Hosts- a text file responsible for blocking, redirecting and generally accessing certain Internet sites.

It is through HOSTS that scammers block access to certain sites and portals. They often redirect you to other pseudo pages (supposedly Odnoklassniki or VKontakte), where they ask you to first enter your username and password, and then an SMS. As a result, scammers have your account information plus money for SMS. Check your computer for viruses and .

Where can I find the Hosts file?

The hosts file is located at:
system drive (most often C:) / windows / system32 / drivers / etc / hosts
Also in this folder you will find files such as: lmhosts, networks, protocol, services - their presence is normal.

The hosts file has disappeared, what should I do, where should I look?

He hasn't disappeared anywhere. Most likely it is simply hidden and in order to see it, you need to enable it in the settings. To do this, click Start - Control Panel - Folder Settings - View - at the very bottom, check the box “show hidden files, folders and drives” and click Apply. Now we are looking for the file there.

What should the Hosts file look like?

Same as in the picture, maybe in English. If there are additional redirects below 127.0.0.1 localhost, remove everything. Here

The hosts file in Windows 7, as well as in other operating systems of the Microsoft family, is designed to assign correspondence between the domain name of a certain resource and its IP address. This file is a system file, so the request goes through it before the provider’s DNS servers. Entries in hosts can be edited by a user with PC administrator rights.

Why might a system file be changed?

A huge number of viruses consider hosts to be a “tidbit” and use it to manage denials of access to popular Internet sites. In addition, by replacing the correspondence between domains and addresses, virus programs are directed to fake pages, blocking access to real ones.

Using redirect, attackers achieve the following goals:

1. Harmless joke. Used to make fun of a friend and block access;
2. Increasing the popularity of the site. When the search string for a well-known service appears on an unknown page, almost no one notices;
3. Virus infection. One malicious program, having penetrated and changed the hosts file, directs it to infected sites through which other viruses are distributed;
4. In order to block popular resources and extort money for visiting them through pop-up messages and advertising;
5. Hacking of users. The most common goal of scammers is to obtain your information from social networking accounts and email servers. This is done through special sites that are externally identical to the originals and with very similar addresses;
6. In order to block anti-virus servers in order to deny programs access to updates.

To restore the broken functionality of sites, you need to clear the hosts of unnecessary records.

Where to look for it?

Many users cannot understand where the hosts file is located. So, initially it has the following path: . However, with the help of special programs, this path can be changed in order to increase protection against malware.

In order to see this file, you must be a system administrator, otherwise it will be blocked. This condition is also necessary in order to edit it. There are several ways to get to the content:

1. In the Start menu search bar, enter the path: %systemroot%\system32\drivers\etc;
2. Open any folder, click on the address bar and change it to: C:\Windows\System32\drivers\etc and you will be taken to the directory where the hosts file is located;
3. Call up the search window using the “F3” key and find the hosts file.

How to open and edit it?

Finding a file is not as big a problem as changing hosts. The fact is that it does not have an extension, which means it is not tied to a specific program either. You won't be able to open it by simply pressing a button.

There are several ways to open:

1. Set the extension manually. To do this, select the hosts file and press the “F2” button on the keyboard. After this, you can change the name and extension, provided that this is not prohibited by the system settings;
2. Opening it as a regular file, select the Notepad program from the list of suggested ones.

In the first method, it is worth considering that you need to use the .txt extension before changing the hosts file and remove the extension after editing the list of sites.

What needs to be changed and how it should be?

To make changes correctly, you need to know what the default hosts file should look like and what should be in it. If you are tired of being denied access to your favorite sites after being damaged by viruses, you can leave it completely clean, that is, erase all its contents or create a new one, and delete or rename the old one.

If you carefully examine all the contents, hosts will seem empty. In fact, not a single important and critical line can be found there, and all the posts and sites that are there are commented out with a “#” sign. This means an explanation or example, but not an actual task.

