bob said:
I do not have anything installed that would do this.
I am running Symantec AntiVirus v 10.1, Virtual CloneDrive.
Not running any other programs.
http://www.symantec.com/business/support/index?page=content&id=TECH101546
It is unclear what "repair" means in their scope of product description.
It could be equivalent to a "hosts lock" feature: changes made while the
lock option is enabled are discarded. You have to disable this lock
feature to make changes to the hosts file and then reenable this lock
feature to prevent other users or [malicious] processes from making
later changes.
Have you tried changing privileges on the file (to block whatever is
reverting it back to a prior state)? If you're logging on under an
admin-level account, change write permissions on the file to remove the
Administrators group and just allow the Administrator account to have
write privilege to this file. Presumably you are never logging on under
the Administrator account except in case of emergency and instead using
a different account that might be in the Administrators group. With the
Administrators group removed from the files privileges and with only the
Administrator account having write privileges on the file, nothing
running on your normal account will be able to write to the file. They
can still delete the file but they won't be able to open in write mode
to make modifications. If whatever is replacing the file (overwriting
with a saved "safe" copy) then change privileges on the hosts file to
remove the Create Files/Write Data and Delete privileges (advanced
setup) from the Administrators group (and all other groups and accounts)
except for the Administrator account. Then all accounts can read the
hosts file but only the Administrator account can make changes. To make
your own changes to the hosts file, you'll have to logon under the
Administrator account to delete, edit, or overwrite the hosts file.
To understand the privileges (permissions) on a file/folder, use Start
-> Help and Support to search on "permissions for files and folders".
I've seen some users claim that setting the read-only attribute on the
hosts file will lock it ("attrib.exe +r hosts"). Wrong. That just
means the normal access method for write mode will fail but any program
can change the file attributes (i.e., if you can do it then so can
software) plus it doesn't block overwriting the file with a different
copy or deleting the file.
Rather than go through all that regarding privileges on a file/folder, I
just use WinPatrol (free version with all monitors reduced to 1-minute
poll intervals) and enable its hosts file alert. You should make a
backup copy of your modified hosts file to let you replace your copy
should the hosts file get deleted or modified but not by you. I use the
Hosts Safe archive backup feature in SpywareBlaster (non-resident free
version) to keep old copies of different versions of the hosts file.
I notice in your original post that you mention using Windows XP Pro
64-bit version (that's a crippled version of Windows 2003 Server with
the XP desktop). Yet you also mention SP-3 which is not available for
the Windows 2003 Server (Windows XP Pro 64-bit) version. SP-2 was the
last service pack level for that OS. So just which OS do you really
have? Just WHERE are you editing a hosts file? It's in a different
path on 64-bit versions; see:
http://support.microsoft.com/kb/972034/en-us