Hosts file in Windows. How to find and change? What the Hosts file should look like in Windows What should be in the hosts file in Windows 7
The hosts file establishes a correspondence between the site domain and the server IP. The contents of this file can be edited by the computer administrator.
Simply put, thanks to this file, you can decide for yourself which sites should be blocked and which should be allowed. This is why this file is often used by virus software to block certain sites, usually popular resources: social networks, search engines, etc.
In general, this file is located at: C:\Windows\System32\drivers\etc . For quick navigation you can click “Start” - “Run” , enter the command %systemroot%\system32\drivers\etc and click OK.
This is how it looks in standard mode, without blocking any sites.
In order to block any site, just add a simple line to this file: “ 127.0.0.1 link to site " For example, in the photo below, I banned the site google.ru.
How to return the previous settings.
In order to restore this file in the previous mode, you need to open this file in Notepad in administrator mode and, deleting the extra lines, save the file in the same place and without an extension, i.e. just like it was before. The easiest way to open this file is in administrator mode via the command line. To do this, right-click on the very bottom left corner of the screen, where the Start button is located, and select “Command Prompt (Administrator).”
In the window that opens, enter the text: “notepad C:\Windows\System32\drivers\etc\hosts” and press enter. In the file that opens, you can make changes and save them.
If you are not sure which lines exactly need to be deleted, then simply delete all the text from the file, copy and paste the text below.
# Copyright 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
What's happened hosts file? This question is usually asked by newbie users who know about the existence of such a file only by hearsay. Few people know that this file is used for their own purposes by virus writers, and even fewer are those who use this file on their computer for their own benefit. Meanwhile, it is very important that you have at least some idea about the file hosts and even more important that any user knows how to handle it correctly.
Problems such as: " I can't log into VKontakte." or " Doesn't fit into classmates?"and similar ones in half the cases (if not more) are associated precisely with changes made in the file hosts. Another question is who makes such changes. In most cases, of course it is viruses, which replace the original hosts file on your computer or add their information to it. All this will be discussed in this article.
First, I’ll tell you about the file itself. hosts and what it serves for.
Hosts. What it is?
In fact hosts is a text file that contains the database domain names compared with their IP addresses. In other words, the address of any domain initially has the form of an IP address. One IP address can host several virtual servers, so there can be several websites on one IP. IN hosts The default file contains only one ip address (127.0.0.1), which is reserved for localhost, i.e. for your local (namely your) computer.
Myself hosts file on your computer is located at the following address: (table source: Wikipedia)
| operating system | Versions | Location |
|---|---|---|
| Unix and Unix-like | /etc/hosts | |
| Windows | 95, 98, Me | %windir%\ |
| NT, 2000, XP, 2003, Vista, 7 | %SystemRoot%\system32\drivers\etc\ , its location can be overridden in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DataBasePath , which contains the folder path. | |
| Windows Mobile | Registry key \HKEY_LOCAL_MACHINE\Comm\Tcpip\Hosts | |
| Mac OS | 9 and earlier | System folder: Preferences or just in the system folder |
| Mac OS X and iPhone OS | /private/etc/hosts or /etc/hosts (/etc on Mac OS X is a symbolic link to /private/etc) | |
| Novell NetWar | SYS:etc\hosts | |
| OS/2 and eComStation | "bootdrive":\mptn\etc\ | |
| Symbian OS | 6.1-8.1 | C:\system\data\hosts |
| 9.1+ | Z:\private\10000882\hosts | |
| Android | /system/etc/hosts |
Hosts file has no extension, but is easily edited with text editors (for example Notepad)
Hosts. History of origin.
When computers were very large, and the Internet was still very small, even then, for the convenience of users, hosts were assigned names. There were few hosts back then. To map text names to IP addresses, it was necessary to send a request to the main host, which sent a list of all names and addresses. This file ( host file) was regularly sent to all computers connected to the Network. As the Global Network developed and expanded, the number of hosts, servers, and users increased, and the host file. There were significant delays in registering and obtaining a name for a new computer connected to the Network. Too much time was spent on mailing host file... To solve these problems, it was created DNS– Domain Name Service. ABOUT hosts file forgot for a while...
Hosts. Principle of operation.
