in use: "The process cannot access the file because it is being used
by another process." (The process being plain original NotePad.) If I try
to delete it (having made a copy of course!), I get "The action can't be
completed because the file is open in System".
I've just done a restart, and tried again before opening anything I'd have
thought would be using it - no change. Though as I said, I'm sure I've
edited it before, and that _wouldn't_ have been under those circumstances.
What's using it? "System" isn't very informative - could be a user rather
than a process.
Are you sure you have enabled hidden files and that you have the correct
HOSTS file (uppercase and no extension).

It is in the C:\Windows\System32\drivers\etc directory. You may have other
hosts or HOSTS.xxx files with some extension.
--
Bob S.
J. P. Gilliver (John)
2018-04-06 01:28:29 UTC
Reply
Permalink
Raw Message
Post by J. P. Gilliver (John)
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
[]
Post by J. P. Gilliver (John)
What's using it? "System" isn't very informative - could be a user
Post by J. P. Gilliver (John)
rather than a process.
Are you sure you have enabled hidden files and that you have the
correct HOSTS file (uppercase and no extension).
Yes; because it's in such an obscure place and has no extension, I have
a shortcut set up, that opens NotePad+ directly on it. (I don't think
the case matters for such a short filename ...
Post by J. P. Gilliver (John)
It is in the C:\Windows\System32\drivers\etc directory. You may have
other hosts or HOSTS.xxx files with some extension.
... but it's the only hosts file in there anyway.) I _have_ edited it
before; that's why I set up the shortcut.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Old professors don't fade away - they just lose their faculties.
jetjock
2018-04-06 15:02:15 UTC
Reply
Permalink
Raw Message
On Fri, 6 Apr 2018 02:28:29 +0100, "J. P. Gilliver (John)"
Post by J. P. Gilliver (John)
Post by J. P. Gilliver (John)
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
[]
Post by J. P. Gilliver (John)
What's using it? "System" isn't very informative - could be a user
Post by J. P. Gilliver (John)
rather than a process.
Are you sure you have enabled hidden files and that you have the
correct HOSTS file (uppercase and no extension).
Yes; because it's in such an obscure place and has no extension, I have
a shortcut set up, that opens NotePad+ directly on it. (I don't think
the case matters for such a short filename ...
Post by J. P. Gilliver (John)
It is in the C:\Windows\System32\drivers\etc directory. You may have
other hosts or HOSTS.xxx files with some extension.
... but it's the only hosts file in there anyway.) I _have_ edited it
before; that's why I set up the shortcut.
John,

Try "unlocker" to see if something has really locked the file. Will
all allow you to unlock, rename, move or delete the file.

