System hosts file is a text file that contains a local database of domain names and their IP addresses. A request to the hosts file has higher priority than access to DNS servers. Various viruses or malware take advantage of this, replacing its contents with their data.
Where is the hosts file located?
By default, system file hosts located in the directory
.
To get to it you need to go to the menu Start → Execute or press the key combination WIN+R. In the window that opens Starting the program enter the address:
C:\Windows\system32\drivers\etc
or
%WinDir%\system32\drivers\etc
Press the button Enter.
To open it, right-click on it and select the item in the menu Open with notepad
What should be in the hosts file by default?
Hosts file for Windows XP:
# Copyright (c) 1993-1999 Microsoft Corp.# # # space. # # # For example: # 127.0.0.1 localhost
Hosts file for Windows Vista:
# Copyright (c) 1993-2006 MicrosoftCorp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one#space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a ‘#’ symbol.# # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host
Hosts file for Windows 7:
# Copyright (c) 1993-2009 MicrosoftCorp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one#space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a ‘#’ symbol.# # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost
Hosts file for Windows 8:
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one#space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a ‘#’ symbol.# # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost # ::1 localhost
Recently I needed to fix the hosts file, and where to find the hosts file, I didn't know, so I had to comb for the answer I needed. Fortunately, there was a lot of information, but just in case, I still decided to leave the answer to my question on the pages of the Computer Malfunctions blog.
Where is the hosts file located in Windows XP?
The HOSTS file is located in Windows XP by the address:
C:\WINDOWS\system32\drivers\etc\
Open hosts file You can use any text editor, for example, Windows Notepad.
What does the hosts file look like?
If your task is hosts file recovery, then you can copy the typical contents of the hosts file for Windows XP below. In fact, the contents of the hosts file can be limited to just one line "127.0.0.1 localhost". Everything else is just explanatory commentary. On Windows XP the hosts file looks like So:
# (C) Microsoft Corp., 1993-1999
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains mappings of IP addresses to hostnames.
# Each element must be on a separate line. The IP address must
# should be in the first column and must be followed by the appropriate name.
# The IP address and hostname must be separated by at least one space.
#
# Additionally, some lines may contain comments
# (such as this line), they must follow the node name and be separated
# from it with the symbol "#".
#
# For example:
#
# 102.54.94.97 rhino.acme.com # origin server
# 38.25.63.10 x.acme.com # client node x127.0.0.1 localhost
And finally, if your system is not Windows XP, then I recommend that you read the article on restoring the hosts file for Windows 7, Windows Vista, Windows Server 2008, Windows Server 2003 on the official Microsoft support website: http://support.microsoft.com /kb/972034/ru.
Hey guys! Do you know what the hosts file should look like? One of the important components of any operating system is the hosts file, and today I will tell you what the hosts file should look like and how to find it among other files. Why is this important to know? The fact is that when any virus attacks, it is the hosts file that is damaged first.
System failure occurs when the virus independently adds certain entries to the file, which block access to anti-virus updates, replace real sites with pirated ones, etc. Today I will teach you how to identify such unauthorized entries in this file. Simply open the hosts file using Notepad. If you see entries like this (or something similar)
- 127.0.0.1 kaspersky.com
- 127.0.0.1 kaspersky-labs.com
- 127.0.0.1 liveupdate.symantec.com
- 127.0.0.1 liveupdate.symantecliveupdate.com
Then we will have to disappoint you: the file is damaged by a virus.
We'll talk about file recovery below. Now pay attention to what the hosts file should look like in Windows XP.
To restore a damaged file, download the text file and copy its contents to your hosts file. Here you can download a text file with the contents of the hosts file (Windows XP). And here is what the hosts file looks like in the Windows Vista, Windows 7 and Windows 8 operating systems.
Here the recovery procedure is the same as in the previous case. From this link you can download a text file with the contents of the hosts file (Windows Vista, Windows 7 and Windows 8).
Now you know what the hosts file should look like. I offer some useful tips for working with it. To restore the hosts file, it is not necessary to save it in its original form. When you see the “#” symbol in a file, it means that all the characters coming after this symbol have no meaning. They can be deleted because they do not affect the operation of the system.
To find the hosts file, go to: WINDOWS\system32\drivers\etc\ folder. To access this folder, enter the following command in the “Run” window: %systemroot%\system32\drivers\etc. To open the hosts file, use the standard Notepad program. And finally: if you accidentally deleted this file, you can restore it by creating a regular text file and deleting the .txt extension.
Today you learned not only what the hosts file should look like, but also how to restore or find it. Leave your questions and feedback in the comments line. I was glad to help!
The hosts file is designed to match domain names (sites), which are written using symbols, and the corresponding IP addresses (for example, 145.45.32.65), which are written as four numerical values. You can open any website in your browser not only after entering its name, but also after entering the IP address of this site.