Request to hosts file has priority over access to DNS-servers. Unlike DNS, the contents of the file are completely controlled by the computer administrator. What happens when an Internet user types a website address (url) into the address bar of his browser and clicks go ( Enter)
?
The browser contacts DNS a server that converts this regular address into the IP address of the requested server. At this moment the browser status bar says: “ Search for a node..." If the requested node is found, the text “ Node found, response awaited...", and is installed TCP connection via the standard port for this service. Step by step, more clearly to the question “ What happens when an Internet user types the site address (url) in the address bar of his browser and presses go (Enter)?"You can answer that:
- browser accesses hosts file and checks whether the site name matches the computer’s own name ( localhost) i.e. Is the site's IP address equal to the local IP address? 127.0.0.1 ;
- if not equal, then checks hosts file for the presence of the requested address (host name);
- if the requested address (hostname) is in hosts file, then the browser goes to the host (ip address) specified in this file;
- if the requested address is in hosts file not found, the browser accesses the DNS resolver cache ( DNS cache) ;
- if the requested address (hostname) is found in DNS Cache e, then accordingly the browser accesses DNS server y;
- if such a web page (site) exists, then DNS server translates url V ip address and the browser loads the requested site page.
So we found out why and How does it work hosts file . Now let's see what it contains.
Original hosts files. Default contents of hosts files.
Below I will provide the text that should be contained in hosts file by default, i.e. original hosts file.
Windows XP
# Copyright (c) 1993-1999 Microsoft Corp.
#102.54.94.97 rhino.acme.com
# source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Windows Vista
# Copyright (c) 1993-2006 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
127.0.0.1 localhost
Windows 7
# Copyright (c) 1993-2009 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
Using the hosts file for your own purposes.
Hosts file can be used to reduce the number of requests to DNS server am for frequently visited resources, and this in turn will reduce traffic and speed up the loading of frequently visited resources. For example: you often load the sites google.ru and google.com. Opening hosts file using Notepad and after the line 127.0.0.1 localhost add:
209.85.229.104 google.ru
74.125.232.20 google.com
Before adding, read below the rules for editing the hosts file
This action allows the browser to immediately, without contacting the DNS server, establish a connection to the sites google.ru and google.com.
Besides hosts file can be used to block access to unwanted resources on the Internet (adult sites, spam sites, sites with malicious software, etc.). This can be done just as easily by adding immediately after 127.0.0.1 localhost next line
127.0.0.1
url of the blocked_resource.
This way, the resource address is mapped to the IP address of the given computer, and therefore the resource will not load.
After all changes, when exiting the notepad, save the result.
Rules for editing the hosts file
- Each element must be located on a separate line, i.e. when adding a new address, be sure to move to a new line (press Enter);
- The IP address must start from the first position of the line (let's say so at the beginning of the sentence), must be followed (on the same line) by the corresponding resource address (hostname);
- The IP address and resource name must be separated by at least one space;
- Comments must be separated by # (lattice) ;
- If comments are used in domain name matching strings, they must follow the host name and be separated by # (lattice) ;
We've sorted out the editing rules. Now let's look at how virus writers and viruses use the hosts file for their own purposes.
Use of the hosts file by virus writers.
Those who write viruses have long appreciated the possibilities hosts file and actively use them to their advantage. Viruses replace your hosts file or they edit it in such a way that when you type a certain address (usually the addresses of popular sites), not the site you had in mind opens, but one that looks similar to it, but is actually a site of attackers and distributes malicious codes. In addition to redirecting to their sites, they also block access to the site while extorting money from you in order to re-open access. Attackers mainly use blocking on social networks.
On the Internet in many forums you can find thousands of user questions like: “ I can't log into Contact. What to do?" or " Why can't I log in to Odnoklassniki?" or " I can't log into Facebook. Profile is blocked. What to do?". All these problems begin as a result of the fact that you caught a computer disease somewhere. virus and he edited your file hosts. I already wrote about this in the article and will not repeat it, (fortunately, it describes how to fix all this, and therefore I advise you to read this article to the end as well), but I’ll describe the situation when this file hosts I can’t find the address on my computer at all. I will explain clearly with an example windows 7. Let's say you go to a folder and see this picture:
As you can see from the picture, in this folder hosts file absent ( file lmhosts no need to touch). In fact, it is there, the virus just changed the file attribute to “ Hidden" or " System". I wrote about the “Hidden” and “System” attributes.
