contents of system32\drivers\etc

Hi good XP people

I'm using W98, so my hosts file is just in the WINDOWS folder; but requesting information about XP - where I gather the correct location for a hosts file is in windows\system32\drivers\etc

my question is: would the etc folder be expected to contain only the hosts file, or are there typically other files in this folder as well?

TIA and best wishes, HJ.

 

5 in mine, too. Interesting, first one "hosts" dated an hour ago today, other 4 are dated Aug 23, 2001, last time I changed mobos and at least 8 "clean" reinstalls ago... hmm...

Johanna

 

thanks Steve -

I'm trying to help pick up the pieces from a malware attack (or at least work out what happened), it looks as though the entire etc folder was removed, then recreated and a trivial hosts file (only) dumped into it (from the date of creation of the etc folder)

thanks also Johanna, just seen yours...

very best wishes, HJ.

 

Johanna,

were those "clean" installs from a formatted HDD

now there's interesting, indeed...

very best wishes, HJ

 

Yes, I thought they were clean, anyway! I used NFDISK and did a full format and wiped both partitions, or so I thought. Anyway, that is the first I've ever seen of anything that "used to be ".

Johanna

 

My hosts file is dated 9-24-2003, and the other four are dated 8-18-2001.

I bought the computer, brand new, in March 2002, and all hard drives have been replaced at least once, and formatted several times.

So, it has to be the OS installation CD that's placing them there.

 

Hugh - I just checked my etc folder (and this is a case of Microsoft getting a little more like Unix/Linux since they put lots of this sort of thing in an etc folder as well).

Hosts is the only active file I have. The LMHosts.sam is a sample file (thus the .sam ending) and you will sometimes see hosts.sam as well. They are just template things.

network, protocols, services all seem laid out as if to be used by something (software something) but if so, I'm not sure what. Not any information on the internet I could immediately lay hands on but now you've mentioned them, I think I'll keep on looking.

 

thanks for all your replies, it helping lots to work out what happened to get an idea of what "normally" lives in that folder.

Although the computer in question in running W98 it's been "hit" comprehensively, ie hosts file got overwritten in both W98 and XP locations

but it happened in two stages a few minutes apart. If that structure had been created (from nothingness) merely for the purpose of plonking a dud hosts file, the etc folder and the (new) hosts file would surely share a timestamp; but they don't... the suspicion has to be that if there had been other (XP) files in the folder, the intention of the malware was to get rid of them as well.

unfortunately the machine is ~100 miles away so I'm trying to suss it out by "remote control" - but it beats TV any day...

thanks again and best wishes, HJ.

 

Hugh,
You couldn't have said it any better:

I would lose my mind trapped in this house with little kids, snow up to my knees, a broken arm and NO COMPUTER!!! Computers are riddles- complicated, but logical, puzzles. My friends are bringing in their sick or dead computers, apologizing because it's "more work for me to do ", but it sure beats doing the laundry! Actually, they are doing me a favor.

I think Jim is right about the files being created by the cd itself. Like Newt, only one of mine is active. Thank you for sharing these questions and answers with us.

Cheers from Ohio!
Johanna