On Windows, a request to the hosts file takes precedence over requests to DNS servers. At the same time, the contents of this file are controlled by the computer administrator himself.
Therefore, quite often malware tries to change the contents of the hosts file. Why are they doing this?
They do this to block access to popular sites, or to redirect the user to other sites. There, at best, he will be shown an advertisement, and at worst, a fake page of a popular resource will be opened (social network, email service window, online banking service, etc.), asking him to enter data from his account.
Thus, due to the user's carelessness, an attacker can gain access to the user's data and cause damage to him.
Where is the hosts file located?
The hosts file is located in the folder with the Windows operating system, usually the “C” drive on the user’s computer.
The path to the hosts file will be like this:
C:\Windows\System32\drivers\etc\hosts
You can manually go through this path, or immediately open the folder with the host file using a special command.
To quickly access a file, press the “Windows” + “R” key combination on your keyboard. This will open the Run window. In the "Open" field, enter either the path to the file (see above) or one of these commands:
%systemroot%\system32\drivers\etc %WinDir%\System32\Drivers\Etc
This file has no extension, but can be opened and edited in any text editor.
Standard contents of the hosts file
In the Windows operating system, the "hosts" file has the following standard contents:
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
This file is similar in content to the operating systems Windows 7, Windows 8, Windows 10.
All entries that begin with the hash character # and continue to the end of the line are largely irrelevant to Windows because they are comments. These comments explain what the file is for.
It says here that the hosts file is designed to map IP addresses to site names. Entries in the hosts file will need to be made according to certain rules: each entry must begin on a new line, the IP address is written first, and then the site name after at least one space. Next, after the hash (#), you can write a comment to the entry inserted into the file.
These comments do not affect the operation of the computer in any way, you can even delete all these entries, leaving only an empty file.
You can download the standard hosts file from here to install on your computer. It can be used to replace the modified file if you don't want to edit the hosts file on your computer yourself.
What to pay attention to
If this file on your computer is no different from this standard file, then this means that there are no problems on your computer that could arise due to modification of this file by malicious programs.
Pay special attention to the contents of the file, which are located after these lines:
# 127.0.0.1 localhost # ::1 localhost
Additional entries can be inserted into the host file, which are added here by some programs.
For example, in this image, you can see that the program has added some entries to the standard contents of the hosts file. Between the commented lines, additional entries were inserted to perform certain actions. This was done so that during the installation of programs on my computer, this utility would cut off unwanted software.
There may be additional lines of this type: first, “a set of numbers”, and then after a space, “site name”, added in order, for example, to disable advertising in Skype, or block access to a site.
If you yourself have not added anything to the hosts file, and do not use the program mentioned in this article (Unchecky), then you can safely remove incomprehensible entries from the hosts file.
Why do they change the hosts file?
The hosts file is modified in order to block access to a certain resource on the Internet, or in order to redirect the user to another site.
Typically, malicious code is initially executed after running a program downloaded from the Internet. At this point, changes are automatically made to the properties of the browser shortcut, and quite often additional lines are added to the hosts file.
To block a site (for example, the VKontakte site), lines of this type are entered:
127.0.0.1 vk.com
For some sites, two versions of the site name may be entered with “www” or without this abbreviation.
You yourself can block unwanted sites on your computer by adding a similar entry to the host file:
127.0.0.1 site_name
In this entry, the IP address (127.0.0.1) is the network address of your computer. Next comes the name of the site that you need to block (for example, pikabu.ru).
As a result, after entering the site name, you will see a blank page from your computer, although the name of this web page will be written in the address bar of the browser. This site will be blocked on your computer.
When using redirection, after entering the name of the desired site, a completely different site will be opened in the user’s browser, usually this is a web page with advertising, or a fake page of a popular resource.
To redirect to another site, entries of the following type are added to the host file:
157.15.215.69 site_name
First there is a set of numbers - the IP address (I wrote random numbers here as an example), and then, after a space, the name of the site will be written in Latin letters, for example, vk.com or ok.ru.
The way this method works is something like this: bad people deliberately create a fake (fake) website with a dedicated IP address (otherwise this method will not work). Next, an infected application gets onto the user’s computer, and after launching it, changes are made to the hosts file.
As a result, when a user types the name of a popular site in the address bar of the browser, instead of the desired site, he is redirected to a completely different site. This could be a fake social network page that is designed to steal user personal data, or a site with intrusive advertising. Very often, from such a fake site, there are redirects (redirections) to many other specially created pages with advertising.
How to edit the hosts file
You can change the contents of the host file yourself by editing it using a text editor. One of the easiest ways to be able to change a file is to open the hosts file in Notepad, opening the program as administrator.
To do this, create a shortcut for the Notepad utility on the Desktop, or launch the application in standard programs that are located in the Start menu. To run, first click on the program shortcut with the right mouse button, and then select “Run as administrator” from the context menu. After this, the Notepad text editor window will open.