By default, in the folder options there is a checkbox next to the setting “ Do not show hidden files, folders and drives". We need to change this parameter to " Show hidden files, folders and drives". To do this, click Start—> next Control Panel—> next Folders settings View". Here at the very end we rearrange the button with “ Do not show hidden files, folders and drives" on " Show hidden files, folders and drives«.
Now going to the folder C:\WINDOWS\system32\drivers\etc we see that hosts file on the spot.
Sometimes hosts file cannot be edited due to viruses on the computer. In such cases, you can simply delete the hosts file and then create it again yourself. To create hosts file, in folder C:\WINDOWS\system32\drivers\etc create a simple text document and call it hosts(I hope everyone knows how to do this). The result will be a text document with the extension .txt(hosts.txt). And as we already know the hosts file has no extension. This means we remove the extension from the name. We do not see the file extension in the name because in the default system configuration the extension for registered files is hidden. Well, let's break it down.
To do this, click again Start—> next Control Panel—> next Folders settings(in XP “Folder Options”). In the window that opens, go to the second tab “ View". Here (just above the line “Do not show hidden files, folders and drives”) uncheck the " Hide extensions for registered file types". Having done this we will see the file name hosts along with the extension .txt. Now we change the name and remove the unnecessary, namely .txt.
IN windows 7 x64 to find the hosts file you may have to go to the line “ Start - execute» (details about commands) type the command:
cd\windows\system32\drivers\etc\ and then launch notepad with administrator rights to open hosts.
Those who cannot or do not want to create a hosts file themselves can download it from our website. Here are the links:
Original file hosts For
Original file hosts For
Original file hosts For
Afterword:
Phew... It turned out to be a voluminous article. I think it will be useful to you, both in terms of theory, knowledge base, and in practice.
That's all. I look forward to your comments.
Many ordinary and slightly advanced computer users have been using them for many years and were not aware of the existence of a file named hosts, which does not have a surname (i.e. extension).
But thanks to viruses and the imperfection of operating systems of the Window family (Windows), users had to get to know this “host”, and quite closely.
What is the hosts file for?
In the Windows operating system (XP, Vista, 7, etc.) the file hosts used to associate (map) host names (nodes, servers, domains) with their IP addresses (name resolution).File hosts is a simple text file that does not have any extension (it doesn’t even have a dot :)).
File hosts physically located in the directory:
- \Windows\System32\drivers\etc\- for Windows 2000/NT/XP/Vista\7
- \Windows\- for old Windows 95/98/ME
Most often this directory is located on drive C, so in this case the full path to the file is obtained hosts represents:
By default, only one IP address should be specified in a normal hosts file, this is - 127.0.0.1 . This IP is reserved for localhost, that is, for your local PC. There shouldn't be any other addresses there!
File contents hosts for Windows XP (Russian OS version):
In text form, the contents of the hosts file for Windows XP can be copied from here:
# (C) Microsoft Corp., 1993-1999
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains mappings of IP addresses to hostnames.
# Each element must be on a separate line. The IP address must
# should be in the first column and must be followed by the appropriate name.
# The IP address and hostname must be separated by at least one space.
#
# Additionally, some lines may contain comments
# (such as this line), they must follow the node name and be separated
# from it with the symbol "#".
#
# For example:
#
# 102.54.94.97 rhino.acme.com # origin server
# 38.25.63.10 x.acme.com # client node x127.0.0.1 localhost
File contents hosts for Windows Vista (English OS version):
In text form, the contents of the hosts file for Windows Vista can be copied from here:
# Copyright (c) 1993-2006 Microsoft Corp.
#
#
#space.
#
#
# For example:
#
127.0.0.1 localhost
::1 localhost
File contents hosts for Windows 7 (English version of OS):
In text form, the contents of the hosts file for Windows 7 can be copied from here:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
Using the hosts file
File hosts theoretically can be used to speed up the Internet and reduce the amount of traffic. This is achieved by reducing requests to the DNS server for resources frequently visited by the user. For example, if you use the search engines Yandex and Google every day (sites http://yandex.ru And http://google.ru respectively), then it makes sense in the file hosts after the line " 127.0.0.1 localhost" write the following lines:
93.158.134.11 yandex.ru
209.85.229.104 google.ru
This will allow your Internet browser not to contact the DNS server, but to immediately establish a connection to sites yandex.ru And google.ru. Of course, few people currently do such tricks, if only because of the good modern access speeds.
