Where is the hosts file located?? I can’t access many sites, mostly anti-virus programs, friends say I have a virus on my computer, and problems are caused by it. My antivirus program is regularly updated, I heard in Windows XP, there is a hosts file and if you edit it properly, the problem will go away, but if you do it incorrectly, the Internet will completely disappear, can you tell me where it is and how to edit it?
Where is the hosts file located?
- Note: Do you want to know how virus programs use this very important file, and how you can use this secret weapon yourself for good purposes. What to do when the hosts file is completely missing from the system or you have two hosts files. What to do when your websites do not open: Odnoklassniki, VKontakte, mail.ru, then be sure to read our new article after reading this article.
In Windows XP and Windows 7, there is a very small and good file with which you can control your Internet surfing, the vast majority of personal computer users do not know about it, and if they do know, they prefer to bypass it for fear of doing anything that’s not true, this file is called hosts. Why is it needed?
- When you enter the name of a site, for example, mail.ru, into the address bar of your browser, know that a special DNS server located on the Internet immediately converts the name mail.ru into a set of numbers, which is a unique IP address for each site, to For example, for mail.ru it is 94.100.191.204. Since the Internet server where the mail.ru website is located does not contain names, but contains only numbers, the names were specially invented for you and me, so that we can remember them more easily. The hosts file is needed to speed up work on the Internet by bypassing access to the DNS server, that is, if you and I write the following information in the hosts file 94.100.191.203 mail.ru, then the mail.ru website will load directly from us, bypassing the DNS server . But you need to register everything correctly, otherwise you won’t get anywhere at all or you’ll end up in the wrong place. This is the “wrong way” that the creators of virus programs use. Now about everything in detail!
The most important thing to remember is that a request to the hosts file in all browsers has priority over access to DNS servers. In simple words, any browser, before making your request, always looks at the information located in the hosts file.
For example, if in the hosts file we enter other information instead of 94.100.191.203 mail.ru, for example 217.20.147.94 mail.ru, then by typing mail.ru in any browser, instead of the mail.ru mail service, we will get to the Odnoklassniki website , since the IP address 217.20.147.94 is the address of the Odnoklassniki website.
Any system administrator, and even a simple user, must guard the hosts file like the apple of his eye. Now about viruses. Virus writers, one might say, are happy to use hosts file for your own purposes. When a virus gets onto a user’s computer, it often changes the file hosts , therefore, if you have problems accessing any sites, first of all you need to check your machine for the presence of malware, and then return the file hosts pristine appearance.
The hosts file is located by the address C:\windows\system32\drivers\etc\hosts, where (C:) is the letter of the system partition, it is this file that decides which sites are worthy of your attention and which are not. The hosts file may be hidden; to see it, you need to enable the system to show hidden folders and files. Computer->Organize->Folder and Search Options->View, then uncheck the itemHide protected system files, and mark the pointShow hidden files and folders and drives
The hosts file opens by double-clicking the right mouse; when prompted to select a program to open the file, select Notepad.
Friends, if you did not find the hosts file in the C:\windows\system32\drivers\etc\ folder, it means the virus has changed the location of the file in the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DataBasePath,
By the way, you may have the hosts file where you need it, but the operating system will use the hosts file located in a completely different place. You can find out exactly where the other hosts file created by the virus is by looking at the DataBasePath value. You will need to return the correct value to the key, as in the screenshot.
So we found out where is the hosts file located, now let's learn how to edit it, if you want to simply fix the file automatically (recommended) using the Microsoft Fix it 50267 utility, then go to the website of its creators and do it with two clicks.
Here is a sample of the original hosts file, by default the file should only have one entry 127.0.0.1 localhost
You can directly copy it from me and edit the hosts file using notepad.
Original hosts file in Windows XP
# (C) Microsoft Corp., 1993-1999
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains mappings of IP addresses to hostnames.
# Each element must be on a separate line. The IP address must
# should be in the first column and must be followed by the appropriate name.
# The IP address and hostname must be separated by at least one space.
# Additionally, some lines may contain comments
# (such as this line), they must follow the node name and be separated
# from it with the symbol "#".
# For example:
# 102.54.94.97 rhino.acme.com # origin server
# 38.25.63.10 x.acme.com # client node x
127.0.0.1 localhost
Original hosts file in Windows 7
# Copyright (c) 1993-2009 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
# For example:
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
If we want, we can deny access to some sites completely using this file. You can do this this way: after the numbers 127.0.0.1 you need to enter the domain name of this site. For example, in most cases, a virus program prohibits visiting sites that distribute anti-virus software; in the case of Kaspersky anti-virus, it will look like this:
127.0.0.1 kaspersky.ru
And you and I can use this secret weapon, for example, by protecting our children from accidentally visiting sites with certain content without resorting to programs like Parental Control, for example, we will write:
127.0.0.1 is the name of a site that you consider dangerous.