https://unlocker.en.softonic.com/?ex=REG-60.2
Auric__
2018-04-06 03:25:29 UTC
Reply
Permalink
Raw Message
Post by Bob_S
Are you sure you have enabled hidden files and that you have the correct
HOSTS file (uppercase and no extension).
As a general rule, Windows isn't case-sensitive. It shouldn't matter if it's
"hosts" or "HOSTS" or even something silly like "HoStS".
--
I've come for knowledge.
Char Jackson
2018-04-06 04:18:10 UTC
Reply
Permalink
Raw Message
On Fri, 6 Apr 2018 03:25:29 -0000 (UTC), "Auric__"
Post by Auric__
Post by Bob_S
Are you sure you have enabled hidden files and that you have the correct
HOSTS file (uppercase and no extension).
As a general rule, Windows isn't case-sensitive. It shouldn't matter if it's
"hosts" or "HOSTS" or even something silly like "HoStS".
Agreed, and for the record, the default is lower case for this file. I'm
not sure why Bob mentioned uppercase.
--
Char Jackson
Auric__
2018-04-06 05:00:06 UTC
Reply
Permalink
Raw Message
Post by Char Jackson
On Fri, 6 Apr 2018 03:25:29 -0000 (UTC), "Auric__"
Post by Auric__
Post by Bob_S
Are you sure you have enabled hidden files and that you have the
correct HOSTS file (uppercase and no extension).
As a general rule, Windows isn't case-sensitive. It shouldn't matter if
it's "hosts" or "HOSTS" or even something silly like "HoStS".
Agreed, and for the record, the default is lower case for this file.
It's lowercase in systems that *are* case-sensitive. Both my Mac and my Linux
server have /etc/hosts.
Post by Char Jackson
I'm not sure why Bob mentioned uppercase.
In older systems -- 9x and NT3/4 -- the sample hosts files were uppercase.
(HOSTS.SAM) Shrug.
--
You love me 'cause I hate you.
Char Jackson
2018-04-06 14:03:45 UTC
Reply
Permalink
Raw Message
On Fri, 6 Apr 2018 05:00:06 -0000 (UTC), "Auric__"
Post by Auric__
Post by Char Jackson
On Fri, 6 Apr 2018 03:25:29 -0000 (UTC), "Auric__"
Post by Auric__
Post by Bob_S
Are you sure you have enabled hidden files and that you have the
correct HOSTS file (uppercase and no extension).
As a general rule, Windows isn't case-sensitive. It shouldn't matter if
it's "hosts" or "HOSTS" or even something silly like "HoStS".
Agreed, and for the record, the default is lower case for this file.
It's lowercase in systems that *are* case-sensitive. Both my Mac and my Linux
server have /etc/hosts.
Post by Char Jackson
I'm not sure why Bob mentioned uppercase.
In older systems -- 9x and NT3/4 -- the sample hosts files were uppercase.
(HOSTS.SAM) Shrug.
On my virgin Windows 98SE VM, it's called "Hosts.sam". Only the first
letter is capitalized. ;-)
--
Char Jackson
Auric__
2018-04-08 21:48:06 UTC
Reply
Permalink
Raw Message
Post by Char Jackson
On Fri, 6 Apr 2018 05:00:06 -0000 (UTC), "Auric__"
[snip]
Post by Char Jackson
Post by Auric__
Post by Char Jackson
I'm not sure why Bob mentioned uppercase.
In older systems -- 9x and NT3/4 -- the sample hosts files were
uppercase. (HOSTS.SAM) Shrug.
On my virgin Windows 98SE VM, it's called "Hosts.sam". Only the first
letter is capitalized. ;-)
IIRC, 9x systems had a setting to do that with all-caps filenames. Perhaps
it's an Explorer setting. My 95 & 98SE systems both show "HOSTS.SAM". [shrug]
--
Hello, gentlemen! I have journeyed here to take your lives.
Bob_S
2018-04-06 05:22:55 UTC
Reply
Permalink
Raw Message
Post by Auric__
Post by Bob_S
Are you sure you have enabled hidden files and that you have the correct
HOSTS file (uppercase and no extension).
As a general rule, Windows isn't case-sensitive. It shouldn't matter if it's
"hosts" or "HOSTS" or even something silly like "HoStS".
You are correct - it is not all uppercase. I made mine Uppercase to remind
me it has been modified to eliminate the bitcoin sites such as
coin-hive.com. I see my original hosts file has been renamed hosts.bak.

As you said, it's not case sensitive and I made it all caps a reminder for
me that obviously I'd forgotten about.

As for a guess as to why it is being locked - I'd be looking at any security
type software that may have a lock on it because they have modified the file
and blocking it from being modified.

Also just did a quick search and found this:
https://www.devside.net/wamp-server/unlock-and-unblock-the-windows-hosts-file
--
Bob S.
J. P. Gilliver (John)
2018-04-06 15:05:11 UTC
Reply
Permalink
Raw Message
In message <pa707h$tb7$***@dont-email.me>, Bob_S <***@here.com> writes:
[]
Post by Bob_S
https://www.devside.net/wamp-server/unlock-and-unblock-the-windows-hosts-file
That sorted it: it was ZoneAlarm that was the culprit! (I'm only using
the firewall part of it.) Though why that should cause it to appear to
be "System" - PID 4 - that had the hosts file open, I have no idea.