Restrictions using the hosts file
Some advanced comrades sometimes use the hosts file to block unwanted web resources (for example, erotic content - for children until they grow up and become computer smarter than you). To do this you need after the line 127.0.0.1 localhost also add the bnm line or several lines:
127.0.0.1 address of blocked resource-1
127.0.0.1 addressblocked resource-2
127.0.0.1 addressblocked resource-3
For example:
The essence of this entry is that the specified blocked resource will now be matched by the browser to the IP address 127.0.0.1 , which is the address of the local computer - accordingly, the forbidden site simply will not load.
This function is often used by computer viruses, which add browser redirects needed by attackers to the hosts file:
Most often, redirection is done to a “left” site, which visually does not differ from the real resource, while the user’s login and password are stolen (he enters them into the supposedly real fields of the site) or they simply write that your account is blocked (allegedly for spam, etc. ), pay money or send SMS (also very expensive) to unlock. Simultaneously with redirecting to their website from social networking sites, attackers block using a file hosts access to antivirus program sites.
Attention! Never pay for this! And don't send SMS!
A cell phone can only be used as a means of obtaining a password or unlock code. Those. messages should come to you, not come from you.
Although, if you don’t mind the money, first check with your mobile operator the cost of sending SMS to this number in order to definitely decide that you really don’t mind just giving this amount to someone.
How to edit the hosts file
- Each element must be written on its own (separate) line.
- The IP address of the site must begin at the first position of the line, followed (in the same line) by a space and followed by the corresponding host name.
- The IP address and hostname must be separated by at least one space.
- The comment line must begin with the # symbol.
- If comments are used in domain name matching strings, they must follow the host name and are also separated by # .
Viruses and hosts file
To prevent their actions from being immediately detected, attackers edit the file hosts in a cunning way. Several options are possible:
1. To the end of the file hosts is added VERY there are many lines (several thousand), and the redirection addresses (most often located at the end) are difficult to notice, especially if you view the contents of the file hosts using the built-in Windows notepad - a very poor editor.
To view the contents and edit the file hosts It's best to use a text editor that shows the number of lines in a document, such as Notepad++.
You should also be alarmed by the rather large size of the hosts file; in the normal state, it cannot be more than a few kilobytes in size!
2. The original hosts file is edited, after which it is assigned the attribute " Hidden" or " System", because by default hidden files and folders are not displayed in Windows operating systems. In the folder C:\WINDOWS\system32\drivers\etc file is created hosts.txt(by default, extensions are not displayed for registered file types, and the system does not accept the file hosts.txt, she only needs hosts), which is either completely empty, or everything is written as it should be in a real file hosts.
3. Similar to the second option, only here the attackers have already provided the option that extensions for registered file types are displayed in the operating system (the user enabled it independently). Therefore, instead of the file hosts.txt the virus creates a file hosts, which has the letter " O"Russian, not English. Visually the file looks like a real one, but is also not perceived by the system.
In this picture the first file hosts- hidden, the virus made changes to it. Second file hosts- not real, it contains the Russian letter " O" in the name, most often this file hosts empty, viruses do not bother to copy the contents from the real file.
Restoring the hosts file
If you have identified similar changes to your file host, everything needs to be restored to its original state. To do this you need to do the following:
- Disable real-time protection in your antivirus program, because many normal modern antivirus programs (for example, Avira) do not allow changes to the file hosts.
- Open directory C:\WINDOWS\system32\drivers\etc
- Enable the display of extensions for registered file types, hidden files, and system files.
- Click on the file hosts right-click and select the line " Edit with Notepad++":
If you do not have the text editor program Notepad++ installed, I recommend installing it first and not using Notepad. If you don’t currently have the Internet or are just too lazy to download Notepad++, then you can use the poor notepad to edit the file hosts.
To open a file hosts With notepad, you need to left-click on it, a Windows window will appear with the message “ The following file could not be opened..." Set the switch to " Selecting a program from the list manually". Click OK. In the window " Program selection" find in the list Notebook and press OK.