127.0.0.1 porno.ru
127.0.0.1 sex.ru
The computer will look for the addresses of these sites on the hard drive, you don’t need to enter too many addresses either, the computer will noticeably slow down.
How else can you use the hosts file? It's no secret that only digital addresses are used on the Internet. The names of sites, for example: R emontcompa.ru, were invented so that the common user would remember them more easily. The computer converts letters that we understand, but are not familiar to, into numbers using the DNS service; naturally, it takes a lot of time for the computer to contact remote DNS servers.
To quickly load your favorite site, in the hosts file, you need to specify its address in numbers directly, bypassing the DNS service. For example, we constantly need the mail.ru mail service, since its site IP is: 94.100.191.203, we write this information in the hosts file, first enter the IP, and then the server name.
127.0.0.1 localhost
94.100.191.203 mail.ru
A space is required.
Friends, recently virus writers have come up with a trick if, for example, you open the hosts file
in a notepad, then at first glance nothing suspicious will seem to you, the contents of the hosts file will be standard,
but if you scroll the scroll arrow to the end, to the very end of the hosts file, then there you can find, for example, such malicious entries; of course, they need to be deleted.
After some time, you will need to check the hosts file again; if malicious entries are made again, it means that it’s on your computer
the virus is working. Read our articles.
Some terminology
DNS(English abbreviation for Domain Name System) – Domain Name Service. Establishes correspondence between numeric IP-addresses and text names.
DNS(English abbreviation for Domain Name Server) – domain name server; a service computer on a local or global network that translates computer names in domain records into .
DNS cache(resolver cache DNS) – temporary storage of previous DNS-requests on local . Reduces request execution time, reduces network and Internet traffic.
host(English) – main computer; host, any device connected to a network and using protocols TCP/IP.
IP(English) Internet Protocol) – Internet protocol; a network layer protocol from the Internet protocol suite.
IP address(English) IP address) – used to identify a node on a network and to determine routing information. Consists of the network identifier ( network ID) and host ID ( host ID).
Name Resolution(English) – domain name resolution; the process of converting a computer name to the appropriate one.
Name Resolution Service– name resolution service; in networks TCP/IP converts computer names to and vice versa.
TCP/IP(English abbreviation for Transmission Control Protocol/Internet Protocol) – information transfer control protocol, the main protocol of the transport and session layers, providing reliable full-duplex streams. Designed for use in the Global Network and for combining heterogeneous networks.
URL(English abbreviation for Uniform Resource Locator) – unified index of information resource; a standardized string of characters indicating the location of a resource on the Internet.
What's happened hosts-file
hosts-file in Windows and other operating systems is used to associate (map) host names (nodes, servers, domains) with their (name resolution).
IN hosts-by default there is only one registered in the file(127.0.0.1), reserved for localhost, that is, for local.
File hosts is a regular text file (without extension).
Disk address of the file hosts:
Windows 95\98\M.E. – \WINDOWS\;
Windows NT\2000\ \ \ – \Windows\System32\drivers\etc\.
When an Internet user types the address ( URL) of any site (web page) and clicks Enter:
– the user’s browser checks hosts-file, whether the entered name is the proper name of the computer ( localhost);
– if not, then the browser looks for the requested address (hostname) in the file hosts;
– if a hostname is found, the browser accesses the corresponding host, specified in hosts-file;
– if the hostname is not found in the file hosts , then the browser accesses ( DNS-cache);
– if a hostname is found in the cache, the browser accesses the corresponding host, saved in cache DNS;
– if the hostname is not found in the resolver cache DNS, the browser accesses DNS-server;
– if the requested web page (site) exists, DNS-server translates user-specified URL-address in ;
– The web browser loads the requested resource.
History of origin hosts-file
# Copyright (c) 1993-1999 Microsoft Corp.
#
#
#space.
#
#
# For example:
#
127.0.0.1 localhost
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
Usage hosts-file
hosts-file can be used to speed up work on the Global Network and reduce traffic - due to reduced requests to DNS-server for frequently visited resources.
For example, you often download resources google.ru And google.com. Open the file hosts and after the line127.0.0.1 localhost enter lines
209.85.229.104 google.ru
74.125.232.20 google.com
This will prevent the web browser from having to contact the server DNS, and immediately establish a connection to sites google.ru And google.com.
Sometimes hosts-file is used to block unwanted resources (for example, those that send malware). To do this you need after the line 127.0.0.1 localhost enter string
127.0.0.1 URL_of_resource_blocked
The essence of this manipulation is that the blocked resource is mapped to127.0.0.1, which is the address of the local computer - so the unwanted resource will not be loaded.
Editing rules hosts-file
1. Each element must be on a separate line.
2. must begin at the first position of the line and must be followed (on the same line) by its corresponding hostname.