For anyone else: just changing the setting in ZA, or turning off ZA
altogether, didn't let me edit the hosts file; I had to do a reboot (as
the above suggested might be the case). Actually, I changed ZA not to
restart before rebooting; I suppose I should have tried just its hosts
file setting. (That can wait for next reboot.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Veni Vidi Vacuum [I came, I saw, It sucked] - ***@saslimited.demon.co.uk, 1998
Bill Bradshaw
2018-04-06 16:22:33 UTC
Reply
Permalink
Raw Message
Copy the hosts file onto a USB stick. Edit it and then copy the edited
version back. I have partitions on my harddrive I can copy the hosts file
to and edit it so that is another way.
--
<Bill>

Brought to you from Anchorage, Alaska
Post by J. P. Gilliver (John)
I'm sure I have edited it since moving to W7! But now when I try, I am
told it is in use: "The process cannot access the file because it is
being used by another process." (The process being plain original
NotePad.) If I try to delete it (having made a copy of course!), I get
"The action can't be completed because the file is open in System".
I've just done a restart, and tried again before opening anything I'd
have thought would be using it - no change. Though as I said, I'm sure
I've edited it before, and that _wouldn't_ have been under those
circumstances.
What's using it? "System" isn't very informative - could be a user
rather than a process.
J. P. Gilliver (John)
2018-04-06 17:42:56 UTC
Reply
Permalink
Raw Message
Post by Bill Bradshaw
Copy the hosts file onto a USB stick. Edit it and then copy the edited
version back. I have partitions on my harddrive I can copy the hosts file
to and edit it so that is another way.
It wasn't the editing, it was the copying back - either as a save from
NotePad, or a copy from the edited copy somewhere else. The system
wouldn't let me overwrite the existing file while it was "open in
System". ZoneAlarm appears to have been the culprit; rebooting with that
off seems to have made the system happy.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

"That was a great speech. Every thinking American will vote for you."
"That's not enough. I need a majority." - Mo Udall
tesla sTinker
2018-04-08 06:56:43 UTC
Reply
Permalink
Raw Message
you need to run event viewer, and follow the time stamp and event id
while running resource monitor. That is the only way you can track a
host file to the app that is running it. Without the event viewer id
number, you will never find. Unless your real good with time stamp.
Watch the associated handles and the id numbers in those handles. If you
want to know what it is for certain. Make sure you check host in
processes section or it will not show its face in associated handles.
There is an app you can get that follows svc host files easier, but as
in you already have the stuff in windows, its just learning how to use
it to track the host with. The services are annoying as most of them,
are scams by ms. No such thing as freedom. Not in commy microsoft
shit. Which is why we use pc tools firewall. It does not hide
anything important as in the commys firewall of MS.
Post by J. P. Gilliver (John)
Copy the hosts file onto a USB stick. Edit it and then copy the edited
version back. I have partitions on my harddrive I can copy the hosts file
to and edit it so that is another way.
It wasn't the editing, it was the copying back - either as a save from
NotePad, or a copy from the edited copy somewhere else. The system
wouldn't let me overwrite the existing file while it was "open in
System". ZoneAlarm appears to have been the culprit; rebooting with that
off seems to have made the system happy.
Mayayana
2018-04-08 18:05:16 UTC
Reply
Permalink
Raw Message
"tesla sTinker" <***@truecarpentry.org> wrote

| Which is why we use pc tools firewall. It does not hide
| anything important as in the commys firewall of MS.
|
|
You use PC Tools firewall on Win7? I have v. 7 of that
but never got around to trying it. I'm curious what you
like about it and how you'd compare it to other options.

I gave up on ZA many years ago, when they started
letting MS call home by default on XP. (Before that I
used AtGuard, which was my all-time favorite, but they
sold it to Symantec, who of course ruined it and doubled
the price. Symantec set over 700 programs to be let
through their firewall by default. The result was a useless
product that got great reviews for its "ease of use". :)

On XP I use Online Armor, which I find to be about
as good as I can expect, inasmuch as it warns me if
anything tries to go out and it allows me to make rules
fairly easily to block a process, or restrict a process to
specific ports.
But they also sold out. I using v. 4.0.0.15 and I
understand that it was completely changed after that.

So I'm happy with my XP firewall but would be curious
about a better firewall on Win7 than Private Firewall.

In the meantime, I think we'll have to tease John about
not noticing that ZA was blocking him from editing HOSTS. :)

Though, in his defense, I see that as one of the big
problems with a lot of software these days. AV wants to
be firewall and computer health software. Firewalls want
to be AV and email filters. Both of them want to monitor
downloads and control programs.