- Edit the contents of the hosts file so that it becomes as indicated at the beginning of this article.
- Save changes.
- Activate antivirus program protection (if disabled).
- Launch your browser and check that you can view the desired sites.
How the hosts file works
When a user types the address (URL) of a site in the browser and presses Enter, the user's browser:
- Checks in the hosts file whether the entered name is the computer's own name (localhost).
- If not, then the browser looks for the requested address (hostname) in the hosts file.
- If a hostname is found, the browser accesses the IP address specified in the hosts file corresponding to that host.
- If the hostname is not found in the hosts file, then the browser accesses the DNS resolver cache (DNS cache).
- If a hostname is found in the cache, the browser looks up the IP address stored in the DNS cache for that host;
- If the hostname is not found in the DNS resolver cache, the browser contacts the DNS server;
- If the requested web page (site) exists, the DNS server translates the user-specified URL into an IP address;
- The web browser downloads the requested resource.
The hosts file is a rather vulnerable place in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer.
The purpose of this file is to store a list of domains and their corresponding IP addresses. The operating system uses this list to convert domains to IP addresses and vice versa.
Every time you enter the address of the site you need into the address bar of your browser, a request is made to convert the domain to an IP address. Currently, this translation is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific IP address.
Even now, this file has a direct impact on the transformation of symbolic names. If you add an entry to the hosts file that will associate the IP address with the domain, then such an entry will work perfectly. This is exactly what developers of viruses, Trojans and other malicious programs use.
As for the file structure, the hosts file is a regular text file without an extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the regular text editor Notepad.
The standard hosts file consists of several lines that begin with the “#” character. Such lines are not taken into account by the operating system and are simply comments.
Also in the standard hosts file there is an entry “127.0.0.1 localhost”. This entry means that when you access the localhost symbolic name, you will be accessing your own computer.
Fraud with the hosts file
There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of antivirus programs.
For example, having infected a computer, the virus addsin the hosts file the following entry: “127.0.0.1 kaspersky.com”. When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is an incorrect IP address. This leads to Access to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or antivirus database updates.
In addition, virus developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.
For example, having infected a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru.” Where “90.80.70.60” is the IP address of the attacker’s server. As a result, when trying to access a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else’s server. As a result of such actions, fraudsters can obtain logins, passwords and other personal information of the user.
So, in case of any suspicion of virus infection or site substitution, the first thing you need to do is check the HOSTS file.
The malware disguises modification of the hosts file as follows:
To make it difficult to detect lines added by a virus, they are written to the end of the file
After a large empty area formed as a result of repeated line feeds;
After this, the original hosts file is assigned the Hidden attribute (by default, hidden files and folders are not visible);
A false hosts file is created, which, unlike the real hosts file (which has no extension), has the extension .txt (by default, extensions are not displayed for registered file types):
Where is the hosts file located?
Depending on the version of the Windows operating system, the hosts file may be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, then the file is located in the folderWINDOWS\system32\drivers\etc\
In the Windows NT and Windows 2000 operating systems, this file is located in the folder WINNT\system32\drivers\etc\
Editing the hosts file
You can edit the file hosts and in Notepad, delete unnecessary lines, or add your own.
In order to edit the hosts file, you need to launch Notepad in Administrator mode, and then open the file C:\Windows\System32\drivers\etc\hosts in it.
How to clean the hosts file
So, point by point.
Click "Start".
Choose "All programs".
Then select the item "Standard".
On "Notepad" click right click the mouse and select the item "Run as administrator."
In the notepad window that opens, select the File menu, then "Open..."
In the window that opens, select “Computer” on the left side of the window. 
Then open the disk WITH:.
Windows directory. 
System32 directory. 
Drivers directory. 
Catalog etc. 
When you open the etc directory, you will see an empty directory. In the lower right corner of the window, select "All files".
Select the hosts file and click the button "Open".
Check for the necessary content: at the beginning there are explanatory comments from Microsoft about what this file is and how to use it. Then there are several examples of how to enter various commands. All this is just plain text and does not carry any functions! We skip it and reach the end. Next should come the teams themselves. Unlike comments (i.e. plain text), they must begin not from the "#" sign, and from specific numbers, indicating the IP address.