If you really want, you can bring the file into line with the image below.

If there is a need to restore hosts due to the fact that changes have been made to it, or it is not possible to edit it manually due to damage to the Notepad program, you can use a backup copy of the file. It is created along with a system restore point. To do this you need:

This method will only work if the recovery service is enabled on your system and periodically creates points, for example, in the case of driver installation or windows update.

Result:

If you notice strange behavior of your favorite sites, for example, changing the location of frames or not responding to entering your login and password, or constantly see a message about access denied, then your computer is infected with viruses, and you are being redirected to identical pages, blocking the real ones. First of all, try cleaning your PC, and then feel free to start editing and restoring the corrupted system file.

Don't worry about damaging it, there's nothing in it by default that can't be cleaned. However, if you or the system administrator made changes there, carefully monitor the parameters being changed. Remember to create your own copy of the file before you start editing the original (you can save it in a different folder or with a different extension).

What kind of file is this - hosts?!

hosts file is a special text file in Windows 7 and Windows 8 that contains a database of domain names and IP addresses for matching them. This file takes precedence over requests to DNS servers. Therefore it is hosts file Viruses love to write false data there to redirect them to sites infected with a virus.

Where is the hosts file located?

On 32-bit operating systems Windows 7 x32 And Windows 8 x32 hosts file is in the catalog %systemroot%\system32\drivers\etc. Those., if Windows 7 or Windows 8 is installed on the local drive C:\, then the path will be like this:
C:\Windows\system32\drivers\etc
In the 64-bit operating systems Windows 7 x64 and Windows 8 x64, the hosts file is located in the . . That is, if Windows 7 or Windows 8 are installed on the local drive C:\, then the path will be like this:
C:\Windows\ \SysWOW64\drivers\etc

How to restore the Hosts file.

Method 1. Restore the hosts file automatically.

Due to frequent complaints about hosts file infection, Microsoft has made a special patch - fix - the installation of which restores the hosts file to its original form . You just need to download the patch from here - link, install and restart your computer.

Method 2: Restoring the hosts file manually.

To restore hosts file manually, you need to follow a few simple steps.

1) Press the key combination Win+R, and in the line Open write the path:
%systemroot%\system32\drivers\etc
Press the button OK.
In the case of a 64-bit system, write the path:
%systemroot%\SysWOW64\drivers\etc.
2) Click on the file hosts right-click and select the Rename menu item. Let's rename the file to hosts.old.
3) Now you need to create a new file hosts default. To do this, right-click on an empty space in the same folder and select Create >>> Text Document. Enter the file name - hosts and press the Enter key ↵.
In this case, when asked that the file name will not have a TXT extension, click the button Yes .
4) Open a new file hosts in the text editor Notepad and copy this text there:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

5) Save and close hosts file. Reboot the computer.

Using the Windows hosts file to prevent your computer from connecting to unwanted web addresses is a very old practice that is still used to improve security or block specific sites and cookies from third-party sites. Experienced users have been familiar with this file for a long time and have used it in practice more than once. But, if you are hearing about this for the first time, then this article will help you understand how to use the hosts file correctly.

Where is the Windows 7 hosts file and why is it needed?

First of all, the hosts file is a regular text file that does not have an extension and allows you to compare IP addresses and URL addresses of websites (addresses will be discussed a little later). This means that to edit it you just need to use any text editor, including Windows Notepad. The second thing to know is that the hosts file can be used not only by you to block or redirect sites, but also by malware, for example, to redirect you from your favorite websites to malicious sites to steal your personal data. This means that most antivirus programs monitor for changes in this file. And with any changes they can issue appropriate messages. The third thing you need to know is that the hosts file is a system file and you will need administrator rights to edit it. This means that to correct it, you need to open a text editor as administrator.

The Windows 7 hosts file is located at:

• %windir%\system32\drivers\etc\hosts
  • Typically, %windir% is "C:\Windows", but you can also use %windir%.