It's hard to find software that just does the job well
and gets out of the way. Online Armor actually
has a lot of that crap, but I disable all except the
firewall itself. Many AV/Firewall programs won't allow
normal online operation with default settings, blocking
just about everything except known software.

One of them, Trendmicro, actually tracks people online.
I know that because I see it in my website server logs.
Someone downloads a ZIP from my site and immediately,
in less than a minute, Trendmicro downloads the same
ZIP from their site in Japan. I wonder if people realize
how intrusive all this "safety" is.
tesla sTinker
2018-04-08 19:29:56 UTC
Reply
Permalink
Raw Message
version 7 is a clean firewall that permits everything.
And that, is why I use it. However, the whole pc tools
stopped, and their links were taken over by symantec.

has network meter, has options for all ports and channels,
logs everything. Together with wireshark, it is a non folly
machine.

Symantec
Which is a virus company that is not worth a dam.
They have all stopped doing things honestly, and for that reason,
we do not upgrade anything. Unless it does not work right.
Version 7 works.... The others, and we have Private Firewall as well,
are just not up to par.

You may be able to get a copy on oldversion.com, if your lucky.
Post by Mayayana
| Which is why we use pc tools firewall. It does not hide
| anything important as in the commys firewall of MS.
|
|
You use PC Tools firewall on Win7? I have v. 7 of that
but never got around to trying it. I'm curious what you
like about it and how you'd compare it to other options.
I gave up on ZA many years ago, when they started
letting MS call home by default on XP. (Before that I
used AtGuard, which was my all-time favorite, but they
sold it to Symantec, who of course ruined it and doubled
the price. Symantec set over 700 programs to be let
through their firewall by default. The result was a useless
product that got great reviews for its "ease of use". :)
On XP I use Online Armor, which I find to be about
as good as I can expect, inasmuch as it warns me if
anything tries to go out and it allows me to make rules
fairly easily to block a process, or restrict a process to
specific ports.
But they also sold out. I using v. 4.0.0.15 and I
understand that it was completely changed after that.
So I'm happy with my XP firewall but would be curious
about a better firewall on Win7 than Private Firewall.
In the meantime, I think we'll have to tease John about
not noticing that ZA was blocking him from editing HOSTS. :)
Though, in his defense, I see that as one of the big
problems with a lot of software these days. AV wants to
be firewall and computer health software. Firewalls want
to be AV and email filters. Both of them want to monitor
downloads and control programs.
It's hard to find software that just does the job well
and gets out of the way. Online Armor actually
has a lot of that crap, but I disable all except the
firewall itself. Many AV/Firewall programs won't allow
normal online operation with default settings, blocking
just about everything except known software.
One of them, Trendmicro, actually tracks people online.
I know that because I see it in my website server logs.
Someone downloads a ZIP from my site and immediately,
in less than a minute, Trendmicro downloads the same
ZIP from their site in Japan. I wonder if people realize
how intrusive all this "safety" is.
Good Guy
2018-04-08 19:40:36 UTC
Reply
Permalink
Raw Message
Post by Mayayana
Symantec
Which is a virus company that is not worth a dam.
You must be brain damaged or that you are too poor to buy a decent
Anti-Virus subscription. symantec is one of the best around but poor
people like you can't afford it. In order to buy it the user must have
some intelligence to earn a better living and so afford to buy a premium
product. For poor people like you, there are free ones like Avast, & AVG.

Why nutters like you are still using a Windows system is beyond my
imagination. Windows is for people with education and riff-raff like
you should be using Linux Junk.
--
With over 600 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.
Mayayana
2018-04-08 20:46:52 UTC
Reply
Permalink
Raw Message
"tesla sTinker" <***@truecarpentry.org> wrote

| Version 7 works.... The others, and we have Private Firewall as well,
| are just not up to par.
|
| You may be able to get a copy on oldversion.com, if your lucky.

Thanks. I'll try it. As I mentioned, I have v. 7
already. I just never tried installing it. I've seen
enough things disappear from the Internet that
long ago I started storing backups of things I
might want later. That includes a number of
firewalls.
Mayayana
2018-04-09 02:52:32 UTC
Reply
Permalink
Raw Message
"tesla sTinker" <***@truecarpentry.org> wrote


| version 7 is a clean firewall that permits everything.
| And that, is why I use it.