Any commands in your hosts file after the following lines can be malicious:
- On Windows XP: 127.0.0.1 localhost
- On Windows Vista: ::1 localhost
- On Windows 7/8: # ::1 localhost
As you can see, host files are slightly different in different operating systems.
In order not to clean up anything unnecessary, you need to know how the commands are deciphered. There is nothing complicated here. At the beginning of each command there is digital ip address, then (separated by a space) the letter associated with it Domain name, and after it there may be a small a comment after the "#" sign.
Remember!
All commands starting from numbers 127.0.0.1(with the exception of, 127.0.0.1 localhos t) block access to various sites and Internet services. Which ones exactly, look in the next column following these numbers.
Teams having at the beginning any other numbers ip addresses, redirect(redirect) to fraudulent sites instead of official ones. Which sites have been replaced with fraudulent ones, also look in each column following these numbers.
Thus, it will not be difficult to guess which commands in your hosts file are malicious! If something is still not clear, look at the screenshot below.
Please keep this point in mind. Many virus commands can be hidden far at the very bottom of the file by cunning Internet attackers, so take the time to scroll the slider all the way down!
After you do the cleanup, don't forget to save all changes ( "File" --> "Save"). If you opened the hosts file from the Notepad program itself, when saving changes, in the column "File type" be sure to select an option "All files", otherwise notepad, instead of saving in the hosts file, will only make it text copy of hosts.txt, which is not a system file and does not perform any functions!
After a successful save, do not forget to restart your computer.
How to block sites in hosts
So, the hosts file is already open and you see that it is built in the form of a regular text document.
At the beginning you will see comments (plain text that does not provide any functionality) starting with the symbol "#" . They may be followed by some functional commands prescribed by the system.
But we don't need them. We skip them and get to the very end of the document. Let's make a retreat. And now, here, we can already write the commands we need!
When finished working with the file, open the File menu, select "Save".
To understand how to correctly enter commands for blocking web resources, you need to know that each PC has its own so-called. loopback address, which sends any request back to itself. For any computer running Windows, Linux or Mac, this address is always the same - 127.0.0.1 . Now, with the help of just this IP address, you can block any request to an unwanted site so that it is sent not to the requested resource, but to brotherly to the local computer.
This command in hosts is written as follows: " 127.0.0.1 domain name to block "Here are real examples: 127.0.0.1 mega-porno.ru, 127.0.0.1 odnoklassniki.ru, 127.0.0.1 vk.com etc.
That's all. Now access to all unwanted sites is securely blocked. The main thing is to resave the hosts file after making changes! See detailed instructions above.
Restoring the hosts file after a virus infection
As already mentioned, today a large number of malware use the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking sites, malware redirects the user to pages that look similar to popular resources (social networks, email services, etc.), where an inattentive user enters credentials, which thus get to the attackers.
If the file contains entries like 127.0.0.1 odnoklassniki.ru 127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for “malware”, and then restore the file hosts
Many users who have been hacked are interested in where they can download the hosts file. However, there is no need to search for and download the original hosts file. You can fix it yourself; to do this, you need to open it with a text editor and delete everything except the line except “127.0.0.1 localhost”. This will allow you to unblock access to all sites and update your antivirus.
Let's take a closer look at the process of restoring the hosts file:
1. Open the folder in which this file is located. In order not to wander through directories for a long time in search of the desired folder, you can use a little trick. Press the key combination Windows+R to open the menu "Run". In the window that opens, enter the command "%systemroot%\system32\drivers\etc"and click OK.
2. After this, a folder will open in front of you in which the hosts file is located.
3. Next, you need to make a backup copy of the current file. In case something goes wrong. If the hosts file exists, then simply rename it to hosts.old. If the hosts file is not in this folder at all, then you can skip this item.
4.Create a new empty hosts file. To do this, right-click in the etc folder and select"Create a text document"
5. When the file is created, it must be renamed to hosts. When renaming, a window will appear with a warning that the file will be saved without an extension. Close the warning window by clicking OK.
6. Once the new hosts file has been created, it can be edited. To do this, open the file using Notepad.
7. Depending on the version of the operating system, the contents of the standard hosts file may differ.
This is what all, without exception, “clean” hosts files should look like. 