Open a text editor with administrator rights and then open the hosts file from the above path. A file should open in front of you, as shown in the picture:

Note: The file is opened in Notepad++, but, as already mentioned, you can do this using Windows Notepad

The file is filled out based on three basic rules

1. All comments begin with the # symbol (hash) For example
   • # This is a line comment
2. Each mapping between an IP address and a URL page is indicated on a separate line and there must be space between them (space, tab)
   • 127.0.0.1 localhost
   • (127.0.0.1 is the address of your computer)
3. The order is exactly as shown:
   • First the IP address and then the Url address

Taking into account the above rules, it is clear that by default the hosts file for your computer (IP address 127.0.0.1) is assigned the name localhost, which can be used not only by browsers, but also by any program.

Note: As a fact, you can also match non-existing Url addresses with the IP addresses you need, but keep in mind that they will only be correct on your computer.

Let's move from theory to practice.

Using the Windows 7 hosts file to block and redirect sites?

First of all, open the Windows hosts file with administrative rights as shown above. And try adding two examples at the end of the file (one for blocking, one for redirection)

# The next line will block any attempts to open a malicious website # called virus-attack-stole-your-data.ru 127.0.0.1 virus-attack-stole-your-data.ru # The next line will redirect the opening of a website # called mysite.data.info to IP address 10.10.10.10 10.10.10.10 mysite.data.info

In the first case, any attempt to open a malicious site called “virus-attack-stole-your-data.ru” will result in the browser or any other program trying to open the site on your computer (127.0.0.1). If there is none, then, for example, the browser will show you a message about the site being unavailable. This is a convenient and often one of the fastest ways to block any website in Windows.

In the second case, any attempt to access the URL "mysite.data.info" will result in the browser or any other program opening the site at 10.10.10.10. As in the first case, if such an address does not exist, an error will be generated. This method is especially convenient in cases where you want to use convenient names instead of numbers to access a site on a computer. You can also use your own abbreviations to refer to sites that have their own dedicated IP, such as most large projects.

Note: In addition to the fact that the specified Url addresses can be used to open sites, you can also use addressing through ports. For example, a request to the address "mysite.data.info:8080" will be redirected to "10.10.10.10:8080", which is especially convenient when you have computers on your local network that have an IP address (servers, storage, etc.) .d.), but do not have a beautiful Url address.

Note: We remind you that all configured Url addresses can be used in any programs on your computer. However, you must remember that such settings will only be correct on your computer.

There is one more question that may interest you, namely, when will the settings take effect? By default, the application time will depend on the current Windows settings and the presence of a DNS cache. However, there is an easy way to clear the cache to apply the hosts file settings.

Note: For more information about dns, read the review DNS Device.

How to reset the DNS cache in Windows 7 to apply the settings in the hosts file?

As already mentioned, in order for the Windows 7 hosts file settings to be applied, you must either wait until Windows updates the dns cache, or reset it manually. And here's how you can do it:

1. Close all programs that use Internet connections, including browsers.
   • Footnote: If you only need access through browsers, then close them. Other programs will pick up the settings later.
2. Enter the following command:
   • ipconfig /flushdns
3. Press enter and wait until the phrase appears
   • DNS resolver cache cleared successfully

In most cases, this will be enough to update the DNS cache.

Note: If for some reason the cache has not been updated, then restart your computer. If this does not help, then you need to start searching for the cause with the program that did not pick up the settings. For example, browsers also have their own DNS cache and sometimes may not immediately pick up the settings, although this should not happen.

As you can see, there is nothing complicated about using the hosts file.

Now, you know how to use the Windows hosts file for security purposes to block and redirect sites.

• RKill is a free program to clean an infected computer from malware

Technical Tips

The hosts file is a rather vulnerable place in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer.
The purpose of this file is to store a list of domains and their corresponding IP addresses. The operating system uses this list to convert domains to IP addresses and vice versa.