3. and hostname must be separated by at least one space.
4. Comments must be preceded by the symbol # .
5. If comments are used in domain name matching strings, they must follow the host name and be separated by # .
Usage hosts-file by virus writers
Attackers have long chosen hosts-file, – with its help the real addresses of web resources are replaced on the infected one. After this, the web browser redirects the user to sites with malicious software, or, for example, blocks access to the sites of antivirus manufacturers.
Malicious disguises modification hosts-file as follows:
– to make it difficult to detect lines added by a virus, they are written to the end of the file - after a large empty area formed as a result of repeated line translations;
– after that to the original hosts-the file is assigned an attribute Hidden(by default, hidden files and folders are not visible);
– a false one is created hosts- a file that, unlike a real file hosts(without extension) has extension .txt(by default, extensions are not displayed for registered file types):
hosts-file: how to eliminate the consequences of a virus attack
Open hosts-file (if the virus installed the fileattribute Hidden, will be required in Folder properties enable option Show hidden files and folders) ;
– a window will appear Windows with a message "The following file could not be opened...";
– set the switch Selecting a program from the list manually –> OK;
- in the window Program selection in scrollable list Programs highlight Notepad –> OK;
– file hosts will open in Notepad;
– delete all lines except 127.0.0.1 localhost;
– save hosts-file.
Valery Sidorov
Various types of problems with logging into sites, when you cannot log into Odnoklassniki, in contact they inform you that your account is blocked on suspicion of hacking and ask you to enter your phone number, then a code, and in the end they withdraw money from your account, most often associated with malicious changes in the system Hosts file.
There are many ways to fix the hosts file in Windows and they are all quite simple. Let's consider three such methods, which, most likely, will be enough to put this file in order. Update 2016: (how to change, restore, where it is).
Another simple way to fix hosts is to use the AVZ anti-virus utility (it can do much more than that, but within the framework of this instruction only fixing hosts will be considered).
You can download AVZ for free from the official website of the developer http://www.z-oleg.com/secur/avz/download.php (look on the right side of the page).
Unpack the archive with the program and run the avz.exe file, then in the main menu of the program select “File” - “System Restore” and check one item “Cleaning the hosts file”.
Then click “Perform marked operations,” and when finished, restart your computer.
Microsoft Fix it utility to restore the hosts file
And the last way is to go to the page http://support.microsoft.com/kb/972034/ru dedicated to restoring the hosts file and download the utility available there Fixit to automatically restore this file to its original state.
In addition, on this page you will find the original contents of the hosts file for various operating systems.
What is the Hosts file for?
The purpose of this system file is to assign certain website addresses to a specific IP.
This file is very popular with all kinds of viruses and malware in order to write their data into it or simply replace it.
The result of these actions may be signs of “insertion” of a site into browsers, which will ask to send an SMS when opening the browser, or blocking of various sites, at the discretion of the creators of the virus.
Where is the hosts file in windows?
For different versions of Windows OS, the location of the hosts file is slightly different:
Windows 95/98/ME: WINDOWS\hosts
Windows NT/2000: WINNT\system32\drivers\etc\hosts
Windows XP/2003/Vista/Seven(7)/8: WINDOWS\system32\drivers\etc\hosts
Moreover, the ending hosts, this is already the final file, not a folder. He doesn't have it.
What should the correct hosts file look like?
The “contents” of the hosts file are also slightly different for different versions of Windows, but not much. It “writes” in English why it is needed and how to make exceptions, giving one example. All lines starting with a # sign mean that they are commented out and do not affect the file.
Contents of the original hosts file for Windows XP:
#
#
#space.
#
#
# For example:
#
127.0.0.1 localhost
Contents of the original hosts file for Windows Vista:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost::1 localhost
Contents of the original hosts file for Windows 7:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
Contents of the original hosts file for Windows 8:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
As you can see, there are no significant differences in the contents of the host file for different versions of Windows.
How to open and edit the hosts file?
The hosts file can be found in standard Windows Notepad.
This is probably the most interesting part of the article.
First of all, you need to understand why change this file at all? Yes, in order to deny access to certain sites. Thus, by changing this file and writing the site address into it, the user will not be able to access it through any .
In order to change the hosts file, it is advisable to open it as administrator () by right-clicking on the file and selecting "Run as administrator". Or open Notepad this way and open the file in it.
For quick action, you can simply click the Start button and select Run ( win+r) () and enter in the line:
notepad %windir%\system32\drivers\etc\hosts
As a result, this file will open in Notepad.
In order to block access to the site(let's assume it will be test.ru), you just need to add a line with this site at the very bottom:
127.0.0.1 test.ru
As a result, the file will have the following content:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# This HOSTS file created by Dr.Web Anti-rootkit API
#127.0.0.1 localhost
# ::1 localhost
127.0.0.1 test.ru
Each new site that you want to block must be started on a new line and entered, not forgetting the local IP address 127.0.0.1
Also, to edit the hosts file, there is a program HOSTS EDITOR, which you can download and read the description from.