C:\Windows\System32\drivers\etc
After opening the "etc" folder, you will not see the "hosts" file, since Explorer will be selected to display text files. Select the All Files setting. After this, the hosts file will be displayed in this folder. You can now open the hosts file in Notepad to edit it.
After editing is complete, changes to the hosts file. Please note that the file type when saving should be “All files”.
Conclusions of the article
If the malicious program has changed the entries in the hosts file, you can replace the modified file with a standard one, or edit the contents of this file, removing unnecessary entries from there.
How to change the hosts file (video)
Hello everyone The topic of today's conversation is the hosts file, I will briefly tell you why it is needed and what should be inside it. This means that this file is an important part of almost any Windows, it is present in both Windows XP and Windows 10, and in others too. It seems to exist even in Windows 2000. I personally have known this file for a long time, but I haven’t touched it for a long time, because there are no viruses, and there’s no need to touch it either
By the way, it is not only available in Windows, but also on Android, even on Symbian! Symbian is an operating system for smartphones that was previously very popular, but is no longer being developed. So what is this file for? This file contains a manual comparison of the network address and domain name. Yes, probably nothing is clear, I agree. Look, you are typing a website, let it be google.com, what next? Then you press enter and you will be taken to the Google search engine. But in reality, everything happens a little differently: you type the address, then the computer uses some network service to contact the DNS server and it reports which network address belongs to the domain name google.com, when the address is received, your computer connects to it and requests data. ROUGHLY SPEAKING something like this... The whole point is that google.com is the name of the site and it was invented primarily for our convenience. The site itself has its own IP address, which is tied to the site name. To match a site's domain name and its IP address, you need a DNS server, which is usually assigned automatically. If you need to manually match the site name and network address, then the hosts file is exactly what you need. Well, is it more or less clear? I really hope so!
Once again, that is, the site consists of two parts: a name, so that it is convenient for us to remember the name of the site, and an IP address, so that we can determine on which server the site is located. Something like this.
Well, now about why there is a lot of hype around the hosts file. The fact is that viruses can write their own malware there, for example they will write their IP address for the same Google. That is, they will indicate their IP address and register the site google.com, as a result, you type the address google.com in your browser and are redirected to the viral IP address! Websites are often faked this way. For example, you need to go to a social network, you type in the address, end up on a fake site, enter your username and password, and they immediately become available to a hacker.. Do you understand the point?
You can briefly answer the question of what should be in the hosts file like this: by default there is nothing there. Literally. There can only be comments and that's it.
So. Now I’ll show you what I personally have in my hosts file, and I’ll also tell you how to clear it, so that you all know this. You can only work with the hosts file if you open it with administrator rights, let me show you how to do this. This means once again, in order to change something in the hosts file, in order to delete data from it, then for this you need to open it ONLY WITH ADMIN RIGHTS! Here's how to do it, open the task manager:
Now at the very top, there will be a File, so click there, then a menu will come out, there select the New task item:
C:\Windows\System32\drivers\etc\hosts
And then the hosts file will open, I have it clean, that is, it has not been touched at all, so I installed Windows, and it remained like this:
He has nothing at all, no records. But you might think, hey, dear, but is it full of some kind of records? That's right, but the trick here is that everything that starts with a hash sign is all comments and they only play the role of comments and nothing more! That is, if you delete all this, then nothing will happen, the computer will continue to function as before. But remember I wrote that it is important to open this file with admin rights? Well, if you don’t open it with these rights, then you won’t be able to delete anything from this file. To clear the hosts file, just look, right-click on an empty space, select Select all:
Everything will disappear. And now the most important thing, go to the File menu and click on Save:
So I clicked on Save and nothing happened. So there are no errors. If the hosts file is opened without admin rights, there will be an error That's it, you've deleted everything, there's nothing here. In most cases, the computer will continue to work normally. VERY RARELY there may be entries in the hosts file that were made by something other than malware. Well, so to speak, the necessary records, I’ve never had a situation where some program wrote data there. And once again, I deleted everything that was there, saved it, and closed the file. But I just did this as an example, I still only had comments here. You might have something like this:
This is already strange! What is written here? Here's what: all the sites you see are assigned a network address in the form 127.0.0.1, but this address is your computer. And of course, there are no sites hanging out on your computer. This means the site will simply NOT WORK. Thus, all the sites that are registered here, they will all NOT WORK, because they are assigned a network address where there is NOTHING. To clear this file, as above in the picture, you need to either delete all lines that do NOT start with a hash sign, or select everything and delete everything completely. In general, I think you understand everything here
And yet, by default the hosts file contains ONLY comments. In principle, I already wrote all this...
Gentlemen, let's wrap this up, I hope that this information was useful for you. Good luck
19.04.2017