I installed it and set it to block all system processes. I
then tried to run Firefox. It should have asked me whether
to allow FF online. It didn't. So I set up a rule. It still was
blocked. I set it to allow all in/out. It still was blocked.
I can only get online if I disable the PC Tools firewall.
Am I missing something?

J. P. Gilliver (John)
2018-04-08 21:22:36 UTC
Reply
Permalink
Raw Message
Post by Mayayana
| Which is why we use pc tools firewall. It does not hide
| anything important as in the commys firewall of MS.
|
|
You use PC Tools firewall on Win7? I have v. 7 of that
but never got around to trying it. I'm curious what you
like about it and how you'd compare it to other options.
I gave up on ZA many years ago, when they started
letting MS call home by default on XP. (Before that I
used AtGuard, which was my all-time favorite, but they
sold it to Symantec, who of course ruined it and doubled
the price. Symantec set over 700 programs to be let
through their firewall by default. The result was a useless
product that got great reviews for its "ease of use". :)
I have uninstalled ZA. My system was playing up: "System" (PID 4) was
sometimes taking 25% (almost railing one core), Chrome (my secondary
browser) was getting so sluggish as to be unusable, and my Start button
was sometimes unresponsive. The only major thing I'd done was install
ZA. That's far from conclusive - but the system has been much more
stable since I took it out.
Post by Mayayana
On XP I use Online Armor, which I find to be about
as good as I can expect, inasmuch as it warns me if
anything tries to go out and it allows me to make rules
fairly easily to block a process, or restrict a process to
specific ports.
On XP I used Kerio Personal Firewall (KPF) - I think 2.1.5. The last one
before they added bloat. Like your Armor, it warned me and was easy to
manage.
Post by Mayayana
But they also sold out. I using v. 4.0.0.15 and I
understand that it was completely changed after that.
Kerio was bought by Sunbelt (though had already started to bloat before
that). It changed out of all recognition after that. Unfortunately, It
wouldn't work under 7, even the 32-bit version. I presume your Armor
wouldn't, either.
Post by Mayayana
So I'm happy with my XP firewall but would be curious
about a better firewall on Win7 than Private Firewall.
Me too, except substitute ZA (though it _may_ not have been the
culprit). For me, "better" would mean simple to use, like my old KPF.
Post by Mayayana
In the meantime, I think we'll have to tease John about
not noticing that ZA was blocking him from editing HOSTS. :)
Though, in his defense, I see that as one of the big
problems with a lot of software these days. AV wants to
be firewall and computer health software. Firewalls want
to be AV and email filters. Both of them want to monitor
downloads and control programs.
Yes, ZA was wanting to add something - I think AV - and AVG is
_certainly_ frequently on at me to add things (with a price tag).
Post by Mayayana
It's hard to find software that just does the job well
and gets out of the way. Online Armor actually
has a lot of that crap, but I disable all except the
firewall itself. Many AV/Firewall programs won't allow
normal online operation with default settings, blocking
just about everything except known software.
One of them, Trendmicro, actually tracks people online.
I know that because I see it in my website server logs.
Someone downloads a ZIP from my site and immediately,
in less than a minute, Trendmicro downloads the same
ZIP from their site in Japan. I wonder if people realize
how intrusive all this "safety" is.
!
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

782.55 - The Number of The Beast (including VAT)
Bill Bradshaw
2018-04-08 16:53:35 UTC
Reply
Permalink
Raw Message
I seem to remember I have also been able to boot into safe mode and edit it.

<Bill>
Post by J. P. Gilliver (John)
Post by Bill Bradshaw
Copy the hosts file onto a USB stick. Edit it and then copy the
edited version back. I have partitions on my harddrive I can copy
the hosts file to and edit it so that is another way.
It wasn't the editing, it was the copying back - either as a save from
NotePad, or a copy from the edited copy somewhere else. The system
wouldn't let me overwrite the existing file while it was "open in
System". ZoneAlarm appears to have been the culprit; rebooting with
that off seems to have made the system happy.
--
J. P. Gilliver. UMRA: 1960/<1985
"That was a great speech. Every thinking American will vote for you."
"That's not enough. I need a majority." - Mo Udall
Loading...