Every time you enter the address of the site you need into the address bar of your browser, a request is made to convert the domain to an IP address. Currently, this translation is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific IP address.
Even now, this file has a direct impact on the transformation of symbolic names. If you add an entry to the hosts file that will associate the IP address with the domain, then such an entry will work perfectly. This is exactly what developers of viruses, Trojans and other malicious programs use.

As for the file structure, the hosts file is a regular text file without an extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the regular text editor Notepad.

The standard hosts file consists of several lines that begin with the “#” character. Such lines are not taken into account by the operating system and are simply comments.

Also in the standard hosts file there is an entry “127.0.0.1 localhost”. This entry means that when you access the localhost symbolic name, you will be accessing your own computer.

Fraud with the hosts file

There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of antivirus programs.

For example, having infected a computer, the virus addsin the hosts file the following entry: “127.0.0.1 kaspersky.com”. When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is an incorrect IP address. This leads to Access to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or antivirus database updates.

In addition, virus developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.

For example, having infected a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru.” Where “90.80.70.60” is the IP address of the attacker’s server. As a result, when trying to access a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else’s server. As a result of such actions, fraudsters can obtain logins, passwords and other personal information of the user.

So, in case of any suspicion of virus infection or site substitution, the first thing you need to do is check the HOSTS file.

The malware disguises modification of the hosts file as follows:

To make it difficult to detect lines added by a virus, they are written to the end of the file

After a large empty area formed as a result of repeated line feeds;

After this, the original hosts file is assigned the Hidden attribute (by default, hidden files and folders are not visible);

A false hosts file is created, which, unlike the real hosts file (which has no extension), has the extension .txt (by default, extensions are not displayed for registered file types):

Where is the hosts file located?

Depending on the version of the Windows operating system, the hosts file may be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, then the file is located in the folderWINDOWS\system32\drivers\etc\

In the Windows NT and Windows 2000 operating systems, this file is located in the folder WINNT\system32\drivers\etc\

Editing the hosts file

You can edit the file hosts and in Notepad, delete unnecessary lines, or add your own.
In order to edit the hosts file, you need to launch Notepad in Administrator mode, and then open the file C:\Windows\System32\drivers\etc\hosts in it.

How to clean the hosts file

So, point by point.

Click "Start".

Choose "All programs".

Then select the item "Standard".

On "Notepad" click right click the mouse and select the item "Run as administrator."

In the notepad window that opens, select the File menu, then "Open..."

In the window that opens, select “Computer” on the left side of the window.

Then open the disk WITH:.

Windows directory.

System32 directory.

Drivers directory.

Catalog etc.

When you open the etc directory, you will see an empty directory. In the lower right corner of the window, select "All files".

Select the hosts file and click the button "Open".

Check for the necessary content: at the beginning there are explanatory comments from Microsoft about what this file is and how to use it. Then there are several examples of how to enter various commands. All this is just plain text and does not carry any functions! We skip it and reach the end. Next should come the teams themselves. Unlike comments (i.e. plain text), they must begin not from the "#" sign, and from specific numbers, indicating the IP address.

Any commands in your hosts file after the following lines can be malicious:

• On Windows XP: 127.0.0.1 localhost
• On Windows Vista: ::1 localhost
• On Windows 7/8: # ::1 localhost

As you can see, host files are slightly different in different operating systems.

In order not to clean up anything unnecessary, you need to know how the commands are deciphered. There is nothing complicated here. At the beginning of each command there is digital ip address, then (separated by a space) the letter associated with it Domain name, and after it there may be a small a comment after the "#" sign.

Remember! All commands starting from numbers 127.0.0.1(with the exception of, 127.0.0.1 localhos t) block access to various sites and Internet services. Which ones exactly, look in the next column following these numbers.
Teams having at the beginning any other numbers ip addresses, redirect(redirect) to fraudulent sites instead of official ones. Which sites have been replaced with fraudulent ones, also look in each column following these numbers.
Thus, it will not be difficult to guess which commands in your hosts file are malicious! If something is still not clear, look at the screenshot below.