The way it works is that it helps edit the hosts file.
From the screenshot below the principle of its operation is clear; everything is done in a couple of clicks. Adding is done by clicking on +.
After editing, do not forget to click on the save button (2 button "Save changes" to the left of the "+" button).
You can also change this file for good purposes, for example speed up site loading.
How it works?
When you visit a site, you see its domain name, which has letters. But all sites on the Internet have an IP address, and names are already assigned using DNS. I won’t go into details of this process; that’s not what the article is about. But here you need to know that the hosts file has priority when accessing sites, and only after it does a request to DNS occur.
In order to speed up the loading of a site, you need to know its IP address and domain.
The IP address of a site can be found using various services, for example or.
A domain is the name of a website.
For example, let's speed up the loading of this site where you are reading an article by explicitly specifying the IP address and domain to the file.
Then the added line will be:
91.218.228.14 website
This speeds up page loading in a couple of seconds, and sometimes can give access if you cannot access the site using standard means.
Still possible redirect to another site using hosts file.
To do this, you need to know the IP address of the site and its domain (as in the case described above), then the added line will be like this:
91.218.228.14 test.ru
And now, after entering test.ru into the address bar of your browser, you will be redirected to the site specified in the IP address..
If you want to clean hosts file, then you can do this by simply deleting the content and inserting the original text from the description above (under spoilers).
Some nuances in the hosts file:
Thus, you can easily and free of charge block access to sites in Windows by editing the hosts file.
Few users who work with the "seven" and surf the Internet realize the true meaning of the HOSTS file (Windows 7). Its content will be shown a little later, but for now let’s dwell a little on the theory.
why is it needed?
In general, if anyone paid attention, the file itself is located in the etc directory, if you sequentially move along the tree from the Windows folder, through System32 to the drivers directory on the system drive. Not everyone, however, goes into such a thicket of the system; by and large, this is not necessary. On the other hand, if you pay attention, the object itself does not have an extension, although, in fact, it is an ordinary text document.
But let's take a closer look at Windows 7. Its content is that it is this object that is responsible in the system for the relationship between host names (sites, nodes, etc.) and determining their IP addresses to provide the end user with access to the resource. Roughly speaking, we do not need to enter combinations consisting of numbers in the browser, but we can only specify the names of resources.
And one more small clarification about the HOSTS file (Windows 7). Its content may change. Depending on what changes have been made, this can help block certain sites, speed up access to certain resources, or, on the contrary, can play a cruel joke by redirecting the user to dubious sites. However, first let's look at the original file.
(Windows 7): Contents
So, first, let's try to open It must be said that if you use the standard double-click method, nothing will work, because, as mentioned above, this object does not have an extension. In addition, the file may be hidden, so you should first select show hidden objects in the view menu. But the system will offer several applications to open. We choose the simplest thing - standard Notepad and look at the contents of the HOSTS file (Windows 7). Before us is something incomprehensible: descriptive text, some examples and a line indicating the local IP (# 127.0.0.1 localhost). That's how it should be.
Attention! There should be nothing below the line indicating the reserved local address, unless, of course, the user wants some resource to be blocked!
In general, everything above localhost is allowed resources. Everything below is blocked. It is not difficult to guess that many viruses, in particular programs that distribute spam or advertising (Malware, Adware, etc.) independently edit the contents of this file. So it turns out that when requesting one resource, the user receives a redirect (redirection) to a completely different one.
Default HOSTS in Windows 7
We reviewed the original file. Now let's look at the changed content. To correct it, you can take the contents of a “clean” file for the “seven” from another computer or from the Internet, copy it, then paste it into the original and save it.
But there is one problem. The fact is that sometimes, after removing everything unnecessary, it is not possible to save the file as the original (the system simply does not allow this to be done).
What to do in this case? First, delete the original completely (Shift + Del), bypassing the Trash. Then we right-click on the empty space inside the etc directory and create a new file with the same name, but do not specify the extension. Now we insert the necessary content into it and save the object. After this, you need to find the lmhosts.sam file there and delete it, as indicated earlier.
That's it, it's done. In both the first and second cases, a system reboot is required. Only then will everything work as expected. And, of course, editing should be done exclusively with administrator rights.
Bottom line
Overall, a very brief summary of the HOST file has been provided here. If you look at the issues of blocking some unwanted resources or, on the contrary, allowing access to them with faster access, editing must be done exclusively manually and according to certain rules. Here you need to remember that the key role of the separator is played by the line indicating the reserved local IP. Well, then, as they say, it’s a matter of technique. By the way, the above technique will also help if the contents of the object have been changed due to the influence of virus programs.