Note!
- For Windows XP and Windows Server 2003 you need to add "127.0.0.1 localhost"
- Windows Vista, Windows Server 2008, Windows 7 and Windows 8 you need to add two lines: "127.0.0.1 localhost" and "::1 localhost"
If you ever find missing or, conversely, unnecessary entries in such a file, it is better to delete them quickly. Especially if they were not made by you or without your consent. Most likely, this is the result of viruses!
Restoring the default hosts file in Windows 7: Copy the text below into a file.
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
Save and close the file.
It is a “dark forest” for the average user. If you are not sure that this is where the problem with your computer lies, then it is better not to touch anything there at all and leave it to professionals to deal with the problems. Today we will talk about what threats one small and inconspicuous text file carries. What should it look like? How to distinguish it from a virus?
Definition
First, let's figure out what kind of beast this is - Hosts? This is a file responsible for blocking Internet pages and redirecting IP addresses. If you enter the web address of any Internet resource into it, then the computer user will not be able to access the blocked site or will be redirected to another link specified in the file.
In fact, this file is used by most system administrators to disable social networks for employees at work, as well as to organize and block sites inappropriate for children. So if you cannot access any resource from your work computer, be sure to first check the contents of the file, which we will talk about a little later. Because it looks right
The main thing that determines the authenticity of a file and its belonging to the system and not to viruses is its contents. Or rather, the text written in it. What should the Hosts file look like in Windows 7 and other operating systems from the inside?
To open the file we are studying, use Notepad. You will see English-language instructions for using this tool. It consists of 20 lines starting with the "#" character. Here's some sample content:
- The first line contains the rights to the OS. 1993-... - the year of Microsoft's existence. The second number will be the release date of your OS version. You can check the authenticity of the file by right-clicking on “My Computer - Properties”. There you can find the OS version and release date. They must match the file.
- Then there are 10 lines explaining what this file is for.
- And finally, examples of how to register a block.
Location
The location of the file also plays an important role. How will the file we are looking at perform its function if it is not in the right folder?
So, what should it look like and where should it be located. Depending on the OS version, it may be located in different folders, but it will always be the original Windows system:
- For Win98 and ME, the “Hosts” file is located in the root of C:\WINDOWS.
- In WinXP and later versions, Hosts is located in the following directory: C:\WINDOWS\SYSTEM32\DRIVERS\ETC. This is where the working version of the file is located if you have a system or it initially contains several switchable versions and patches. Then you may find a second, similar copy of the file, but it will also be in the system folder.
Size
What does the correct Hosts file look like? Its size is also initially determined. If you opened and saw only what was described in the previous paragraph, then the file size will be 824 bytes. Or it will be empty if the instruction was removed from there.
Any deviation suggests that something other than comments was written into the file. On the one hand, these can be sites listed there by system administrators. On the other hand, if we are talking about a home computer and you are absolutely sure that no one has messed with it, you should think about whether this file is a virus.
The main thing is to remember that no antivirus works with the Hosts file. More precisely, security programs block the ability of programs from an unknown manufacturer to change a file. Thus, no one can enter any information there without your knowledge, block access to your favorite sites, or, worse, redirect to a copy of the portal you need, where you can inadvertently enter your personal data, which will later go to attackers. But if this happens, then immediately check your computer for viruses.
Virus
Now you know what the Hosts file should look like. It’s also worth figuring out what it shouldn’t look like.
- This file is not hidden, that is, by going to the system folder in which it is located, you can always see it. If he tries to disguise himself, this is at least a sign of viral activity.
- If you find it in any folder other than the one indicated above, delete it, and it appears again, this should also alert you.
Among other things, the registry can help with the question of what the Hosts file should look like. The fact is that the path to the file is written in a very specific directory, and in this way you can determine whether the file you found is true or false (a virus).
- To see the location of “Hosts” in the registry, run and type regedit.
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
- By clicking on the settings folder, look to the right. In the list of parameters we are interested in DataBasePath. It is in it that the path to the true Hosts file is written. Any deviation from this path means that the file you found is malware.
That's all. We analyzed all the characteristic features and determined what the Hosts file should actually look like.
Search
We can notify you about new articles,