Please keep this point in mind. Many virus commands can be hidden far at the very bottom of the file by cunning Internet attackers, so take the time to scroll the slider all the way down!

After you do the cleanup, don't forget to save all changes ( "File" --> "Save"). If you opened the hosts file from the Notepad program itself, when saving changes, in the column "File type" be sure to select an option "All files", otherwise notepad, instead of saving in the hosts file, will only make it text copy of hosts.txt, which is not a system file and does not perform any functions!

After a successful save, do not forget to restart your computer.

How to block sites in hosts

So, the hosts file is already open and you see that it is built in the form of a regular text document.

At the beginning you will see comments (plain text that does not provide any functionality) starting with the symbol "#" . They may be followed by some functional commands prescribed by the system.

But we don't need them. We skip them and get to the very end of the document. Let's make a retreat. And now, here, we can already write the commands we need!

When finished working with the file, open the File menu, select "Save".

To understand how to correctly enter commands for blocking web resources, you need to know that each PC has its own so-called. loopback address, which sends any request back to itself. For any computer running Windows, Linux or Mac, this address is always the same - 127.0.0.1 . Now, with the help of just this IP address, you can block any request to an unwanted site so that it is sent not to the requested resource, but to brotherly to the local computer.

This command in hosts is written as follows: " 127.0.0.1 domain name to block "Here are real examples: 127.0.0.1 mega-porno.ru, 127.0.0.1 odnoklassniki.ru, 127.0.0.1 vk.com etc.

That's all. Now access to all unwanted sites is securely blocked. The main thing is to resave the hosts file after making changes! See detailed instructions above.

Restoring the hosts file after a virus infection

As already mentioned, today a large number of malware use the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking sites, malware redirects the user to pages that look similar to popular resources (social networks, email services, etc.), where an inattentive user enters credentials, which thus get to the attackers.
If the file contains entries like 127.0.0.1 odnoklassniki.ru 127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for “malware”, and then restore the file hosts

Many users who have been hacked are interested in where they can download the hosts file. However, there is no need to search for and download the original hosts file. You can fix it yourself; to do this, you need to open it with a text editor and delete everything except the line except “127.0.0.1 localhost”. This will allow you to unblock access to all sites and update your antivirus.

Let's take a closer look at the process of restoring the hosts file:

1. Open the folder in which this file is located. In order not to wander through directories for a long time in search of the desired folder, you can use a little trick. Press the key combination Windows+R to open the menu "Run". In the window that opens, enter the command "%systemroot%\system32\drivers\etc"and click OK.

2. After this, a folder will open in front of you in which the hosts file is located.

3. Next, you need to make a backup copy of the current file. In case something goes wrong. If the hosts file exists, then simply rename it to hosts.old. If the hosts file is not in this folder at all, then you can skip this item.

4.Create a new empty hosts file. To do this, right-click in the etc folder and select"Create a text document"

5. When the file is created, it must be renamed to hosts. When renaming, a window will appear with a warning that the file will be saved without an extension. Close the warning window by clicking OK.

6. Once the new hosts file has been created, it can be edited. To do this, open the file using Notepad.

7. Depending on the version of the operating system, the contents of the standard hosts file may differ.

This is what all, without exception, “clean” hosts files should look like.

Note!

• For Windows XP and Windows Server 2003 you need to add "127.0.0.1 localhost"

• Windows Vista, Windows Server 2008, Windows 7 and Windows 8 you need to add two lines: "127.0.0.1 localhost" and "::1 localhost"

If you ever find missing or, conversely, unnecessary entries in such a file, it is better to delete them quickly. Especially if they were not made by you or without your consent. Most likely, this is the result of viruses!

Restoring the default hosts file in Windows 7: Copy the text below into a file.

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Save and close the file.